KJamal99

Google search results - REDIRECTING

17 posts in this topic

I am having a problem where when I use Google to perform a web search, I get redirected to a page that has nothing to do with what I searched or what I clicked. At this point, the problem seems sporadic and began this week. For example, I earlier searched the name of a friend who moved back to her country after college. Clicking on any of the search results, redirected me to the same AD page - and I'm talking about results that should have opened LinkedIn, Pipl, MySpace, etc. Now, after a few BLUE SCREEN forced restarts resulting from two attempts to run GMER, I CAN click the links in the search results and end up on the correct pages. This happened yesterday as well. So I could not create the requested "ark.txt" file, since GMER will not run. But everything else is below/attached

* MBAM log

* DDS.txt

* Attach.zip (contains Attach.txt, the other file resulting from the DDS tool)

* no ark.txt - GMER will not run. Created a separate thread for that issue here ---> http://forums.malwarebytes.org/index.php?showtopic=87932

****************************************************************************

Here the Malewarebytes log from today. Doesn't look like it found anything.

****************************************************************************

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6919

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

6/22/2011 11:36:01 AM

mbam-log-2011-06-22 (11-36-01).txt

Scan type: Quick scan

Objects scanned: 198863

Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

***********************END***********************************

*************************************************************

Here is the content of my DDS.txt - I apologize, it is VERY long...

*************************************************************

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26

Run by Kris at 14:42:12 on 2011-06-22

Microsoft

Share this post


Link to post
Share on other sites

continued from above post...

S2 MSK80Service32323232;McAfee Anti-Spam Service ;c:\programdata\cmipnpinstall32.exe --> c:\programdata\cmipnpinstall32.exe [?]

S2 MSK80Service3232323232;McAfee Anti-Spam Service ;c:\programdata\msmpeg2adec32.exe --> c:\programdata\MSMPEG2ADEC32.exe [?]

S2 napagent32;Network Access Protection Agent ;c:\programdata\mcmde32.exe --> c:\programdata\mcmde32.exe [?]

S2 napagent323232;Network Access Protection Agent ;c:\programdata\wucltux32.exe --> c:\programdata\wucltux32.exe [?]

S2 napagent32323232323232323232323232;Network Access Protection Agent ;c:\programdata\pla32.exe --> c:\programdata\pla32.exe [?]

S2 napagent32323232323232323232323232323232;Network Access Protection Agent ;c:\programdata\synccenter32.exe --> c:\programdata\SyncCenter32.exe [?]

S2 Netlogon32;Netlogon ;c:\programdata\dimsjob32.exe --> c:\programdata\dimsjob32.exe [?]

S2 Netlogon3232;Netlogon ;c:\programdata\van32.exe --> c:\programdata\VAN32.exe [?]

S2 Netlogon323232;Netlogon ;c:\programdata\rdpdd32.exe --> c:\programdata\rdpdd32.exe [?]

S2 Netlogon32323232;Netlogon ;c:\programdata\oemdspif32.exe --> c:\programdata\oemdspif32.exe [?]

S2 Netlogon323232323232;Netlogon ;c:\programdata\lzexpand32.exe --> c:\programdata\lzexpand32.exe [?]

S2 Netlogon32323232323232;Netlogon ;c:\programdata\devenum32.exe --> c:\programdata\devenum32.exe [?]

S2 Netlogon3232323232323232;Netlogon ;c:\programdata\csrsrv32.exe --> c:\programdata\csrsrv32.exe [?]

S2 Netman32;Network Connections ;c:\programdata\oleaccrc32.exe --> c:\programdata\oleaccrc32.exe [?]

S2 Netman323232;Network Connections ;c:\programdata\winhttp32.exe --> c:\programdata\winhttp32.exe [?]

S2 netprofm3232323232;Network List Service ;c:\programdata\kbdheb32.exe --> c:\programdata\KBDHEB32.exe [?]

S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\programdata\oleaccrc32.exe --> c:\programdata\oleaccrc32.exe [?]

S2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;c:\programdata\tdh32.exe --> c:\programdata\tdh32.exe [?]

S2 NetTcpPortSharing323232;Net.Tcp Port Sharing Service ;c:\programdata\pshed32.exe --> c:\programdata\PSHED32.exe [?]

S2 NlaSvc3232323232;Network Location Awareness ;c:\programdata\ir50_3232.exe --> c:\programdata\ir50_3232.exe [?]

S2 NlaSvc323232323232;Network Location Awareness ;c:\programdata\activecontentwizard32.exe --> c:\programdata\ActiveContentWizard32.exe [?]

S2 nsi32;Network Store Interface Service ;c:\programdata\rapi32.exe --> c:\programdata\rapi32.exe [?]

S2 nsi3232;Network Store Interface Service ;c:\programdata\davclnt32.exe --> c:\programdata\davclnt32.exe [?]

S2 nsi32323232323232323232;Network Store Interface Service ;c:\programdata\winsockhc32.exe --> c:\programdata\winsockhc32.exe [?]

S2 p2pimsvc32;Peer Networking Identity Manager ;c:\programdata\ieframe32.exe --> c:\programdata\ieframe32.exe [?]

S2 p2pimsvc3232;Peer Networking Identity Manager ;c:\programdata\hnetmon32.exe --> c:\programdata\hnetmon32.exe [?]

S2 p2pimsvc323232;Peer Networking Identity Manager ;c:\programdata\pndx501632.exe --> c:\programdata\pndx501632.exe [?]

S2 p2pimsvc32323232;Peer Networking Identity Manager ;c:\programdata\avicap3232.exe --> c:\programdata\avicap3232.exe [?]

S2 p2psvc3232323232;Peer Networking Grouping ;c:\programdata\wsmsvc32.exe --> c:\programdata\WsmSvc32.exe [?]

S2 PcaSvc32;Program Compatibility Assistant Service ;c:\programdata\dot3msm32.exe --> c:\programdata\dot3msm32.exe [?]

S2 PcaSvc3232;Program Compatibility Assistant Service ;c:\programdata\pautoenr32.exe --> c:\programdata\pautoenr32.exe [?]

S2 PcaSvc323232;Program Compatibility Assistant Service ;c:\programdata\msmpeg2vdec32.exe --> c:\programdata\MSMPEG2VDEC32.exe [?]

S2 PcaSvc323232323232;Program Compatibility Assistant Service ;c:\programdata\kbdmonmo32.exe --> c:\programdata\KBDMONMO32.exe [?]

S2 pla32;Performance Logs & Alerts ;c:\programdata\deskadp32.exe --> c:\programdata\deskadp32.exe [?]

S2 pla3232;Performance Logs & Alerts ;c:\programdata\nlsdata081a32.exe --> c:\programdata\NlsData081a32.exe [?]

S2 pla32323232;Performance Logs & Alerts ;c:\programdata\kbdinuk232.exe --> c:\programdata\KBDINUK232.exe [?]

S2 pla3232323232;Performance Logs & Alerts ;c:\programdata\kbdtajik32.exe --> c:\programdata\KBDTAJIK32.exe [?]

S2 pla32323232323232;Performance Logs & Alerts ;c:\programdata\kbdinori32.exe --> c:\programdata\KBDINORI32.exe [?]

S2 PlugPlay32;Plug and Play ;c:\programdata\rasgcw32.exe --> c:\programdata\rasgcw32.exe [?]

S2 PlugPlay3232;Plug and Play ;c:\programdata\urlmon32.exe --> c:\programdata\urlmon32.exe [?]

S2 PlugPlay323232;Plug and Play ;c:\programdata\wiaaut32.exe --> c:\programdata\wiaaut32.exe [?]

S2 PlugPlay32323232;Plug and Play ;c:\programdata\xolehlp32.exe --> c:\programdata\xolehlp32.exe [?]

S2 PlugPlay3232323232;Plug and Play ;c:\programdata\kbdnecnt32.exe --> c:\programdata\kbdnecnt32.exe [?]

S2 PNRPAutoReg32;PNRP Machine Name Publication Service ;c:\programdata\kbdsyr132.exe --> c:\programdata\KBDSYR132.exe [?]

S2 PNRPAutoReg323232;PNRP Machine Name Publication Service ;c:\programdata\srrstr32.exe --> c:\programdata\srrstr32.exe [?]

S2 PNRPAutoReg3232323232;PNRP Machine Name Publication Service ;c:\programdata\wmdrmsdk32.exe --> c:\programdata\wmdrmsdk32.exe [?]

S2 PNRPsvc32;Peer Name Resolution Protocol ;c:\programdata\snmpapi32.exe --> c:\programdata\snmpapi32.exe [?]

S2 PNRPsvc3232;Peer Name Resolution Protocol ;c:\programdata\amxread32.exe --> c:\programdata\amxread32.exe [?]

S2 PNRPsvc323232;Peer Name Resolution Protocol ;c:\programdata\nlslexicons002232.exe --> c:\programdata\NlsLexicons002232.exe [?]

S2 PNRPsvc32323232;Peer Name Resolution Protocol ;c:\programdata\wuaueng32.exe --> c:\programdata\wuaueng32.exe [?]

S2 PNRPsvc3232323232;Peer Name Resolution Protocol ;c:\programdata\dpnlobby32.exe --> c:\programdata\dpnlobby32.exe [?]

S2 PNRPsvc323232323232;Peer Name Resolution Protocol ;c:\programdata\perfos32.exe --> c:\programdata\perfos32.exe [?]

S2 PNRPsvc32323232323232;Peer Name Resolution Protocol ;c:\programdata\kbdmacst32.exe --> c:\programdata\KBDMACST32.exe [?]

S2 PolicyAgent32;IPsec Policy Agent ;c:\programdata\browser32.exe --> c:\programdata\browser32.exe [?]

S2 PolicyAgent3232;IPsec Policy Agent ;c:\programdata\nlhtml32.exe --> c:\programdata\nlhtml32.exe [?]

S2 PolicyAgent3232323232323232;IPsec Policy Agent ;c:\programdata\d3d932.exe --> c:\programdata\d3d932.exe [?]

S2 ProfSvc32;User Profile Service ;c:\programdata\wscntfy32.exe --> c:\programdata\wscntfy32.exe [?]

S2 ProfSvc3232;User Profile Service ;c:\programdata\wudfplatform32.exe --> c:\programdata\WUDFPlatform32.exe [?]

S2 ProfSvc323232;User Profile Service ;c:\programdata\riched2032.exe --> c:\programdata\riched2032.exe [?]

S2 ProfSvc323232323232;User Profile Service ;c:\programdata\winipsec32.exe --> c:\programdata\winipsec32.exe [?]

S2 ProfSvc32323232323232;User Profile Service ;c:\programdata\rtcres32.exe --> c:\programdata\RTCRES32.exe [?]

S2 ProfSvc3232323232323232;User Profile Service ;c:\programdata\iepeers32.exe --> c:\programdata\iepeers32.exe [?]

S2 ProfSvc323232323232323232323232;User Profile Service ;c:\programdata\msdadiag32.exe --> c:\programdata\msdadiag32.exe [?]

S2 ProfSvc32323232323232323232323232;User Profile Service ;c:\programdata\dxmasf32.exe --> c:\programdata\dxmasf32.exe [?]

S2 ProfSvc3232323232323232323232323232;User Profile Service ;c:\programdata\xpsshhdr32.exe --> c:\programdata\XPSSHHDR32.exe [?]

S2 ProfSvc323232323232323232323232323232;User Profile Service ;c:\programdata\wiatrace32.exe --> c:\programdata\wiatrace32.exe [?]

S2 QWAVE3232323232;Quality Windows Audio Video Experience ;c:\programdata\tquery32.exe --> c:\programdata\tquery32.exe [?]

S2 QWAVE323232323232;Quality Windows Audio Video Experience ;c:\programdata\bitsprx332.exe --> c:\programdata\bitsprx332.exe [?]

S2 QWAVE32323232323232;Quality Windows Audio Video Experience ;c:\programdata\uci32m2232.exe --> c:\programdata\UCI32M2232.exe [?]

S2 QWAVE3232323232323232;Quality Windows Audio Video Experience ;c:\programdata\shellvrtf32.exe --> c:\programdata\ShellvRTF32.exe [?]

S2 QWAVE323232323232323232;Quality Windows Audio Video Experience ;c:\programdata\authfwsnapin32.exe --> c:\programdata\AuthFWSnapin32.exe [?]

S2 QWAVE32323232323232323232;Quality Windows Audio Video Experience ;c:\programdata\ufat32.exe --> c:\programdata\ufat32.exe [?]

S2 RapiMgr32;Windows Mobile-based device connectivity ;c:\programdata\cdd32.exe --> c:\programdata\cdd32.exe [?]

S2 RapiMgr3232;Windows Mobile-based device connectivity ;c:\programdata\iesetup32.exe --> c:\programdata\iesetup32.exe [?]

S2 RapiMgr323232;Windows Mobile-based device connectivity ;c:\programdata\msstkprp32.exe --> c:\programdata\MSSTKPRP32.exe [?]

S2 RapiMgr32323232;Windows Mobile-based device connectivity ;c:\programdata\kbdgae32.exe --> c:\programdata\KBDGAE32.exe [?]

S2 RapiMgr3232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\crppresentation32.exe --> c:\programdata\CRPPresentation32.exe [?]

S2 RapiMgr323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\cfgmgr3232.exe --> c:\programdata\cfgmgr3232.exe [?]

S2 RapiMgr32323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\mapi3232.exe --> c:\programdata\mapi3232.exe [?]

S2 RapiMgr3232323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\mscat3232.exe --> c:\programdata\mscat3232.exe [?]

S2 RapiMgr323232323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\iertutil32.exe --> c:\programdata\iertutil32.exe [?]

S2 RapiMgr32323232323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\dpnhupnp32.exe --> c:\programdata\dpnhupnp32.exe [?]

S2 RapiMgr3232323232323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\qcap32.exe --> c:\programdata\qcap32.exe [?]

S2 RasAuto32;Remote Access Auto Connection Manager ;c:\programdata\apss32.exe --> c:\programdata\apss32.exe [?]

S2 RasAuto3232323232;Remote Access Auto Connection Manager ;c:\programdata\laprxy32.exe --> c:\programdata\LAPRXY32.exe [?]

S2 RasAuto323232323232323232;Remote Access Auto Connection Manager ;c:\programdata\framebuf32.exe --> c:\programdata\framebuf32.exe [?]

S2 RasAuto32323232323232323232;Remote Access Auto Connection Manager ;c:\programdata\tapisysprep32.exe --> c:\programdata\TapiSysprep32.exe [?]

S2 RasMan32;Remote Access Connection Manager ;c:\programdata\pmspl32.exe --> c:\programdata\pmspl32.exe [?]

S2 RasMan32323232323232;Remote Access Connection Manager ;c:\programdata\oleprn32.exe --> c:\programdata\oleprn32.exe [?]

S2 RasMan3232323232323232;Remote Access Connection Manager ;c:\programdata\inetppui32.exe --> c:\programdata\inetppui32.exe [?]

S2 RasMan323232323232323232;Remote Access Connection Manager ;c:\programdata\imapi2fs32.exe --> c:\programdata\imapi2fs32.exe [?]

S2 RasMan32323232323232323232;Remote Access Connection Manager ;c:\programdata\activeds32.exe --> c:\programdata\activeds32.exe [?]

S2 Remote UI Service3232;Intel® Remoting Service ;c:\programdata\qutil32.exe --> c:\programdata\QUTIL32.exe [?]

S2 Remote UI Service323232;Intel® Remoting Service ;c:\programdata\nlslexicons000332.exe --> c:\programdata\NlsLexicons000332.exe [?]

S2 Remote UI Service32323232323232;Intel® Remoting Service ;c:\programdata\nlsdata001b32.exe --> c:\programdata\NlsData001b32.exe [?]

S2 Remote UI Service3232323232323232;Intel® Remoting Service ;c:\programdata\rtm32.exe --> c:\programdata\rtm32.exe [?]

S2 RemoteAccess3232;Routing and Remote Access ;c:\programdata\nddeapi32.exe --> c:\programdata\nddeapi32.exe [?]

S2 RemoteAccess323232;Routing and Remote Access ;c:\programdata\auxiliarydisplaycpl32.exe --> c:\programdata\AuxiliaryDisplayCpl32.exe [?]

S2 RemoteAccess32323232;Routing and Remote Access ;c:\programdata\kbdth132.exe --> c:\programdata\KBDTH132.exe [?]

S2 RemoteRegistry32323232;Remote Registry ;c:\programdata\inetwh3232.exe --> c:\programdata\Inetwh3232.exe [?]

S2 RemoteRegistry3232323232;Remote Registry ;c:\programdata\nlslexicons001b32.exe --> c:\programdata\NlsLexicons001b32.exe [?]

S2 RoxMediaDB932;RoxMediaDB9 ;c:\programdata\qdv32.exe --> c:\programdata\qdv32.exe [?]

S2 RoxMediaDB9323232;RoxMediaDB9 ;c:\programdata\capisp32.exe --> c:\programdata\capisp32.exe [?]

S2 RoxMediaDB932323232;RoxMediaDB9 ;c:\programdata\jjaken32.exe --> c:\programdata\JJAKEn32.exe [?]

S2 RpcLocator323232;Remote Procedure Call (RPC) Locator ;c:\programdata\dhcpcsvc632.exe --> c:\programdata\dhcpcsvc632.exe [?]

S2 RpcLocator32323232;Remote Procedure Call (RPC) Locator ;c:\programdata\kbdropr32.exe --> c:\programdata\KBDROPR32.exe [?]

S2 RpcSs32;Remote Procedure Call (RPC) ;c:\programdata\rasser32.exe --> c:\programdata\rasser32.exe [?]

S2 RpcSs3232;Remote Procedure Call (RPC) ;c:\programdata\authfwwizfwk32.exe --> c:\programdata\AuthFWWizFwk32.exe [?]

S2 RpcSs323232;Remote Procedure Call (RPC) ;c:\programdata\ws2_32_shim32.exe --> c:\programdata\WS2_32_Shim32.exe [?]

S2 SamSs32;Security Accounts Manager ;c:\programdata\dpnaddr32.exe --> c:\programdata\dpnaddr32.exe [?]

S2 SamSs323232;Security Accounts Manager ;c:\programdata\eqossnap32.exe --> c:\programdata\eqossnap32.exe [?]

S2 SamSs32323232;Security Accounts Manager ;c:\programdata\bthserv32.exe --> c:\programdata\bthserv32.exe [?]

S2 SamSs323232323232323232;Security Accounts Manager ;c:\programdata\kbdgkl32.exe --> c:\programdata\KBDGKL32.exe [?]

S2 SamSs32323232323232323232;Security Accounts Manager ;c:\programdata\nlslexicons001a32.exe --> c:\programdata\NlsLexicons001a32.exe [?]

S2 SamSs3232323232323232323232;Security Accounts Manager ;c:\programdata\kbdcr32.exe --> c:\programdata\KBDCR32.exe [?]

S2 SamSs323232323232323232323232323232;Security Accounts Manager ;c:\programdata\prntvpt32.exe --> c:\programdata\prntvpt32.exe [?]

S2 SamSs32323232323232323232323232323232;Security Accounts Manager ;c:\programdata\msscntrs32.exe --> c:\programdata\msscntrs32.exe [?]

S2 SCardSvr32323232;Smart Card ;c:\programdata\ddraw32.exe --> c:\programdata\ddraw32.exe [?]

S2 SCardSvr3232323232;Smart Card ;c:\programdata\udwm32.exe --> c:\programdata\uDWM32.exe [?]

S2 SCardSvr32323232323232;Smart Card ;c:\programdata\pnpxassoc32.exe --> c:\programdata\PNPXAssoc32.exe [?]

S2 SCardSvr3232323232323232;Smart Card ;c:\programdata\mplam632.exe --> c:\programdata\mplam632.exe [?]

S2 SCardSvr323232323232323232;Smart Card ;c:\programdata\kbduk32.exe --> c:\programdata\KBDUK32.exe [?]

S2 SCardSvr32323232323232323232;Smart Card ;c:\programdata\docprop32.exe --> c:\programdata\docprop32.exe [?]

S2 SCardSvr3232323232323232323232;Smart Card ;c:\programdata\kmsvc32.exe --> c:\programdata\KMSVC32.exe [?]

S2 SCardSvr323232323232323232323232;Smart Card ;c:\programdata\wscproxystub32.exe --> c:\programdata\wscproxystub32.exe [?]

S2 SCardSvr32323232323232323232323232;Smart Card ;c:\programdata\rtpcee3232.exe --> c:\programdata\RTPCEE3232.exe [?]

S2 SCardSvr3232323232323232323232323232;Smart Card ;c:\programdata\wecapi32.exe --> c:\programdata\wecapi32.exe [?]

S2 Schedule3232;Task Scheduler ;c:\programdata\drmv2clt32.exe --> c:\programdata\drmv2clt32.exe [?]

S2 Schedule323232;Task Scheduler ;c:\programdata\psapi32.exe --> c:\programdata\psapi32.exe [?]

S2 Schedule32323232323232;Task Scheduler ;c:\programdata\rapiproxystub32.exe --> c:\programdata\rapiproxystub32.exe [?]

S2 Schedule32323232323232323232323232323232;Task Scheduler ;c:\programdata\kbdlt32.exe --> c:\programdata\KBDLT32.exe [?]

S2 Schedule32323232323232323232323232323232323232;Task Scheduler ;c:\programdata\hid32.exe --> c:\programdata\hid32.exe [?]

S2 Schedule323232323232323232323232323232323232323232;Task Scheduler ;c:\programdata\netplwiz32.exe --> c:\programdata\netplwiz32.exe [?]

S2 SCPolicySvc32;Smart Card Removal Policy ;c:\programdata\upnphost32.exe --> c:\programdata\upnphost32.exe [?]

S2 SCPolicySvc3232;Smart Card Removal Policy ;c:\programdata\crypt3232.exe --> c:\programdata\crypt3232.exe [?]

S2 SCPolicySvc323232;Smart Card Removal Policy ;c:\programdata\winrsmgr32.exe --> c:\programdata\winrsmgr32.exe [?]

S2 SCPolicySvc32323232;Smart Card Removal Policy ;c:\programdata\dispex32.exe --> c:\programdata\dispex32.exe [?]

S2 SCPolicySvc3232323232;Smart Card Removal Policy ;c:\programdata\wifeman32.exe --> c:\programdata\WIFEMAN32.exe [?]

S2 SCPolicySvc32323232323232;Smart Card Removal Policy ;c:\programdata\xwtpw3232.exe --> c:\programdata\xwtpw3232.exe [?]

S2 SCPolicySvc3232323232323232323232;Smart Card Removal Policy ;c:\programdata\cryptext32.exe --> c:\programdata\cryptext32.exe [?]

S2 SCPolicySvc323232323232323232323232;Smart Card Removal Policy ;c:\programdata\odbcint32.exe --> c:\programdata\odbcint32.exe [?]

S2 SCPolicySvc32323232323232323232323232;Smart Card Removal Policy ;c:\programdata\scecli32.exe --> c:\programdata\scecli32.exe [?]

S2 SCPolicySvc3232323232323232323232323232;Smart Card Removal Policy ;c:\programdata\msxbde4032.exe --> c:\programdata\msxbde4032.exe [?]

S2 SDRSVC32;Windows Backup ;c:\programdata\milcore32.exe --> c:\programdata\milcore32.exe [?]

S2 SDRSVC3232;Windows Backup ;c:\programdata\mprddm32.exe --> c:\programdata\mprddm32.exe [?]

S2 SDRSVC323232;Windows Backup ;c:\programdata\wshcon32.exe --> c:\programdata\wshcon32.exe [?]

S2 SDRSVC32323232;Windows Backup ;c:\programdata\cmicryptinstall32.exe --> c:\programdata\cmicryptinstall32.exe [?]

S2 SDRSVC3232323232323232323232;Windows Backup ;c:\programdata\fde32.exe --> c:\programdata\fde32.exe [?]

S2 SDRSVC323232323232323232323232;Windows Backup ;c:\programdata\keymgr32.exe --> c:\programdata\keymgr32.exe [?]

S2 SDRSVC32323232323232323232323232;Windows Backup ;c:\programdata\msvcp7132.exe --> c:\programdata\msvcp7132.exe [?]

S2 SDRSVC3232323232323232323232323232;Windows Backup ;c:\programdata\ncrypt32.exe --> c:\programdata\ncrypt32.exe [?]

S2 seclogon32;Secondary Logon ;c:\programdata\ieapfltr32.exe --> c:\programdata\ieapfltr32.exe [?]

S2 seclogon3232323232;Secondary Logon ;c:\programdata\wmpeffects32.exe --> c:\programdata\wmpeffects32.exe [?]

S2 seclogon32323232323232;Secondary Logon ;c:\programdata\sti_ci32.exe --> c:\programdata\sti_ci32.exe [?]

S2 seclogon3232323232323232;Secondary Logon ;c:\programdata\certmgr32.exe --> c:\programdata\certmgr32.exe [?]

S2 seclogon323232323232323232;Secondary Logon ;c:\programdata\whealogr32.exe --> c:\programdata\whealogr32.exe [?]

S2 seclogon3232323232323232323232;Secondary Logon ;c:\programdata\kbdtuf32.exe --> c:\programdata\KBDTUF32.exe [?]

S2 SENS32;System Event Notification Service ;c:\programdata\presentationhostproxy32.exe --> c:\programdata\PresentationHostProxy32.exe [?]

S2 SENS3232;System Event Notification Service ;c:\programdata\ncsi32.exe --> c:\programdata\ncsi32.exe [?]

S2 SENS3232323232;System Event Notification Service ;c:\programdata\loadperf32.exe --> c:\programdata\loadperf32.exe [?]

S2 SessionEnv32;Terminal Services Configuration ;c:\programdata\wmsgapi32.exe --> c:\programdata\wmsgapi32.exe [?]

S2 SessionEnv3232;Terminal Services Configuration ;c:\programdata\nlslexicons000f32.exe --> c:\programdata\NlsLexicons000f32.exe [?]

S2 SessionEnv323232;Terminal Services Configuration ;c:\programdata\rdpwsx32.exe --> c:\programdata\rdpwsx32.exe [?]

S2 SessionEnv32323232;Terminal Services Configuration ;c:\programdata\dot3svc32.exe --> c:\programdata\dot3svc32.exe [?]

S2 SessionEnv3232323232;Terminal Services Configuration ;c:\programdata\dpmodemx32.exe --> c:\programdata\dpmodemx32.exe [?]

S2 SessionEnv323232323232;Terminal Services Configuration ;c:\programdata\nsi32.exe --> c:\programdata\nsi32.exe [?]

S2 SessionEnv32323232323232;Terminal Services Configuration ;c:\programdata\pndx503232.exe --> c:\programdata\pndx503232.exe [?]

S2 SessionEnv3232323232323232;Terminal Services Configuration ;c:\programdata\tcpipcfg32.exe --> c:\programdata\tcpipcfg32.exe [?]

S2 SessionEnv323232323232323232;Terminal Services Configuration ;c:\programdata\wiascanprofiles32.exe --> c:\programdata\wiascanprofiles32.exe [?]

S2 SessionEnv32323232323232323232;Terminal Services Configuration ;c:\programdata\corpol32.exe --> c:\programdata\corpol32.exe [?]

S2 ShellHWDetection3232;Shell Hardware Detection ;c:\programdata\shacct32.exe --> c:\programdata\shacct32.exe [?]

S2 ShellHWDetection323232;Shell Hardware Detection ;c:\programdata\imm3232.exe --> c:\programdata\imm3232.exe [?]

S2 ShellHWDetection32323232;Shell Hardware Detection ;c:\programdata\resutils32.exe --> c:\programdata\resutils32.exe [?]

S2 ShellHWDetection3232323232;Shell Hardware Detection ;c:\programdata\rasmontr32.exe --> c:\programdata\rasmontr32.exe [?]

S2 slsvc32;Software Licensing ;c:\programdata\nlslexicons004932.exe --> c:\programdata\NlsLexicons004932.exe [?]

S2 slsvc3232;Software Licensing ;c:\programdata\olethk3232.exe --> c:\programdata\olethk3232.exe [?]

S2 slsvc323232;Software Licensing ;c:\programdata\dpl10032.exe --> c:\programdata\dpl10032.exe [?]

S2 slsvc32323232;Software Licensing ;c:\programdata\kbdpl32.exe --> c:\programdata\KBDPL32.exe [?]

S2 slsvc3232323232;Software Licensing ;c:\programdata\acprgwiz32.exe --> c:\programdata\acprgwiz32.exe [?]

S2 SLUINotify32;SL UI Notification Service ;c:\programdata\wiaservc32.exe --> c:\programdata\wiaservc32.exe [?]

S2 SNMPTRAP32323232323232;SNMP Trap ;c:\programdata\htui32.exe --> c:\programdata\htui32.exe [?]

S2 SNMPTRAP3232323232323232;SNMP Trap ;c:\programdata\wevtsvc32.exe --> c:\programdata\wevtsvc32.exe [?]

S2 Spooler3232;Print Spooler ;c:\programdata\shsvcs32.exe --> c:\programdata\shsvcs32.exe [?]

S2 SSDPSRV3232;SSDP Discovery ;c:\programdata\sqlsrv3232.exe --> c:\programdata\sqlsrv3232.exe [?]

S2 SSDPSRV323232;SSDP Discovery ;c:\programdata\iprtprio32.exe --> c:\programdata\iprtprio32.exe [?]

S2 SSDPSRV32323232;SSDP Discovery ;c:\programdata\chtbrkr32.exe --> c:\programdata\chtbrkr32.exe [?]

S2 SSDPSRV3232323232;SSDP Discovery ;c:\programdata\tvratings32.exe --> c:\programdata\tvratings32.exe [?]

S2 SstpSvc32;Secure Socket Tunneling Protocol Service ;c:\programdata\ias32.exe --> c:\programdata\ias32.exe [?]

S2 SstpSvc3232323232;Secure Socket Tunneling Protocol Service ;c:\programdata\vssapi32.exe --> c:\programdata\vssapi32.exe [?]

S2 stisvc32;Windows Image Acquisition (WIA) ;c:\programdata\kbdhe22032.exe --> c:\programdata\KBDHE22032.exe [?]

S2 stisvc3232;Windows Image Acquisition (WIA) ;c:\programdata\cmlua32.exe --> c:\programdata\cmlua32.exe [?]

S2 stisvc323232;Windows Image Acquisition (WIA) ;c:\programdata\nsisvc32.exe --> c:\programdata\nsisvc32.exe [?]

S2 stisvc3232323232;Windows Image Acquisition (WIA) ;c:\programdata\ig4icd3232.exe --> c:\programdata\ig4icd3232.exe [?]

S2 stisvc323232323232;Windows Image Acquisition (WIA) ;c:\programdata\wpc32.exe --> c:\programdata\Wpc32.exe [?]

S2 stisvc323232323232323232;Windows Image Acquisition (WIA) ;c:\programdata\procinst32.exe --> c:\programdata\procinst32.exe [?]

S2 stisvc32323232323232323232;Windows Image Acquisition (WIA) ;c:\programdata\kbddiv232.exe --> c:\programdata\KBDDIV232.exe [?]

S2 stisvc3232323232323232323232;Windows Image Acquisition (WIA) ;c:\programdata\mscories32.exe --> c:\programdata\mscories32.exe [?]

S2 stllssvr32;stllssvr ;c:\programdata\quartz32.exe --> c:\programdata\quartz32.exe [?]

S2 stllssvr3232;stllssvr ;c:\programdata\nlslexicons000a32.exe --> c:\programdata\NlsLexicons000a32.exe [?]

S2 stllssvr323232;stllssvr ;c:\programdata\kbd10632.exe --> c:\programdata\kbd10632.exe [?]

S2 stllssvr3232323232323232;stllssvr ;c:\programdata\olecli3232.exe --> c:\programdata\olecli3232.exe [?]

S2 stllssvr323232323232323232;stllssvr ;c:\programdata\rshx3232.exe --> c:\programdata\rshx3232.exe [?]

S2 stllssvr32323232323232323232;stllssvr ;c:\programdata\drprov32.exe --> c:\programdata\drprov32.exe [?]

S2 stllssvr323232323232323232323232;stllssvr ;c:\programdata\secproc_isv32.exe --> c:\programdata\secproc_isv32.exe [?]

S2 stllssvr32323232323232323232323232;stllssvr ;c:\programdata\portabledeviceclassextension32.exe --> c:\programdata\PortableDeviceClassExtension32.exe [?]

S2 swprv3232;Microsoft Software Shadow Copy Provider ;c:\programdata\deskmon32.exe --> c:\programdata\deskmon32.exe [?]

S2 swprv323232;Microsoft Software Shadow Copy Provider ;c:\programdata\devmgr32.exe --> c:\programdata\devmgr32.exe [?]

S2 swprv3232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\toolhelp32.exe --> c:\programdata\TOOLHELP32.exe [?]

S2 swprv323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\c_is202232.exe --> c:\programdata\C_IS202232.exe [?]

S2 swprv32323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\muifontsetup32.exe --> c:\programdata\muifontsetup32.exe [?]

S2 swprv3232323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\wsmres32.exe --> c:\programdata\WsmRes32.exe [?]

S2 swprv323232323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\drvstore32.exe --> c:\programdata\drvstore32.exe [?]

S2 swprv32323232323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\nlslexicons002032.exe --> c:\programdata\NlsLexicons002032.exe [?]

S2 SysMain32;Superfetch ;c:\programdata\ipnathlp32.exe --> c:\programdata\ipnathlp32.exe [?]

S2 SysMain323232;Superfetch ;c:\programdata\tbssvc32.exe --> c:\programdata\tbssvc32.exe [?]

S2 SysMain32323232;Superfetch ;c:\programdata\ci32.exe --> c:\programdata\ci32.exe [?]

S2 SysMain3232323232;Superfetch ;c:\programdata\photowiz32.exe --> c:\programdata\photowiz32.exe [?]

S2 SysMain3232323232323232;Superfetch ;c:\programdata\oleres32.exe --> c:\programdata\oleres32.exe [?]

S2 SysMain323232323232323232;Superfetch ;c:\programdata\wlanapi32.exe --> c:\programdata\wlanapi32.exe [?]

S2 SysMain32323232323232323232;Superfetch ;c:\programdata\nlslexicons004732.exe --> c:\programdata\NlsLexicons004732.exe [?]

S2 SysMain323232323232323232323232;Superfetch ;c:\programdata\mimefilt32.exe --> c:\programdata\mimefilt32.exe [?]

S2 TabletInputService32;Tablet PC Input Service ;c:\programdata\netprofm32.exe --> c:\programdata\netprofm32.exe [?]

S2 TabletInputService3232;Tablet PC Input Service ;c:\programdata\drmmgrtn32.exe --> c:\programdata\drmmgrtn32.exe [?]

S2 TabletInputService323232;Tablet PC Input Service ;c:\programdata\apphelp32.exe --> c:\programdata\apphelp32.exe [?]

S2 TabletInputService32323232;Tablet PC Input Service ;c:\programdata\mssign3232.exe --> c:\programdata\mssign3232.exe [?]

S2 TabletInputService323232323232;Tablet PC Input Service ;c:\programdata\nlsdata002632.exe --> c:\programdata\NlsData002632.exe [?]

S2 TabletInputService32323232323232;Tablet PC Input Service ;c:\programdata\wsmplpxy32.exe --> c:\programdata\wsmplpxy32.exe [?]

S2 TabletInputService3232323232323232;Tablet PC Input Service ;c:\programdata\rasdiag32.exe --> c:\programdata\rasdiag32.exe [?]

S2 TapiSrv32;Telephony ;c:\programdata\bootstr32.exe --> c:\programdata\bootstr32.exe [?]

S2 TapiSrv323232;Telephony ;c:\programdata\iyuv_3232.exe --> c:\programdata\iyuv_3232.exe [?]

S2 TapiSrv3232323232323232;Telephony ;c:\programdata\wshelper32.exe --> c:\programdata\wshelper32.exe [?]

S2 TapiSrv323232323232323232;Telephony ;c:\programdata\vga64k32.exe --> c:\programdata\vga64k32.exe [?]

S2 TapiSrv32323232323232323232;Telephony ;c:\programdata\nlslexicons000232.exe --> c:\programdata\NlsLexicons000232.exe [?]

S2 TBS3232;TPM Base Services ;c:\programdata\kbdintam32.exe --> c:\programdata\KBDINTAM32.exe [?]

S2 TermService32;Terminal Services ;c:\programdata\presentationnative_v030032.exe --> c:\programdata\PresentationNative_v030032.exe [?]

S2 TermService3232;Terminal Services ;c:\programdata\kbdsyr232.exe --> c:\programdata\KBDSYR232.exe [?]

S2 TermService323232;Terminal Services ;c:\programdata\msihnd32.exe --> c:\programdata\msihnd32.exe [?]

S2 TermService3232323232;Terminal Services ;c:\programdata\nlslexicons081632.exe --> c:\programdata\NlsLexicons081632.exe [?]

S2 TermService323232323232;Terminal Services ;c:\programdata\adsldp32.exe --> c:\programdata\adsldp32.exe [?]

S2 TermService32323232323232;Terminal Services ;c:\programdata\wmnetmgr32.exe --> c:\programdata\WMNetMgr32.exe [?]

S2 TermService323232323232323232;Terminal Services ;c:\programdata\portabledeviceapi32.exe --> c:\programdata\PortableDeviceApi32.exe [?]

S2 Themes32;Themes ;c:\programdata\d3d10_132.exe --> c:\programdata\d3d10_132.exe [?]

S2 Themes3232;Themes ;c:\programdata\cfgbkend32.exe --> c:\programdata\cfgbkend32.exe [?]

S2 Themes323232;Themes ;c:\programdata\eappcfg32.exe --> c:\programdata\eappcfg32.exe [?]

S2 Themes32323232;Themes ;c:\programdata\e_fbchala32.exe --> c:\programdata\E_FBCHALA32.exe [?]

S2 Themes3232323232;Themes ;c:\programdata\winusb32.exe --> c:\programdata\winusb32.exe [?]

S2 Themes323232323232;Themes ;c:\programdata\termmgr32.exe --> c:\programdata\termmgr32.exe [?]

S2 Themes32323232323232;Themes ;c:\programdata\acppage32.exe --> c:\programdata\acppage32.exe [?]

S2 Themes323232323232323232;Themes ;c:\programdata\dsprop32.exe --> c:\programdata\dsprop32.exe [?]

S2 Themes32323232323232323232;Themes ;c:\programdata\nlsdata000932.exe --> c:\programdata\NlsData000932.exe [?]

S2 THREADORDER3232;Thread Ordering Server ;c:\programdata\msv1_032.exe --> c:\programdata\msv1_032.exe [?]

S2 THREADORDER323232;Thread Ordering Server ;c:\programdata\kbdsf32.exe --> c:\programdata\KBDSF32.exe [?]

S2 TrkWks32;Distributed Link Tracking Client ;c:\programdata\rtkpgext32.exe --> c:\programdata\RtkPgExt32.exe [?]

S2 TrkWks32323232;Distributed Link Tracking Client ;c:\programdata\msjint4032.exe --> c:\programdata\msjint4032.exe [?]

S2 TrkWks3232323232;Distributed Link Tracking Client ;c:\programdata\nlsdata000032.exe --> c:\programdata\NlsData000032.exe [?]

S2 TrkWks323232323232;Distributed Link Tracking Client ;c:\programdata\dskquota32.exe --> c:\programdata\dskquota32.exe [?]

S2 TrkWks32323232323232;Distributed Link Tracking Client ;c:\programdata\security32.exe --> c:\programdata\security32.exe [?]

S2 TrustedInstaller32;Windows Modules Installer ;c:\programdata\hnetcfg32.exe --> c:\programdata\hnetcfg32.exe [?]

S2 TrustedInstaller3232;Windows Modules Installer ;c:\programdata\wmiprop32.exe --> c:\programdata\wmiprop32.exe [?]

S2 TrustedInstaller3232323232;Windows Modules Installer ;c:\programdata\ntdll32.exe --> c:\programdata\ntdll32.exe [?]

S2 TrustedInstaller323232323232;Windows Modules Installer ;c:\programdata\cmlua32.exe --> c:\programdata\cmlua32.exe [?]

S2 TrustedInstaller3232323232323232;Windows Modules Installer ;c:\programdata\odbc16gt32.exe --> c:\programdata\odbc16gt32.exe [?]

S2 UI0Detect323232323232;Interactive Services Detection ;c:\programdata\ir41_qc32.exe --> c:\programdata\ir41_qc32.exe [?]

S2 UI0Detect32323232323232;Interactive Services Detection ;c:\programdata\raschap32.exe --> c:\programdata\raschap32.exe [?]

S2 UI0Detect3232323232323232;Interactive Services Detection ;c:\programdata\ndfapi32.exe --> c:\programdata\ndfapi32.exe [?]

S2 upnphost32;UPnP Device Host ;c:\programdata\imgutil32.exe --> c:\programdata\imgutil32.exe [?]

S2 upnphost3232323232323232323232323232;UPnP Device Host ;c:\programdata\msexcl4032.exe --> c:\programdata\msexcl4032.exe [?]

S2 upnphost3232323232323232323232323232323232;UPnP Device Host ;c:\programdata\kbdmlt4732.exe --> c:\programdata\KBDMLT4732.exe [?]

S2 upnphost323232323232323232323232323232323232;UPnP Device Host ;c:\programdata\rasplap32.exe --> c:\programdata\rasplap32.exe [?]

S2 UxSms323232;Desktop Window Manager Session Manager ;c:\programdata\ktmw3232.exe --> c:\programdata\ktmw3232.exe [?]

S2 UxSms32323232;Desktop Window Manager Session Manager ;c:\programdata\winethc32.exe --> c:\programdata\winethc32.exe [?]

S2 UxSms3232323232;Desktop Window Manager Session Manager ;c:\programdata\nlsdata000132.exe --> c:\programdata\NlsData000132.exe [?]

S2 UxSms323232323232;Desktop Window Manager Session Manager ;c:\programdata\wlanmsm32.exe --> c:\programdata\wlanmsm32.exe [?]

S2 vds32;Virtual Disk ;c:\programdata\bitsperf32.exe --> c:\programdata\bitsperf32.exe [?]

S2 vds323232;Virtual Disk ;c:\programdata\nlslexicons000932.exe --> c:\programdata\NlsLexicons000932.exe [?]

S2 vds3232323232;Virtual Disk ;c:\programdata\d3dim70032.exe --> c:\programdata\d3dim70032.exe [?]

S2 vds3232323232323232;Virtual Disk ;c:\programdata\scripto32.exe --> c:\programdata\scripto32.exe [?]

S2 vds323232323232323232;Virtual Disk ;c:\programdata\perfts32.exe --> c:\programdata\perfts32.exe [?]

S2 vds323232323232323232323232;Virtual Disk ;c:\programdata\kbdlv32.exe --> c:\programdata\KBDLV32.exe [?]

S2 Viewpoint Manager Service3232;Viewpoint Manager Service ;c:\programdata\query32.exe --> c:\programdata\Query32.exe [?]

S2 Viewpoint Manager Service323232;Viewpoint Manager Service ;c:\programdata\sstpsvc32.exe --> c:\programdata\sstpsvc32.exe [?]

S2 Viewpoint Manager Service32323232;Viewpoint Manager Service ;c:\programdata\ntshrui32.exe --> c:\programdata\ntshrui32.exe [?]

S2 Viewpoint Manager Service3232323232;Viewpoint Manager Service ;c:\programdata\authz32.exe --> c:\programdata\authz32.exe [?]

S2 Viewpoint Manager Service323232323232;Viewpoint Manager Service ;c:\programdata\umb32.exe --> c:\programdata\umb32.exe [?]

S2 Viewpoint Manager Service32323232323232323232;Viewpoint Manager Service ;c:\programdata\rpcns432.exe --> c:\programdata\RpcNs432.exe [?]

S2 Viewpoint Manager Service3232323232323232323232;Viewpoint Manager Service ;c:\programdata\qshvhost32.exe --> c:\programdata\QSHVHOST32.exe [?]

S2 Viewpoint Manager Service323232323232323232323232;Viewpoint Manager Service ;c:\programdata\msstrc32.exe --> c:\programdata\msstrc32.exe [?]

S2 Viewpoint Manager Service32323232323232323232323232;Viewpoint Manager Service ;c:\programdata\wmvdecod32.exe --> c:\programdata\WMVDECOD32.exe [?]

S2 VSS32;Volume Shadow Copy ;c:\programdata\rpchttp32.exe --> c:\programdata\rpchttp32.exe [?]

S2 W32Time3232;Windows Time ;c:\programdata\nlslexicons000f32.exe --> c:\programdata\NlsLexicons000f32.exe [?]

S2 W32Time323232;Windows Time ;c:\programdata\igfxcoin_v127732.exe --> c:\programdata\igfxCoIn_v127732.exe [?]

S2 WcesComm32;Windows Mobile-2003-based device connectivity ;c:\programdata\certcli32.exe --> c:\programdata\certcli32.exe [?]

S2 WcesComm3232;Windows Mobile-2003-based device connectivity ;c:\programdata\dmvdsitf32.exe --> c:\programdata\dmvdsitf32.exe [?]

S2 WcesComm323232;Windows Mobile-2003-based device connectivity ;c:\programdata\certenrollui32.exe --> c:\programdata\CertEnrollUI32.exe [?]

S2 WcesComm32323232;Windows Mobile-2003-based device connectivity ;c:\programdata\occache32.exe --> c:\programdata\occache32.exe [?]

S2 WcesComm323232323232;Windows Mobile-2003-based device connectivity ;c:\programdata\sfc32.exe --> c:\programdata\sfc32.exe [?]

S2 WcesComm3232323232323232;Windows Mobile-2003-based device connectivity ;c:\programdata\msxml632.exe --> c:\programdata\msxml632.exe [?]

S2 wcncsvc32;Windows Connect Now - Config Registrar ;c:\programdata\networkmap32.exe --> c:\programdata\networkmap32.exe [?]

S2 wcncsvc3232;Windows Connect Now - Config Registrar ;c:\programdata\bitsprx232.exe --> c:\programdata\bitsprx232.exe [?]

S2 wcncsvc323232;Windows Connect Now - Config Registrar ;c:\programdata\iaspolcy32.exe --> c:\programdata\iaspolcy32.exe [?]

S2 wcncsvc32323232;Windows Connect Now - Config Registrar ;c:\programdata\asferror32.exe --> c:\programdata\asferror32.exe [?]

S2 wcncsvc3232323232;Windows Connect Now - Config Registrar ;c:\programdata\untfs32.exe --> c:\programdata\untfs32.exe [?]

S2 wcncsvc3232323232323232;Windows Connect Now - Config Registrar ;c:\programdata\wshbth32.exe --> c:\programdata\wshbth32.exe [?]

S2 wcncsvc323232323232323232;Windows Connect Now - Config Registrar ;c:\programdata\trapi32.exe --> c:\programdata\TRAPI32.exe [?]

S2 WcsPlugInService3232;Windows Color System ;c:\programdata\rasdlg32.exe --> c:\programdata\rasdlg32.exe [?]

S2 WcsPlugInService323232;Windows Color System ;c:\programdata\msmmsp32.exe --> c:\programdata\msmmsp32.exe [?]

S2 WcsPlugInService32323232;Windows Color System ;c:\programdata\kbdjpn32.exe --> c:\programdata\KBDJPN32.exe [?]

S2 WcsPlugInService323232323232;Windows Color System ;c:\programdata\fwremotesvr32.exe --> c:\programdata\FwRemoteSvr32.exe [?]

S2 WcsPlugInService32323232323232;Windows Color System ;c:\programdata\compatui32.exe --> c:\programdata\CompatUI32.exe [?]

S2 WdiSystemHost323232;Diagnostic System Host ;c:\programdata\d3dim70032.exe --> c:\programdata\d3dim70032.exe [?]

S2 WdiSystemHost32323232;Diagnostic System Host ;c:\programdata\wmerror32.exe --> c:\programdata\wmerror32.exe [?]

S2 WdiSystemHost32323232323232;Diagnostic System Host ;c:\programdata\kbdmon32.exe --> c:\programdata\KBDMON32.exe [?]

S2 WdiSystemHost3232323232323232;Diagnostic System Host ;c:\programdata\deskperf32.exe --> c:\programdata\deskperf32.exe [?]

S2 WdiSystemHost32323232323232323232323232323232;Diagnostic System Host ;c:\programdata\kbdfc32.exe --> c:\programdata\KBDFC32.exe [?]

S2 WebClient32;WebClient ;c:\programdata\wls0wndh32.exe --> c:\programdata\WlS0WndH32.exe [?]

S2 WebClient3232;WebClient ;c:\programdata\vidreszr32.exe --> c:\programdata\VIDRESZR32.exe [?]

S2 WebClient32323232;WebClient ;c:\programdata\tapisrv32.exe --> c:\programdata\tapisrv32.exe [?]

S2 WebClient3232323232;WebClient ;c:\programdata\els32.exe --> c:\programdata\els32.exe [?]

S2 WebClient323232323232;WebClient ;c:\programdata\hccoin32.exe --> c:\programdata\hccoin32.exe [?]

S2 WebClient32323232323232;WebClient ;c:\programdata\nicco632.exe --> c:\programdata\NicCo632.exe [?]

S2 WebClient3232323232323232;WebClient ;c:\programdata\odbctrac32.exe --> c:\programdata\odbctrac32.exe [?]

S2 Wecsvc3232;Windows Event Collector ;c:\programdata\rasctrs32.exe --> c:\programdata\rasctrs32.exe [?]

S2 Wecsvc323232;Windows Event Collector ;c:\programdata\win87em32.exe --> c:\programdata\win87em32.exe [?]

S2 Wecsvc32323232;Windows Event Collector ;c:\programdata\wsnmp3232.exe --> c:\programdata\wsnmp3232.exe [?]

S2 Wecsvc3232323232;Windows Event Collector ;c:\programdata\wiavideo32.exe --> c:\programdata\wiavideo32.exe [?]

S2 Wecsvc323232323232323232;Windows Event Collector ;c:\programdata\netcfgx32.exe --> c:\programdata\netcfgx32.exe [?]

S2 Wecsvc3232323232323232323232;Windows Event Collector ;c:\programdata\msvidc3232.exe --> c:\programdata\msvidc3232.exe [?]

S2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\programdata\aqckgen32.exe --> c:\programdata\AQCKGen32.exe [?]

S2 wercplsupport323232323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\msrle3232.exe --> c:\programdata\msrle3232.exe [?]

S2 WerSvc323232;Windows Error Reporting Service ;c:\programdata\cpc_dmird32.exe --> c:\programdata\cPC_DMIRD32.exe [?]

S2 WerSvc32323232;Windows Error Reporting Service ;c:\programdata\alttab32.exe --> c:\programdata\AltTab32.exe [?]

S2 WerSvc323232323232;Windows Error Reporting Service ;c:\programdata\sens32.exe --> c:\programdata\Sens32.exe [?]

S2 WinDefend32323232;Windows Defender ;c:\programdata\msctfui32.exe --> c:\programdata\msctfui32.exe [?]

S2 WinDefend3232323232;Windows Defender ;c:\programdata\mmdevapi32.exe --> c:\programdata\MMDevAPI32.exe [?]

S2 WinDefend323232323232;Windows Defender ;c:\programdata\taskcomp32.exe --> c:\programdata\taskcomp32.exe [?]

S2 WinHttpAutoProxySvc3232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\msaudite32.exe --> c:\programdata\msaudite32.exe [?]

S2 WinHttpAutoProxySvc323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\commdlg32.exe --> c:\programdata\COMMDLG32.exe [?]

S2 WinHttpAutoProxySvc32323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\qdvd32.exe --> c:\programdata\qdvd32.exe [?]

S2 WinHttpAutoProxySvc3232323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\kbdrost32.exe --> c:\programdata\KBDROST32.exe [?]

S2 WinHttpAutoProxySvc323232323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\rtkcoinst32.exe --> c:\programdata\RtkCoInst32.exe [?]

S2 Winmgmt323232;Windows Management Instrumentation ;c:\programdata\slwga32.exe --> c:\programdata\slwga32.exe [?]

S2 wmiApSrv32;WMI Performance Adapter ;c:\programdata\igfxtmm32.exe --> c:\programdata\igfxTMM32.exe [?]

S2 wmiApSrv3232;WMI Performance Adapter ;c:\programdata\msvideo32.exe --> c:\programdata\msvideo32.exe [?]

S2 wmiApSrv323232;WMI Performance Adapter ;c:\programdata\msafd32.exe --> c:\programdata\msafd32.exe [?]

S2 wmiApSrv32323232;WMI Performance Adapter ;c:\programdata\imagesp132.exe --> c:\programdata\imagesp132.exe [?]

S2 WMPNetworkSvc3232;Windows Media Player Network Sharing Service ;c:\programdata\kbdusl32.exe --> c:\programdata\KBDUSL32.exe [?]

S2 WPCSvc32;Parental Controls ;c:\programdata\wsecedit32.exe --> c:\programdata\wsecedit32.exe [?]

S2 WPDBusEnum32;Portable Device Enumerator Service ;c:\programdata\prnntfy32.exe --> c:\programdata\prnntfy32.exe [?]

S2 WPDBusEnum32323232;Portable Device Enumerator Service ;c:\programdata\nlslexicons004632.exe --> c:\programdata\NlsLexicons004632.exe [?]

S2 WPDBusEnum3232323232;Portable Device Enumerator Service ;c:\programdata\iassvcs32.exe --> c:\programdata\iassvcs32.exe [?]

S2 WPDBusEnum323232323232;Portable Device Enumerator Service ;c:\programdata\dhcpcmonitor32.exe --> c:\programdata\dhcpcmonitor32.exe [?]

S2 WPDBusEnum32323232323232;Portable Device Enumerator Service ;c:\programdata\sdohlp32.exe --> c:\programdata\sdohlp32.exe [?]

S2 WPFFontCache_v04003232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\c_iscii32.exe --> c:\programdata\C_ISCII32.exe [?]

S2 WPFFontCache_v0400323232323232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\sqlunirl32.exe --> c:\programdata\sqlunirl32.exe [?]

S2 WPFFontCache_v040032323232323232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\osbaseln32.exe --> c:\programdata\osbaseln32.exe [?]

S2 WPFFontCache_v04003232323232323232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\pcadm32.exe --> c:\programdata\pcadm32.exe [?]

S2 WPFFontCache_v0400323232323232323232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\portabledevicewmdrm32.exe --> c:\programdata\PortableDeviceWMDRM32.exe [?]

S2 wscsvc32;Security Center ;c:\programdata\radardt32.exe --> c:\programdata\radardt32.exe [?]

S2 wscsvc323232;Security Center ;c:\programdata\kbdbu32.exe --> c:\programdata\KBDBU32.exe [?]

S2 wscsvc32323232;Security Center ;c:\programdata\faultrep32.exe --> c:\programdata\Faultrep32.exe [?]

S2 wscsvc3232323232;Security Center ;c:\programdata\dxtmsft32.exe --> c:\programdata\dxtmsft32.exe [?]

S2 wscsvc323232323232;Security Center ;c:\programdata\nlslexicons004c32.exe --> c:\programdata\NlsLexicons004c32.exe [?]

S2 WSearch32;Windows Search ;c:\programdata\dxtrans32.exe --> c:\programdata\dxtrans32.exe [?]

S2 WSearch323232;Windows Search ;c:\programdata\dnsrslvr32.exe --> c:\programdata\dnsrslvr32.exe [?]

S2 WSearch32323232;Windows Search ;c:\programdata\kbdsw32.exe --> c:\programdata\KBDSW32.exe [?]

S2 WSearch3232323232;Windows Search ;c:\programdata\ifsutil32.exe --> c:\programdata\ifsutil32.exe [?]

S2 wuauserv3232;Windows Update ;c:\programdata\sysfxui32.exe --> c:\programdata\SysFxUI32.exe [?]

S2 wuauserv323232;Windows Update ;c:\programdata\d3dxof32.exe --> c:\programdata\d3dxof32.exe [?]

S2 wuauserv32323232;Windows Update ;c:\programdata\kbdit14232.exe --> c:\programdata\KBDIT14232.exe [?]

S2 wuauserv323232323232;Windows Update ;c:\programdata\d3d8thk32.exe --> c:\programdata\d3d8thk32.exe [?]

S2 wuauserv32323232323232;Windows Update ;c:\programdata\uxtheme32.exe --> c:\programdata\uxtheme32.exe [?]

S2 wuauserv3232323232323232;Windows Update ;c:\programdata\wtsapi3232.exe --> c:\programdata\wtsapi3232.exe [?]

S2 wuauserv323232323232323232;Windows Update ;c:\programdata\odbccr3232.exe --> c:\programdata\odbccr3232.exe [?]

S2 wudfsvc32;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\kbdusx32.exe --> c:\programdata\KBDUSX32.exe [?]

S2 XAudioService3232;XAudioService ;c:\programdata\msfeedsbs32.exe --> c:\programdata\msfeedsbs32.exe [?]

S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\drivers\AGUx86.sys [2008-1-17 892416]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-4 84488]

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-3-29 599040]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-21 12:30:04 -------- d-----w- c:\users\kris\appdata\roaming\Malwarebytes

2011-06-21 12:29:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-21 12:29:22 -------- d-----w- c:\programdata\Malwarebytes

2011-06-21 12:29:17 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-21 12:29:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-19 00:19:04 184320 ----a-w- c:\programdata\asycfilt32.dll

2011-06-16 22:46:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-06-11 12:34:31 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll

2011-06-11 12:33:05 -------- d-----w- c:\program files\common files\xing shared

2011-06-11 12:31:17 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2011-06-11 12:29:51 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

.

==================== Find3M ====================

.

2011-06-11 12:28:58 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-06-11 12:28:58 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-25 23:25:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-02 15:58:28 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 12:49:57 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 12:49:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-29 12:49:51 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-29 12:49:44 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-29 12:49:35 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-21 15:00:34 833024 ----a-w- c:\windows\system32\wininet.dll

2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-04-21 13:28:42 389632 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:16:42 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-04-21 13:08:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 19:01:38 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 19:01:38 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe

2011-04-14 14:24:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

.

============= FINISH: 14:44:02.56 ===============

PLEASE advise,

KJamal99

DDS.txt

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Please do not delete anything unless instructed to.

1. launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

2. Save this text as fixme.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

3. Double-click on fixme.reg. When it asks you to merge the information to the registry click Yes.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Hello LDTate, and thank you for your response....

Here is the GooredFix.txt contents:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 18:45 on 25/06/2011 (Kris)

Firefox version 4.0.1 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Kris\Application Data\Mozilla\Firefox\Profiles\cxisknfq.default\extensions\{9e69dc27-faac-4223-ab10-8b3753aab021}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

talkback@mozilla.org [21:30 19/01/2008]

{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:30 19/01/2008]

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [13:57 25/01/2008]

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [05:14 20/09/2009]

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [14:03 07/12/2009]

{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [15:15 04/04/2010]

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [18:12 24/04/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [03:05 02/09/2010]

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [04:22 24/11/2010]

{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [05:49 04/02/2011]

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [01:37 22/06/2011]

C:\Users\Kris\Application Data\Mozilla\Firefox\Profiles\cxisknfq.default\extensions\

moveplayer@movenetworks.com [13:44 18/04/2009]

{1280606b-2510-4fe0-97ef-9b5a22eafe30} [13:07 23/03/2011]

{20a82645-c095-46ed-80e3-08825760534b} [17:02 09/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:08 11/03/2009]

"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [05:37 04/02/2011]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [12:32 11/06/2011]

-=E.O.F=-

TDSSKiller did not find anything...

Does that mean the issue has been resolved?

The only difference I've noticed at the moment is that Firefox is seems to be starting-up quite a bit slower. Also when I close it, the firefox.exe process and some firefox plug-in container remain active until I forcefully end those processes. Also, I just tried some of the same searches I did before, and the search results don't seem to be compromised at the moment? Could it be fixed, or will it be back?

What can I do to keep from having that happen again in the future??

Share this post


Link to post
Share on other sites

I don't use FF so I can't answer those questions.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

I did not see the dialog come up for the "Microsoft Windows Recovery Console", so I guess it must already be installed? Though, I have never heard of it...

My computer seems to be operating pretty smoothly now. I'm guessing something we have done has solved my problem... Thanks!

Would you please tell me how to re-enable anything I've been required to turn-off as part of your instructions? Like the auto-run capability of my Media drives.

Here is the ComboFix log - do you see anything funky?

-------------------------------------------------------------------------------------

ComboFix 11-06-27.01 - Kris 06/27/2011 18:48:11.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.817 [GMT -5:00]

Running from: c:\users\Kris\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\3bi1kd7k.default\extensions\{9e69dc27-faac-4223-ab10-8b3753aab021}

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\3bi1kd7k.default\extensions\{9e69dc27-faac-4223-ab10-8b3753aab021}\chrome.manifest

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\3bi1kd7k.default\extensions\{9e69dc27-faac-4223-ab10-8b3753aab021}\chrome\xulcache.jar

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\3bi1kd7k.default\extensions\{9e69dc27-faac-4223-ab10-8b3753aab021}\defaults\preferences\xulcache.js

c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\3bi1kd7k.default\extensions\{9e69dc27-faac-4223-ab10-8b3753aab021}\install.rdf

c:\windows\system32\jusched.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_BITS32

-------\Service_RpcSs32

-------\Service_wmiApSrv32

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))

.

.

2011-06-28 00:02 . 2011-06-28 00:10 -------- d-----w- c:\users\Kris\AppData\Local\temp

2011-06-26 16:22 . 2011-06-26 16:22 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-26 16:22 . 2011-06-26 16:22 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-26 00:41 . 2011-03-13 16:42 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

2011-06-21 12:30 . 2011-06-21 12:30 -------- d-----w- c:\users\Kris\AppData\Roaming\Malwarebytes

2011-06-21 12:29 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-21 12:29 . 2011-06-21 12:29 -------- d-----w- c:\programdata\Malwarebytes

2011-06-21 12:29 . 2011-06-21 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-21 12:29 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-16 22:46 . 2011-05-02 12:00 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-06-11 12:34 . 2011-06-11 12:34 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll

2011-06-11 12:33 . 2011-06-11 12:33 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-11 12:31 . 2011-06-11 12:31 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll

2011-06-11 12:29 . 2011-06-11 12:30 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-25 06:29 . 2011-05-23 16:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-11 12:28 . 2008-06-03 05:36 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-06-11 12:28 . 2003-08-13 01:17 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-04 09:52 . 2010-04-24 18:12 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-26 16:22 . 2011-04-10 17:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 19:01 . 2011-02-04 05:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 02:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CCUTRAYICON"="FactoryMode" [X]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-09-25 54672]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"SBC_McciTrayApp"="c:\program files\SBC\update\SST.exe" [2007-02-28 1011200]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"D-Link D-Link Wireless N DWA-130"="c:\program files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe" [2008-03-20 1675264]

"KMCONFIG"="c:\program files\Keyboard & Mouse Driver\StartAutorun.exe" [2008-05-30 212992]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-27 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 150552]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-26 1306216]

"McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2009-11-17 670312]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-06-11 273544]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2009-1-5 261120]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk

backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Kris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]

path=c:\users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk

backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Kris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]

path=c:\users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk

backup=c:\windows\pss\ZooskMessenger.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

2010-02-18 15:53 50520 ----a-w- c:\users\Kris\AppData\Roaming\mjusbsp\cdloader2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\aol\1199758750\ee\aolsoftware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2009-08-05 17:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-01-15 16:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2010-06-01 15:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 AeLookupSvc3232;Application Experience ;c:\programdata\dinput832.exe [x]

R2 AeLookupSvc323232;Application Experience ;c:\programdata\msscp32.exe [x]

R2 AeLookupSvc3232323232323232;Application Experience ;c:\programdata\ureg32.exe [x]

R2 AeLookupSvc323232323232323232;Application Experience ;c:\programdata\localsec32.exe [x]

R2 AeLookupSvc32323232323232323232;Application Experience ;c:\programdata\NlsData001132.exe [x]

R2 AeLookupSvc3232323232323232323232;Application Experience ;c:\programdata\MPSSVC32.exe [x]

R2 AeLookupSvc323232323232323232323232;Application Experience ;c:\programdata\dpnathlp32.exe [x]

R2 AlertService3232;Intel® Alert Service ;c:\programdata\atmfd32.exe [x]

R2 AlertService323232;Intel® Alert Service ;c:\programdata\Icam4EXT32.exe [x]

R2 ALG32323232;Application Layer Gateway Service ;c:\programdata\KBDUS32.exe [x]

R2 ALG323232323232323232;Application Layer Gateway Service ;c:\programdata\dot3ui32.exe [x]

R2 AOL ACS3232;AOL Connectivity Service ;c:\programdata\KBDIT32.exe [x]

R2 AOL ACS323232;AOL Connectivity Service ;c:\programdata\advapi3232.exe [x]

R2 AOL ACS32323232323232323232;AOL Connectivity Service ;c:\programdata\esent32.exe [x]

R2 AOL ACS3232323232323232323232;AOL Connectivity Service ;c:\programdata\btpanui32.exe [x]

R2 AOL ACS323232323232323232323232;AOL Connectivity Service ;c:\programdata\wkssvc32.exe [x]

R2 Appinfo32;Application Information ;c:\programdata\iprtrmgr32.exe [x]

R2 Appinfo3232323232323232323232;Application Information ;c:\programdata\NcdProp32.exe [x]

R2 Appinfo323232323232323232323232;Application Information ;c:\programdata\msdmo32.exe [x]

R2 Appinfo3232323232323232323232323232;Application Information ;c:\programdata\netfxperf32.exe [x]

R2 Appinfo323232323232323232323232323232;Application Information ;c:\programdata\cmutil32.exe [x]

R2 Apple Mobile Device3232;Apple Mobile Device ;c:\programdata\clfsw3232.exe [x]

R2 Apple Mobile Device323232;Apple Mobile Device ;c:\programdata\xwizards32.exe [x]

R2 Apple Mobile Device3232323232;Apple Mobile Device ;c:\programdata\C_G1803032.exe [x]

R2 Apple Mobile Device323232323232;Apple Mobile Device ;c:\programdata\WINNLS32.exe [x]

R2 Apple Mobile Device3232323232323232;Apple Mobile Device ;c:\programdata\napipsec32.exe [x]

R2 AudioEndpointBuilder32;Windows Audio Endpoint Builder ;c:\programdata\C_IS202232.exe [x]

R2 AudioEndpointBuilder3232;Windows Audio Endpoint Builder ;c:\programdata\iprop32.exe [x]

R2 AudioEndpointBuilder32323232;Windows Audio Endpoint Builder ;c:\programdata\igfxdo32.exe [x]

R2 AudioEndpointBuilder3232323232;Windows Audio Endpoint Builder ;c:\programdata\QSVRMGMT32.exe [x]

R2 AudioEndpointBuilder323232323232;Windows Audio Endpoint Builder ;c:\programdata\BFE32.exe [x]

R2 AudioEndpointBuilder32323232323232;Windows Audio Endpoint Builder ;c:\programdata\mstask32.exe [x]

R2 Audiosrv32;Windows Audio ;c:\programdata\cmcfg3232.exe [x]

R2 Audiosrv3232;Windows Audio ;c:\programdata\uniplat32.exe [x]

R2 Audiosrv323232;Windows Audio ;c:\programdata\wecsvc32.exe [x]

R2 Audiosrv32323232;Windows Audio ;c:\programdata\d3dx9_3232.exe [x]

R2 Audiosrv323232323232;Windows Audio ;c:\programdata\netdiagfx32.exe [x]

R2 Automatic LiveUpdate Scheduler32;Automatic LiveUpdate Scheduler ;c:\programdata\msoert232.exe [x]

R2 Automatic LiveUpdate Scheduler323232;Automatic LiveUpdate Scheduler ;c:\programdata\gcdef32.exe [x]

R2 Automatic LiveUpdate Scheduler32323232;Automatic LiveUpdate Scheduler ;c:\programdata\itircl32.exe [x]

R2 BFE32;Base Filtering Engine ;c:\programdata\pifmgr32.exe [x]

R2 BITS3232;Background Intelligent Transfer Service ;c:\programdata\msdtcprx32.exe [x]

R2 BITS323232;Background Intelligent Transfer Service ;c:\programdata\NlsLexicons000c32.exe [x]

R2 BITS32323232;Background Intelligent Transfer Service ;c:\programdata\mssha32.exe [x]

R2 BITS3232323232323232323232;Background Intelligent Transfer Service ;c:\programdata\dmocx32.exe [x]

R2 BITS323232323232323232323232;Background Intelligent Transfer Service ;c:\programdata\mstime32.exe [x]

R2 BITS323232323232323232323232323232;Background Intelligent Transfer Service ;c:\programdata\KBDSL132.exe [x]

R2 BITS32323232323232323232323232323232;Background Intelligent Transfer Service ;c:\programdata\wsepno32.exe [x]

R2 BITS3232323232323232323232323232323232;Background Intelligent Transfer Service ;c:\programdata\usbui32.exe [x]

R2 BITS323232323232323232323232323232323232;Background Intelligent Transfer Service ;c:\programdata\swprv32.exe [x]

R2 Bonjour Service32323232;Bonjour Service ;c:\programdata\AuthFWGP32.exe [x]

R2 Bonjour Service3232323232;Bonjour Service ;c:\programdata\KBDIR32.exe [x]

R2 Bonjour Service323232323232;Bonjour Service ;c:\programdata\xactsrv32.exe [x]

R2 Bonjour Service32323232323232;Bonjour Service ;c:\programdata\rsaenh32.exe [x]

R2 Bonjour Service32323232323232323232;Bonjour Service ;c:\programdata\NlsData002732.exe [x]

R2 Bonjour Service3232323232323232323232;Bonjour Service ;c:\programdata\KBDRU132.exe [x]

R2 Browser32;Computer Browser ;c:\programdata\oleaut3232.exe [x]

R2 Browser3232;Computer Browser ;c:\programdata\ATHPRXY32.exe [x]

R2 Browser323232;Computer Browser ;c:\programdata\ssdpapi32.exe [x]

R2 Browser32323232;Computer Browser ;c:\programdata\glmf3232.exe [x]

R2 Browser323232323232;Computer Browser ;c:\programdata\msdtcprx32.exe [x]

R2 Browser32323232323232;Computer Browser ;c:\programdata\WlanApp32.exe [x]

R2 Browser3232323232323232;Computer Browser ;c:\programdata\scesrv32.exe [x]

R2 Browser323232323232323232;Computer Browser ;c:\programdata\pxwma32.exe [x]

R2 CertPropSvc32;Certificate Propagation ;c:\programdata\dnshc32.exe [x]

R2 CertPropSvc3232;Certificate Propagation ;c:\programdata\KBDHE31932.exe [x]

R2 CertPropSvc323232;Certificate Propagation ;c:\programdata\mssitlb32.exe [x]

R2 CertPropSvc32323232;Certificate Propagation ;c:\programdata\KBDIULAT32.exe [x]

R2 CertPropSvc3232323232;Certificate Propagation ;c:\programdata\KBDNEPR32.exe [x]

R2 CertPropSvc323232323232323232;Certificate Propagation ;c:\programdata\KBDTIPRC32.exe [x]

R2 CertPropSvc32323232323232323232;Certificate Propagation ;c:\programdata\msftedit32.exe [x]

R2 CertPropSvc3232323232323232323232;Certificate Propagation ;c:\programdata\WUDFx32.exe [x]

R2 clr_optimization_v2.0.50727_3232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\powercpl32.exe [x]

R2 clr_optimization_v2.0.50727_32323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\spnet32.exe [x]

R2 clr_optimization_v2.0.50727_3232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\wuapi32.exe [x]

R2 clr_optimization_v2.0.50727_32323232323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\dmloader32.exe [x]

R2 clr_optimization_v2.0.50727_3232323232323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\wdi32.exe [x]

R2 clr_optimization_v2.0.50727_323232323232323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\msshavmsg32.exe [x]

R2 clr_optimization_v2.0.50727_32323232323232323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\COLORCNV32.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\WUDFx32.exe [x]

R2 clr_optimization_v4.0.30319_323232323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\profprov32.exe [x]

R2 clr_optimization_v4.0.30319_32323232323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\msexch4032.exe [x]

R2 clr_optimization_v4.0.30319_3232323232323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\icsfiltr32.exe [x]

R2 COMSysApp32;COM+ System Application ;c:\programdata\zipfldr32.exe [x]

R2 COMSysApp32323232;COM+ System Application ;c:\programdata\KBDNO132.exe [x]

R2 COMSysApp32323232323232323232;COM+ System Application ;c:\programdata\avifil3232.exe [x]

R2 COMSysApp3232323232323232323232;COM+ System Application ;c:\programdata\QCLIPROV32.exe [x]

R2 COMSysApp32323232323232323232323232;COM+ System Application ;c:\programdata\amstream32.exe [x]

R2 COMSysApp3232323232323232323232323232;COM+ System Application ;c:\programdata\KBDPL132.exe [x]

R2 CryptSvc32323232;Cryptographic Services ;c:\programdata\webcheck32.exe [x]

R2 CryptSvc3232323232;Cryptographic Services ;c:\programdata\comcat32.exe [x]

R2 CryptSvc32323232323232323232;Cryptographic Services ;c:\programdata\NlsData000732.exe [x]

R2 CryptSvc32323232323232323232323232;Cryptographic Services ;c:\programdata\mydocs32.exe [x]

R2 DcomLaunch32323232323232;DCOM Server Process Launcher ;c:\programdata\imagehlp32.exe [x]

R2 DcomLaunch3232323232323232;DCOM Server Process Launcher ;c:\programdata\xpssvcs32.exe [x]

R2 DcomLaunch323232323232323232;DCOM Server Process Launcher ;c:\programdata\lz3232.exe [x]

R2 DFSR32;DFS Replication ;c:\programdata\dsuiext32.exe [x]

R2 DFSR3232;DFS Replication ;c:\programdata\msacm32.exe [x]

R2 DFSR323232;DFS Replication ;c:\programdata\catsrv32.exe [x]

R2 DFSR323232323232;DFS Replication ;c:\programdata\msxml432.exe [x]

R2 DFSR32323232323232;DFS Replication ;c:\programdata\divx_xx1132.exe [x]

R2 DFSR3232323232323232;DFS Replication ;c:\programdata\TabbtnEx32.exe [x]

R2 Dhcp32;DHCP Client ;c:\programdata\perfnet32.exe [x]

R2 Dhcp3232;DHCP Client ;c:\programdata\mciqtz3232.exe [x]

R2 Dnscache323232;DNS Client ;c:\programdata\txfw3232.exe [x]

R2 dot3svc323232;Wired AutoConfig ;c:\programdata\KBDJPN32.exe [x]

R2 dot3svc3232323232;Wired AutoConfig ;c:\programdata\eswia5a32.exe [x]

R2 dot3svc323232323232;Wired AutoConfig ;c:\programdata\puiobj32.exe [x]

R2 dot3svc32323232323232;Wired AutoConfig ;c:\programdata\bcdprov32.exe [x]

R2 dot3svc32323232323232323232;Wired AutoConfig ;c:\programdata\KBDLV132.exe [x]

R2 dot3svc3232323232323232323232;Wired AutoConfig ;c:\programdata\wshqos32.exe [x]

R2 dot3svc323232323232323232323232;Wired AutoConfig ;c:\programdata\KBDINASA32.exe [x]

R2 dot3svc3232323232323232323232323232;Wired AutoConfig ;c:\programdata\msscb32.exe [x]

R2 DPS323232;Diagnostic Policy Service ;c:\programdata\NlsData001032.exe [x]

R2 DPS32323232;Diagnostic Policy Service ;c:\programdata\icfupgd32.exe [x]

R2 DPS3232323232;Diagnostic Policy Service ;c:\programdata\fdWNet32.exe [x]

R2 DPS323232323232;Diagnostic Policy Service ;c:\programdata\samlib32.exe [x]

R2 DPS32323232323232;Diagnostic Policy Service ;c:\programdata\rasmxs32.exe [x]

R2 DPS32323232323232323232;Diagnostic Policy Service ;c:\programdata\mspatcha32.exe [x]

R2 DQLWinService32;DQLWinService ;c:\programdata\GuidedHelp32.exe [x]

R2 DQLWinService3232;DQLWinService ;c:\programdata\NlsData041432.exe [x]

R2 DQLWinService323232;DQLWinService ;c:\programdata\modemui32.exe [x]

R2 DQLWinService32323232;DQLWinService ;c:\programdata\powrprof32.exe [x]

R2 DQLWinService3232323232;DQLWinService ;c:\programdata\KBDINBE132.exe [x]

R2 EapHost3232;Extensible Authentication Protocol ;c:\programdata\sqlcese3032.exe [x]

R2 EapHost323232;Extensible Authentication Protocol ;c:\programdata\asycfilt3232.exe [x]

R2 EapHost32323232;Extensible Authentication Protocol ;c:\programdata\sxsstore32.exe [x]

R2 EapHost3232323232;Extensible Authentication Protocol ;c:\programdata\wow3232.exe [x]

R2 EapHost323232323232;Extensible Authentication Protocol ;c:\programdata\scrrun32.exe [x]

R2 ehSched3232;Windows Media Center Scheduler Service ;c:\programdata\NlsLexicons041632.exe [x]

R2 ehSched323232;Windows Media Center Scheduler Service ;c:\programdata\eappprxy32.exe [x]

R2 EMDMgmt32;ReadyBoost ;c:\programdata\mplvw732.exe [x]

R2 EMDMgmt3232323232323232;ReadyBoost ;c:\programdata\NlsLexicons041632.exe [x]

R2 EPSON_PM_RPCV4_0132;EPSON V3 Service4(01) ;c:\programdata\KBDKAZ32.exe [x]

R2 EPSON_PM_RPCV4_013232;EPSON V3 Service4(01) ;c:\programdata\dmdskmgr32.exe [x]

R2 Eventlog32;Windows Event Log ;c:\programdata\msident32.exe [x]

R2 Eventlog3232;Windows Event Log ;c:\programdata\Wldap3232.exe [x]

R2 Eventlog323232;Windows Event Log ;c:\programdata\MsCtfMonitor32.exe [x]

R2 fdPHost323232323232;Function Discovery Provider Host ;c:\programdata\msswch32.exe [x]

R2 fdPHost32323232323232;Function Discovery Provider Host ;c:\programdata\spbcd32.exe [x]

R2 fdPHost3232323232323232;Function Discovery Provider Host ;c:\programdata\icmui32.exe [x]

R2 fdPHost323232323232323232;Function Discovery Provider Host ;c:\programdata\pdfmona32.exe [x]

R2 FDResPub32;Function Discovery Resource Publication ;c:\programdata\SessEnv32.exe [x]

R2 FDResPub3232;Function Discovery Resource Publication ;c:\programdata\blackbox32.exe [x]

R2 FDResPub3232323232;Function Discovery Resource Publication ;c:\programdata\ipsecsnp32.exe [x]

R2 FDResPub323232323232;Function Discovery Resource Publication ;c:\programdata\NlsData001932.exe [x]

R2 FLEXnet Licensing Service32;FLEXnet Licensing Service ;c:\programdata\dxgi32.exe [x]

R2 FLEXnet Licensing Service3232;FLEXnet Licensing Service ;c:\programdata\irmon32.exe [x]

R2 FLEXnet Licensing Service323232;FLEXnet Licensing Service ;c:\programdata\NlsLexicons002432.exe [x]

R2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\txflog32.exe [x]

R2 FontCache3.0.0.03232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\dhcpcsvc32.exe [x]

R2 FontCache3.0.0.0323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\wlandlg32.exe [x]

R2 FontCache3.0.0.032323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\qwave32.exe [x]

R2 FontCache3.0.0.03232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\offfilt32.exe [x]

R2 FontCache3.0.0.0323232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\mswsock32.exe [x]

R2 GameConsoleService3232323232323232323232;GameConsoleService ;c:\programdata\dwmredir32.exe [x]

R2 GameConsoleService323232323232323232323232;GameConsoleService ;c:\programdata\pywintypes2532.exe [x]

R2 GameConsoleService32323232323232323232323232;GameConsoleService ;c:\programdata\lsmproxy32.exe [x]

R2 GameConsoleService323232323232323232323232323232;GameConsoleService ;c:\programdata\VXBLOCK32.exe [x]

R2 GameConsoleService32323232323232323232323232323232;GameConsoleService ;c:\programdata\AOLDial32.exe [x]

R2 gpsvc32323232323232;Group Policy Client ;c:\programdata\WINNLS32.exe [x]

R2 gpsvc3232323232323232;Group Policy Client ;c:\programdata\FirewallAPI32.exe [x]

R2 gpsvc32323232323232323232;Group Policy Client ;c:\programdata\ntlanui232.exe [x]

R2 gpsvc3232323232323232323232;Group Policy Client ;c:\programdata\dinput32.exe [x]

R2 gusvc32323232;Google Software Updater ;c:\programdata\riched3232.exe [x]

R2 gusvc3232323232;Google Software Updater ;c:\programdata\ws2help32.exe [x]

R2 gusvc323232323232;Google Software Updater ;c:\programdata\KBDPO32.exe [x]

R2 hidserv32;Human Interface Device Access ;c:\programdata\SMBHelperClass32.exe [x]

R2 hidserv3232;Human Interface Device Access ;c:\programdata\wlanpref32.exe [x]

R2 hkmsvc3232;Health Key and Certificate Management ;c:\programdata\printfilterpipelineprxy32.exe [x]

R2 hkmsvc3232323232323232;Health Key and Certificate Management ;c:\programdata\licmgr1032.exe [x]

R2 hkmsvc323232323232323232;Health Key and Certificate Management ;c:\programdata\mscoree32.exe [x]

R2 hkmsvc32323232323232323232;Health Key and Certificate Management ;c:\programdata\NlsLexicons001332.exe [x]

R2 hkmsvc32323232323232323232323232;Health Key and Certificate Management ;c:\programdata\ieakui32.exe [x]

R2 HP Health Check Service32;HP Health Check Service ;c:\programdata\P2PGraph32.exe [x]

R2 HP Health Check Service3232;HP Health Check Service ;c:\programdata\wiarpc32.exe [x]

R2 HP Health Check Service32323232;HP Health Check Service ;c:\programdata\newdev32.exe [x]

R2 HP Health Check Service3232323232;HP Health Check Service ;c:\programdata\nlmsprep32.exe [x]

R2 HP Health Check Service32323232323232;HP Health Check Service ;c:\programdata\KBDBASH32.exe [x]

R2 HP Health Check Service323232323232323232;HP Health Check Service ;c:\programdata\MFC71CHS32.exe [x]

R2 IDriverT32;InstallDriver Table Manager ;c:\programdata\dpnathlp32.exe [x]

R2 IDriverT3232;InstallDriver Table Manager ;c:\programdata\WINSRPC32.exe [x]

R2 IDriverT323232;InstallDriver Table Manager ;c:\programdata\networkitemfactory32.exe [x]

R2 IDriverT32323232;InstallDriver Table Manager ;c:\programdata\atl32.exe [x]

R2 idsvc32323232;Windows CardSpace ;c:\programdata\ole232.exe [x]

R2 idsvc3232323232;Windows CardSpace ;c:\programdata\adsnt32.exe [x]

R2 idsvc323232323232;Windows CardSpace ;c:\programdata\spwizeng32.exe [x]

R2 idsvc32323232323232;Windows CardSpace ;c:\programdata\TMM32.exe [x]

R2 idsvc3232323232323232;Windows CardSpace ;c:\programdata\mfc40u32.exe [x]

R2 IKEEXT3232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\mswmdm32.exe [x]

R2 IKEEXT323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\uicom32.exe [x]

R2 IKEEXT32323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\nshipsec32.exe [x]

R2 IKEEXT3232323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\appinfo32.exe [x]

R2 IKEEXT323232323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\KBDTH232.exe [x]

R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]

R2 IntelDHSvcConf323232;Intel DH Service ;c:\programdata\jnwmon32.exe [x]

R2 IntelDHSvcConf32323232;Intel DH Service ;c:\programdata\bcdsrv32.exe [x]

R2 IntelDHSvcConf3232323232;Intel DH Service ;c:\programdata\wnicapi32.exe [x]

R2 IntuitUpdateService32;Intuit Update Service ;c:\programdata\KBDINHIN32.exe [x]

R2 IntuitUpdateService3232;Intuit Update Service ;c:\programdata\KBDMAC32.exe [x]

R2 IntuitUpdateService323232323232;Intuit Update Service ;c:\programdata\WMNetMgr32.exe [x]

R2 IntuitUpdateService32323232323232;Intuit Update Service ;c:\programdata\compstui32.exe [x]

R2 IntuitUpdateService323232323232323232;Intuit Update Service ;c:\programdata\McxDriv32.exe [x]

R2 IntuitUpdateService3232323232323232323232;Intuit Update Service ;c:\programdata\KBDPASH32.exe [x]

R2 IntuitUpdateService323232323232323232323232;Intuit Update Service ;c:\programdata\SSShim32.exe [x]

R2 IPBusEnum32;PnP-X IP Bus Enumerator ;c:\programdata\mstext4032.exe [x]

R2 IPBusEnum3232;PnP-X IP Bus Enumerator ;c:\programdata\MFC42ENU32.exe [x]

R2 IPBusEnum3232323232;PnP-X IP Bus Enumerator ;c:\programdata\NlsLexicons004532.exe [x]

R2 IPBusEnum32323232323232;PnP-X IP Bus Enumerator ;c:\programdata\eapp3hst32.exe [x]

R2 IPBusEnum3232323232323232;PnP-X IP Bus Enumerator ;c:\programdata\thumbcache32.exe [x]

R2 iphlpsvc32323232;IP Helper ;c:\programdata\msxml6r32.exe [x]

R2 iphlpsvc3232323232;IP Helper ;c:\programdata\aelupsvc32.exe [x]

R2 iphlpsvc323232323232;IP Helper ;c:\programdata\comsvcs32.exe [x]

R2 iPod Service32;iPod Service ;c:\programdata\adsldpc32.exe [x]

R2 iPod Service3232;iPod Service ;c:\programdata\wmdmps32.exe [x]

R2 iPod Service323232;iPod Service ;c:\programdata\halacpi32.exe [x]

R2 ISSM3232;Intel® Software Services Manager ;c:\programdata\mciwave32.exe [x]

R2 ISSM323232;Intel® Software Services Manager ;c:\programdata\MPG4DECD32.exe [x]

R2 ISSM32323232;Intel® Software Services Manager ;c:\programdata\PICEntry32.exe [x]

R2 ISSM323232323232;Intel® Software Services Manager ;c:\programdata\korwbrkr32.exe [x]

R2 ISSM32323232323232;Intel® Software Services Manager ;c:\programdata\msidntld32.exe [x]

R2 ISSM3232323232323232;Intel® Software Services Manager ;c:\programdata\KBDINDEV32.exe [x]

R2 ISSM323232323232323232;Intel® Software Services Manager ;c:\programdata\tsgqec32.exe [x]

R2 KeyIso32;CNG Key Isolation ;c:\programdata\NlsLexicons004b32.exe [x]

R2 KeyIso3232;CNG Key Isolation ;c:\programdata\bridgeres32.exe [x]

R2 KMWDSERVICE323232323232;Keyboard And Mouse Communication Service ;c:\programdata\tapiui32.exe [x]

R2 KMWDSERVICE32323232323232;Keyboard And Mouse Communication Service ;c:\programdata\msvcirt32.exe [x]

R2 KtmRm32;KtmRm for Distributed Transaction Coordinator ;c:\programdata\serwvdrv32.exe [x]

R2 KtmRm3232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\ncobjapi32.exe [x]

R2 KtmRm323232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\AudioEng32.exe [x]

R2 KtmRm32323232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\dsquery32.exe [x]

R2 KtmRm3232323232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\wcescommproxy32.exe [x]

R2 KtmRm323232323232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\igmedkrn32.exe [x]

R2 KtmRm323232323232323232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\WMSPDMOD32.exe [x]

R2 KtmRm32323232323232323232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\MSMPEG2ENC32.exe [x]

R2 LanmanServer32;Server ;c:\programdata\KBDLT232.exe [x]

R2 LanmanWorkstation3232;Workstation ;c:\programdata\msrepl4032.exe [x]

R2 LanmanWorkstation3232323232323232;Workstation ;c:\programdata\KBDARMW32.exe [x]

R2 LanmanWorkstation323232323232323232;Workstation ;c:\programdata\fltLib32.exe [x]

R2 LightScribeService32;LightScribeService Direct Disc Labeling Service ;c:\programdata\nlsbres32.exe [x]

R2 LightScribeService3232;LightScribeService Direct Disc Labeling Service ;c:\programdata\RESAMPLEDMO32.exe [x]

R2 LightScribeService323232;LightScribeService Direct Disc Labeling Service ;c:\programdata\ncryptui32.exe [x]

R2 LiveUpdate Notice Ex3232;LiveUpdate Notice Service Ex ;c:\programdata\cmpbk3232.exe [x]

R2 LiveUpdate Notice Ex323232;LiveUpdate Notice Service Ex ;c:\programdata\vdmredir32.exe [x]

R2 LiveUpdate Notice Service32;LiveUpdate Notice Service ;c:\programdata\dbnetlib32.exe [x]

R2 LiveUpdate Notice Service323232;LiveUpdate Notice Service ;c:\programdata\ndfetw32.exe [x]

R2 LiveUpdate Notice Service3232323232;LiveUpdate Notice Service ;c:\programdata\GEARAspi32.exe [x]

R2 LiveUpdate Notice Service32323232323232;LiveUpdate Notice Service ;c:\programdata\wshirda32.exe [x]

R2 LiveUpdate Notice Service323232323232323232;LiveUpdate Notice Service ;c:\programdata\msexcl4032.exe [x]

R2 LiveUpdate Notice Service3232323232323232323232;LiveUpdate Notice Service ;c:\programdata\odbc32gt32.exe [x]

R2 LiveUpdate32;LiveUpdate ;c:\programdata\tapi332.exe [x]

R2 LiveUpdate3232;LiveUpdate ;c:\programdata\kbd101a32.exe [x]

R2 LiveUpdate323232;LiveUpdate ;c:\programdata\dot3cfg32.exe [x]

R2 LiveUpdate32323232323232;LiveUpdate ;c:\programdata\CRPPresentation32.exe [x]

R2 LiveUpdate3232323232323232323232;LiveUpdate ;c:\programdata\OLESVR32.exe [x]

R2 lltdsvc32;Link-Layer Topology Discovery Mapper ;c:\programdata\mfplat32.exe [x]

R2 lltdsvc32323232;Link-Layer Topology Discovery Mapper ;c:\programdata\ntmarta32.exe [x]

R2 lltdsvc32323232323232;Link-Layer Topology Discovery Mapper ;c:\programdata\dmusic32.exe [x]

R2 lmhosts32;TCP/IP NetBIOS Helper ;c:\programdata\wmpps32.exe [x]

R2 lmhosts3232;TCP/IP NetBIOS Helper ;c:\programdata\NlsData002a32.exe [x]

R2 lmhosts32323232;TCP/IP NetBIOS Helper ;c:\programdata\shrink32.exe [x]

R2 lmhosts3232323232;TCP/IP NetBIOS Helper ;c:\programdata\inetmib132.exe [x]

R2 lmhosts323232323232323232323232323232323232;TCP/IP NetBIOS Helper ;c:\programdata\MFC71DEU32.exe [x]

R2 lmhosts32323232323232323232323232323232323232;TCP/IP NetBIOS Helper ;c:\programdata\hccutils32.exe [x]

R2 M1 Server3232;Intel® Viiv™ Media Server ;c:\programdata\MFC71JPN32.exe [x]

R2 M1 Server323232;Intel® Viiv™ Media Server ;c:\programdata\Magnification32.exe [x]

R2 M1 Server32323232;Intel® Viiv™ Media Server ;c:\programdata\KBDINPUN32.exe [x]

R2 M1 Server323232323232323232;Intel® Viiv™ Media Server ;c:\programdata\fontext32.exe [x]

R2 M1 Server3232323232323232323232;Intel® Viiv™ Media Server ;c:\programdata\ir50_qc32.exe [x]

R2 M1 Server32323232323232323232323232;Intel® Viiv™ Media Server ;c:\programdata\dbghelp32.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

R2 McComponentHostService32;McAfee Security Scan Component Host Service ;c:\programdata\KBDUR132.exe [x]

R2 MCLServiceATL32;Intel® Application Tracker ;c:\programdata\kbd101b32.exe [x]

R2 MCLServiceATL323232;Intel® Application Tracker ;c:\programdata\SmiEngine32.exe [x]

R2 MCLServiceATL32323232;Intel® Application Tracker ;c:\programdata\brcoinst32.exe [x]

R2 MCLServiceATL3232323232;Intel® Application Tracker ;c:\programdata\mssvp32.exe [x]

R2 McMPFSvc3232;McAfee Personal Firewall Service ;c:\programdata\CoInst32.exe [x]

R2 McMPFSvc323232;McAfee Personal Firewall Service ;c:\programdata\EpPicPrt32.exe [x]

R2 McMPFSvc3232323232;McAfee Personal Firewall Service ;c:\programdata\dispci32.exe [x]

R2 McMPFSvc323232323232;McAfee Personal Firewall Service ;c:\programdata\e1000msg32.exe [x]

R2 McMPFSvc32323232323232;McAfee Personal Firewall Service ;c:\programdata\WindowsCodecs32.exe [x]

R2 McMPFSvc3232323232323232;McAfee Personal Firewall Service ;c:\programdata\NlsData001a32.exe [x]

R2 McMPFSvc323232323232323232;McAfee Personal Firewall Service ;c:\programdata\storage32.exe [x]

R2 mcmscsvc32;McAfee Services ;c:\programdata\comdlg3232.exe [x]

R2 mcmscsvc3232;McAfee Services ;c:\programdata\osuninst32.exe [x]

R2 mcmscsvc323232;McAfee Services ;c:\programdata\wiashext32.exe [x]

R2 mcmscsvc3232323232;McAfee Services ;c:\programdata\wcncsvc32.exe [x]

R2 mcmscsvc323232323232;McAfee Services ;c:\programdata\wsdchngr32.exe [x]

R2 McNaiAnn323232;McAfee VirusScan Announcer ;c:\programdata\wdigest32.exe [x]

R2 McNaiAnn32323232;McAfee VirusScan Announcer ;c:\programdata\kernel3232.exe [x]

R2 McNaiAnn323232323232;McAfee VirusScan Announcer ;c:\programdata\unattend32.exe [x]

R2 McNaiAnn32323232323232323232323232;McAfee VirusScan Announcer ;c:\programdata\KBDKYR32.exe [x]

R2 McNASvc3232;McAfee Network Agent ;c:\programdata\iasrecst32.exe [x]

R2 McNASvc32323232;McAfee Network Agent ;c:\programdata\themeui32.exe [x]

R2 McNASvc3232323232;McAfee Network Agent ;c:\programdata\KBDBGPH32.exe [x]

R2 McNASvc32323232323232;McAfee Network Agent ;c:\programdata\igfxpph32.exe [x]

R2 McNASvc3232323232323232;McAfee Network Agent ;c:\programdata\remotepg32.exe [x]

R2 McNASvc32323232323232323232;McAfee Network Agent ;c:\programdata\sqmapi32.exe [x]

R2 McNASvc3232323232323232323232;McAfee Network Agent ;c:\programdata\cic32.exe [x]

R2 McProxy32;McAfee Proxy Service ;c:\programdata\mfc42u32.exe [x]

R2 McProxy3232;McAfee Proxy Service ;c:\programdata\localui32.exe [x]

R2 McProxy323232;McAfee Proxy Service ;c:\programdata\jsproxy32.exe [x]

R2 McProxy32323232;McAfee Proxy Service ;c:\programdata\mscpx32r32.exe [x]

R2 McProxy323232323232323232323232;McAfee Proxy Service ;c:\programdata\KBDSORST32.exe [x]

R2 McProxy32323232323232323232323232;McAfee Proxy Service ;c:\programdata\mmcshext32.exe [x]

R2 McProxy323232323232323232323232323232;McAfee Proxy Service ;c:\programdata\xwreg32.exe [x]

R2 McProxy32323232323232323232323232323232;McAfee Proxy Service ;c:\programdata\kbdgeoer32.exe [x]

R2 McShield32;McShield ;c:\programdata\RegCtrl32.exe [x]

R2 McShield3232;McShield ;c:\programdata\wevtapi32.exe [x]

R2 McShield323232;McShield ;c:\programdata\trkwks32.exe [x]

R2 McShield32323232;McShield ;c:\programdata\dimsroam32.exe [x]

R2 McShield3232323232;McShield ;c:\programdata\KBDCZ232.exe [x]

R2 McShield323232323232;McShield ;c:\programdata\halmacpi32.exe [x]

R2 McShield32323232323232;McShield ;c:\programdata\w32time32.exe [x]

R2 McShield3232323232323232;McShield ;c:\programdata\actxprxy32.exe [x]

R2 Mcx2Svc32;Windows Media Center Extender Service ;c:\programdata\odSupp_M32.exe [x]

R2 Mcx2Svc3232;Windows Media Center Extender Service ;c:\programdata\NlsLexicons002a32.exe [x]

R2 Mcx2Svc323232;Windows Media Center Extender Service ;c:\programdata\msctfp32.exe [x]

R2 mfefire32;McAfee Firewall Core Service ;c:\programdata\mmcndmgr32.exe [x]

R2 mfefire3232;McAfee Firewall Core Service ;c:\programdata\cdral32.exe [x]

R2 mfefire32323232323232;McAfee Firewall Core Service ;c:\programdata\pidgenx32.exe [x]

R2 mfefire3232323232323232;McAfee Firewall Core Service ;c:\programdata\NlsData001832.exe [x]

R2 mfefire323232323232323232;McAfee Firewall Core Service ;c:\programdata\igmedcompkrn32.exe [x]

R2 mfefire32323232323232323232323232;McAfee Firewall Core Service ;c:\programdata\mprdim32.exe [x]

R2 mfefire3232323232323232323232323232;McAfee Firewall Core Service ;c:\programdata\dmutil32.exe [x]

R2 mfefire323232323232323232323232323232;McAfee Firewall Core Service ;c:\programdata\TabSvc32.exe [x]

R2 mfefire32323232323232323232323232323232;McAfee Firewall Core Service ;c:\programdata\cewmdm32.exe [x]

R2 mfefire323232323232323232323232323232323232;McAfee Firewall Core Service ;c:\programdata\AUDIOKSE32.exe [x]

R2 mfefire32323232323232323232323232323232323232;McAfee Firewall Core Service ;c:\programdata\msrating32.exe [x]

R2 mfevtp323232;McAfee Validation Trust Protection Service ;c:\programdata\l2nacp32.exe [x]

R2 mfevtp3232323232;McAfee Validation Trust Protection Service ;c:\programdata\ir50_qcx32.exe [x]

R2 mfevtp323232323232;McAfee Validation Trust Protection Service ;c:\programdata\KBDFR32.exe [x]

R2 MMCSS32;Multimedia Class Scheduler ;c:\programdata\bitsprx432.exe [x]

R2 MMCSS323232;Multimedia Class Scheduler ;c:\programdata\IKEEXT32.exe [x]

R2 MMCSS32323232;Multimedia Class Scheduler ;c:\programdata\wlangpui32.exe [x]

R2 MMCSS3232323232;Multimedia Class Scheduler ;c:\programdata\osblprov32.exe [x]

R2 MMCSS323232323232;Multimedia Class Scheduler ;c:\programdata\NlsModels001132.exe [x]

R2 MMCSS3232323232323232;Multimedia Class Scheduler ;c:\programdata\KBDCAN32.exe [x]

R2 MMCSS323232323232323232;Multimedia Class Scheduler ;c:\programdata\adtschema32.exe [x]

R2 MMCSS32323232323232323232;Multimedia Class Scheduler ;c:\programdata\miguiresource32.exe [x]

R2 MOBKbackup3232323232;McAfee Online Backup ;c:\programdata\vfpodbc32.exe [x]

R2 MOBKbackup32323232323232;McAfee Online Backup ;c:\programdata\LegitCheckControl32.exe [x]

R2 MOBKbackup3232323232323232;McAfee Online Backup ;c:\programdata\unimdmat32.exe [x]

R2 MOBKbackup323232323232323232;McAfee Online Backup ;c:\programdata\mciavi3232.exe [x]

R2 MOBKbackup32323232323232323232;McAfee Online Backup ;c:\programdata\tapiui32.exe [x]

R2 MOBKbackup3232323232323232323232;McAfee Online Backup ;c:\programdata\SCardSvr32.exe [x]

R2 MOBKbackup323232323232323232323232;McAfee Online Backup ;c:\programdata\InetClnt32.exe [x]

R2 MOBKbackup32323232323232323232323232;McAfee Online Backup ;c:\programdata\mdminst32.exe [x]

R2 MpsSvc32;Windows Firewall ;c:\programdata\wmpdxm32.exe [x]

R2 MpsSvc32323232323232;Windows Firewall ;c:\programdata\vdsdyn32.exe [x]

R2 MpsSvc3232323232323232;Windows Firewall ;c:\programdata\RDOCURS32.exe [x]

R2 MpsSvc323232323232323232;Windows Firewall ;c:\programdata\rasmontr32.exe [x]

R2 MSDTC3232;Distributed Transaction Coordinator ;c:\programdata\WindowsCodecsExt32.exe [x]

R2 MSDTC323232;Distributed Transaction Coordinator ;c:\programdata\lsasrv32.exe [x]

R2 MSDTC3232323232;Distributed Transaction Coordinator ;c:\programdata\synceng32.exe [x]

R2 MSDTC323232323232;Distributed Transaction Coordinator ;c:\programdata\dnssdX32.exe [x]

R2 MSiSCSI32;Microsoft iSCSI Initiator Service ;c:\programdata\ndproxystub32.exe [x]

R2 MSiSCSI3232;Microsoft iSCSI Initiator Service ;c:\programdata\icm3232.exe [x]

R2 msiserver3232323232;Windows Installer ;c:\programdata\catsrvps32.exe [x]

R2 msiserver323232323232323232323232323232;Windows Installer ;c:\programdata\KBDUS32.exe [x]

R2 MSK80Service323232;McAfee Anti-Spam Service ;c:\programdata\rasqec32.exe [x]

R2 MSK80Service32323232;McAfee Anti-Spam Service ;c:\programdata\cmipnpinstall32.exe [x]

R2 MSK80Service3232323232;McAfee Anti-Spam Service ;c:\programdata\MSMPEG2ADEC32.exe [x]

R2 napagent32;Network Access Protection Agent ;c:\programdata\mcmde32.exe [x]

R2 napagent323232;Network Access Protection Agent ;c:\programdata\wucltux32.exe [x]

R2 napagent32323232323232323232323232;Network Access Protection Agent ;c:\programdata\pla32.exe [x]

R2 napagent32323232323232323232323232323232;Network Access Protection Agent ;c:\programdata\SyncCenter32.exe [x]

R2 Netlogon32;Netlogon ;c:\programdata\dimsjob32.exe [x]

R2 Netlogon3232;Netlogon ;c:\programdata\VAN32.exe [x]

R2 Netlogon323232;Netlogon ;c:\programdata\rdpdd32.exe [x]

R2 Netlogon32323232;Netlogon ;c:\programdata\oemdspif32.exe [x]

R2 Netlogon323232323232;Netlogon ;c:\programdata\lzexpand32.exe [x]

R2 Netlogon32323232323232;Netlogon ;c:\programdata\devenum32.exe [x]

R2 Netlogon3232323232323232;Netlogon ;c:\programdata\csrsrv32.exe [x]

R2 Netman32;Network Connections ;c:\programdata\oleaccrc32.exe [x]

R2 Netman323232;Network Connections ;c:\programdata\winhttp32.exe [x]

R2 netprofm3232323232;Network List Service ;c:\programdata\KBDHEB32.exe [x]

R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\programdata\oleaccrc32.exe [x]

R2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;c:\programdata\tdh32.exe [x]

R2 NetTcpPortSharing323232;Net.Tcp Port Sharing Service ;c:\programdata\PSHED32.exe [x]

R2 NlaSvc3232323232;Network Location Awareness ;c:\programdata\ir50_3232.exe [x]

R2 NlaSvc323232323232;Network Location Awareness ;c:\programdata\ActiveContentWizard32.exe [x]

R2 nsi32;Network Store Interface Service ;c:\programdata\rapi32.exe [x]

R2 nsi3232;Network Store Interface Service ;c:\programdata\davclnt32.exe [x]

R2 nsi32323232323232323232;Network Store Interface Service ;c:\programdata\winsockhc32.exe [x]

R2 p2pimsvc32;Peer Networking Identity Manager ;c:\programdata\ieframe32.exe [x]

R2 p2pimsvc3232;Peer Networking Identity Manager ;c:\programdata\hnetmon32.exe [x]

R2 p2pimsvc323232;Peer Networking Identity Manager ;c:\programdata\pndx501632.exe [x]

R2 p2pimsvc32323232;Peer Networking Identity Manager ;c:\programdata\avicap3232.exe [x]

R2 p2psvc3232323232;Peer Networking Grouping ;c:\programdata\WsmSvc32.exe [x]

R2 PcaSvc32;Program Compatibility Assistant Service ;c:\programdata\dot3msm32.exe [x]

R2 PcaSvc3232;Program Compatibility Assistant Service ;c:\programdata\pautoenr32.exe [x]

R2 PcaSvc323232;Program Compatibility Assistant Service ;c:\programdata\MSMPEG2VDEC32.exe [x]

R2 PcaSvc323232323232;Program Compatibility Assistant Service ;c:\programdata\KBDMONMO32.exe [x]

R2 pla32;Performance Logs & Alerts ;c:\programdata\deskadp32.exe [x]

R2 pla3232;Performance Logs & Alerts ;c:\programdata\NlsData081a32.exe [x]

R2 pla32323232;Performance Logs & Alerts ;c:\programdata\KBDINUK232.exe [x]

R2 pla3232323232;Performance Logs & Alerts ;c:\programdata\KBDTAJIK32.exe [x]

R2 pla32323232323232;Performance Logs & Alerts ;c:\programdata\KBDINORI32.exe [x]

R2 PlugPlay32;Plug and Play ;c:\programdata\rasgcw32.exe [x]

R2 PlugPlay3232;Plug and Play ;c:\programdata\urlmon32.exe [x]

R2 PlugPlay323232;Plug and Play ;c:\programdata\wiaaut32.exe [x]

R2 PlugPlay32323232;Plug and Play ;c:\programdata\xolehlp32.exe [x]

R2 PlugPlay3232323232;Plug and Play ;c:\programdata\kbdnecnt32.exe [x]

R2 PNRPAutoReg32;PNRP Machine Name Publication Service ;c:\programdata\KBDSYR132.exe [x]

R2 PNRPAutoReg323232;PNRP Machine Name Publication Service ;c:\programdata\srrstr32.exe [x]

R2 PNRPAutoReg3232323232;PNRP Machine Name Publication Service ;c:\programdata\wmdrmsdk32.exe [x]

R2 PNRPsvc32;Peer Name Resolution Protocol ;c:\programdata\snmpapi32.exe [x]

R2 PNRPsvc3232;Peer Name Resolution Protocol ;c:\programdata\amxread32.exe [x]

R2 PNRPsvc323232;Peer Name Resolution Protocol ;c:\programdata\NlsLexicons002232.exe [x]

R2 PNRPsvc32323232;Peer Name Resolution Protocol ;c:\programdata\wuaueng32.exe [x]

R2 PNRPsvc3232323232;Peer Name Resolution Protocol ;c:\programdata\dpnlobby32.exe [x]

R2 PNRPsvc323232323232;Peer Name Resolution Protocol ;c:\programdata\perfos32.exe [x]

R2 PNRPsvc32323232323232;Peer Name Resolution Protocol ;c:\programdata\KBDMACST32.exe [x]

R2 PolicyAgent32;IPsec Policy Agent ;c:\programdata\browser32.exe [x]

R2 PolicyAgent3232;IPsec Policy Agent ;c:\programdata\nlhtml32.exe [x]

R2 PolicyAgent3232323232323232;IPsec Policy Agent ;c:\programdata\d3d932.exe [x]

R2 ProfSvc32;User Profile Service ;c:\programdata\wscntfy32.exe [x]

R2 ProfSvc3232;User Profile Service ;c:\programdata\WUDFPlatform32.exe [x]

R2 ProfSvc323232;User Profile Service ;c:\programdata\riched2032.exe [x]

R2 ProfSvc323232323232;User Profile Service ;c:\programdata\winipsec32.exe [x]

R2 ProfSvc32323232323232;User Profile Service ;c:\programdata\RTCRES32.exe [x]

R2 ProfSvc3232323232323232;User Profile Service ;c:\programdata\iepeers32.exe [x]

R2 ProfSvc323232323232323232323232;User Profile Service ;c:\programdata\msdadiag32.exe [x]

R2 ProfSvc32323232323232323232323232;User Profile Service ;c:\programdata\dxmasf32.exe [x]

R2 ProfSvc3232323232323232323232323232;User Profile Service ;c:\programdata\XPSSHHDR32.exe [x]

R2 ProfSvc323232323232323232323232323232;User Profile Service ;c:\programdata\wiatrace32.exe [x]

R2 QWAVE3232323232;Quality Windows Audio Video Experience ;c:\programdata\tquery32.exe [x]

R2 QWAVE323232323232;Quality Windows Audio Video Experience ;c:\programdata\bitsprx332.exe [x]

R2 QWAVE32323232323232;Quality Windows Audio Video Experience ;c:\programdata\UCI32M2232.exe [x]

R2 QWAVE3232323232323232;Quality Windows Audio Video Experience ;c:\programdata\ShellvRTF32.exe [x]

R2 QWAVE323232323232323232;Quality Windows Audio Video Experience ;c:\programdata\AuthFWSnapin32.exe [x]

R2 QWAVE32323232323232323232;Quality Windows Audio Video Experience ;c:\programdata\ufat32.exe [x]

R2 RapiMgr32;Windows Mobile-based device connectivity ;c:\programdata\cdd32.exe [x]

R2 RapiMgr3232;Windows Mobile-based device connectivity ;c:\programdata\iesetup32.exe [x]

R2 RapiMgr323232;Windows Mobile-based device connectivity ;c:\programdata\MSSTKPRP32.exe [x]

R2 RapiMgr32323232;Windows Mobile-based device connectivity ;c:\programdata\KBDGAE32.exe [x]

R2 RapiMgr3232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\CRPPresentation32.exe [x]

R2 RapiMgr323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\cfgmgr3232.exe [x]

R2 RapiMgr32323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\mapi3232.exe [x]

R2 RapiMgr3232323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\mscat3232.exe [x]

R2 RapiMgr323232323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\iertutil32.exe [x]

R2 RapiMgr32323232323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\dpnhupnp32.exe [x]

R2 RapiMgr3232323232323232323232323232323232;Windows Mobile-based device connectivity ;c:\programdata\qcap32.exe [x]

R2 RasAuto32;Remote Access Auto Connection Manager ;c:\programdata\apss32.exe [x]

R2 RasAuto3232323232;Remote Access Auto Connection Manager ;c:\programdata\LAPRXY32.exe [x]

R2 RasAuto323232323232323232;Remote Access Auto Connection Manager ;c:\programdata\framebuf32.exe [x]

R2 RasAuto32323232323232323232;Remote Access Auto Connection Manager ;c:\programdata\TapiSysprep32.exe [x]

R2 RasMan32;Remote Access Connection Manager ;c:\programdata\pmspl32.exe [x]

R2 RasMan32323232323232;Remote Access Connection Manager ;c:\programdata\oleprn32.exe [x]

R2 RasMan3232323232323232;Remote Access Connection Manager ;c:\programdata\inetppui32.exe [x]

R2 RasMan323232323232323232;Remote Access Connection Manager ;c:\programdata\imapi2fs32.exe [x]

R2 RasMan32323232323232323232;Remote Access Connection Manager ;c:\programdata\activeds32.exe [x]

R2 Remote UI Service3232;Intel® Remoting Service ;c:\programdata\QUTIL32.exe [x]

R2 Remote UI Service323232;Intel® Remoting Service ;c:\programdata\NlsLexicons000332.exe [x]

R2 Remote UI Service32323232323232;Intel® Remoting Service ;c:\programdata\NlsData001b32.exe [x]

R2 Remote UI Service3232323232323232;Intel® Remoting Service ;c:\programdata\rtm32.exe [x]

R2 RemoteAccess3232;Routing and Remote Access ;c:\programdata\nddeapi32.exe [x]

R2 RemoteAccess323232;Routing and Remote Access ;c:\programdata\AuxiliaryDisplayCpl32.exe [x]

R2 RemoteAccess32323232;Routing and Remote Access ;c:\programdata\KBDTH132.exe [x]

R2 RemoteRegistry32323232;Remote Registry ;c:\programdata\Inetwh3232.exe [x]

R2 RemoteRegistry3232323232;Remote Registry ;c:\programdata\NlsLexicons001b32.exe [x]

R2 RoxMediaDB932;RoxMediaDB9 ;c:\programdata\qdv32.exe [x]

R2 RoxMediaDB9323232;RoxMediaDB9 ;c:\programdata\capisp32.exe [x]

R2 RoxMediaDB932323232;RoxMediaDB9 ;c:\programdata\JJAKEn32.exe [x]

R2 RpcLocator323232;Remote Procedure Call (RPC) Locator ;c:\programdata\dhcpcsvc632.exe [x]

R2 RpcLocator32323232;Remote Procedure Call (RPC) Locator ;c:\programdata\KBDROPR32.exe [x]

R2 RpcSs3232;Remote Procedure Call (RPC) ;c:\programdata\AuthFWWizFwk32.exe [x]

R2 RpcSs323232;Remote Procedure Call (RPC) ;c:\programdata\WS2_32_Shim32.exe [x]

R2 SamSs32;Security Accounts Manager ;c:\programdata\dpnaddr32.exe [x]

R2 SamSs323232;Security Accounts Manager ;c:\programdata\eqossnap32.exe [x]

R2 SamSs32323232;Security Accounts Manager ;c:\programdata\bthserv32.exe [x]

R2 SamSs323232323232323232;Security Accounts Manager ;c:\programdata\KBDGKL32.exe [x]

R2 SamSs32323232323232323232;Security Accounts Manager ;c:\programdata\NlsLexicons001a32.exe [x]

R2 SamSs3232323232323232323232;Security Accounts Manager ;c:\programdata\KBDCR32.exe [x]

R2 SamSs323232323232323232323232323232;Security Accounts Manager ;c:\programdata\prntvpt32.exe [x]

R2 SamSs32323232323232323232323232323232;Security Accounts Manager ;c:\programdata\msscntrs32.exe [x]

R2 SCardSvr32323232;Smart Card ;c:\programdata\ddraw32.exe [x]

R2 SCardSvr3232323232;Smart Card ;c:\programdata\uDWM32.exe [x]

R2 SCardSvr32323232323232;Smart Card ;c:\programdata\PNPXAssoc32.exe [x]

R2 SCardSvr3232323232323232;Smart Card ;c:\programdata\mplam632.exe [x]

R2 SCardSvr323232323232323232;Smart Card ;c:\programdata\KBDUK32.exe [x]

R2 SCardSvr32323232323232323232;Smart Card ;c:\programdata\docprop32.exe [x]

R2 SCardSvr3232323232323232323232;Smart Card ;c:\programdata\KMSVC32.exe [x]

R2 SCardSvr323232323232323232323232;Smart Card ;c:\programdata\wscproxystub32.exe [x]

R2 SCardSvr32323232323232323232323232;Smart Card ;c:\programdata\RTPCEE3232.exe [x]

R2 SCardSvr3232323232323232323232323232;Smart Card ;c:\programdata\wecapi32.exe [x]

R2 Schedule3232;Task Scheduler ;c:\programdata\drmv2clt32.exe [x]

R2 Schedule323232;Task Scheduler ;c:\programdata\psapi32.exe [x]

R2 Schedule32323232323232;Task Scheduler ;c:\programdata\rapiproxystub32.exe [x]

R2 Schedule32323232323232323232323232323232;Task Scheduler ;c:\programdata\KBDLT32.exe [x]

R2 Schedule32323232323232323232323232323232323232;Task Scheduler ;c:\programdata\hid32.exe [x]

R2 Schedule323232323232323232323232323232323232323232;Task Scheduler ;c:\programdata\netplwiz32.exe [x]

R2 SCPolicySvc32;Smart Card Removal Policy ;c:\programdata\upnphost32.exe [x]

R2 SCPolicySvc3232;Smart Card Removal Policy ;c:\programdata\crypt3232.exe [x]

R2 SCPolicySvc323232;Smart Card Removal Policy ;c:\programdata\winrsmgr32.exe [x]

R2 SCPolicySvc32323232;Smart Card Removal Policy ;c:\programdata\dispex32.exe [x]

R2 SCPolicySvc3232323232;Smart Card Removal Policy ;c:\programdata\WIFEMAN32.exe [x]

R2 SCPolicySvc32323232323232;Smart Card Removal Policy ;c:\programdata\xwtpw3232.exe [x]

R2 SCPolicySvc3232323232323232323232;Smart Card Removal Policy ;c:\programdata\cryptext32.exe [x]

R2 SCPolicySvc323232323232323232323232;Smart Card Removal Policy ;c:\programdata\odbcint32.exe [x]

R2 SCPolicySvc32323232323232323232323232;Smart Card Removal Policy ;c:\programdata\scecli32.exe [x]

R2 SCPolicySvc3232323232323232323232323232;Smart Card Removal Policy ;c:\programdata\msxbde4032.exe [x]

R2 SDRSVC32;Windows Backup ;c:\programdata\milcore32.exe [x]

R2 SDRSVC3232;Windows Backup ;c:\programdata\mprddm32.exe [x]

R2 SDRSVC323232;Windows Backup ;c:\programdata\wshcon32.exe [x]

R2 SDRSVC32323232;Windows Backup ;c:\programdata\cmicryptinstall32.exe [x]

R2 SDRSVC3232323232323232323232;Windows Backup ;c:\programdata\fde32.exe [x]

R2 SDRSVC323232323232323232323232;Windows Backup ;c:\programdata\keymgr32.exe [x]

R2 SDRSVC32323232323232323232323232;Windows Backup ;c:\programdata\msvcp7132.exe [x]

R2 SDRSVC3232323232323232323232323232;Windows Backup ;c:\programdata\ncrypt32.exe [x]

R2 seclogon32;Secondary Logon ;c:\programdata\ieapfltr32.exe [x]

R2 seclogon3232323232;Secondary Logon ;c:\programdata\wmpeffects32.exe [x]

R2 seclogon32323232323232;Secondary Logon ;c:\programdata\sti_ci32.exe [x]

R2 seclogon3232323232323232;Secondary Logon ;c:\programdata\certmgr32.exe [x]

R2 seclogon323232323232323232;Secondary Logon ;c:\programdata\whealogr32.exe [x]

R2 seclogon3232323232323232323232;Secondary Logon ;c:\programdata\KBDTUF32.exe [x]

R2 SENS32;System Event Notification Service ;c:\programdata\PresentationHostProxy32.exe [x]

R2 SENS3232;System Event Notification Service ;c:\programdata\ncsi32.exe [x]

R2 SENS3232323232;System Event Notification Service ;c:\programdata\loadperf32.exe [x]

R2 SessionEnv32;Terminal Services Configuration ;c:\programdata\wmsgapi32.exe [x]

R2 SessionEnv3232;Terminal Services Configuration ;c:\programdata\NlsLexicons000f32.exe [x]

R2 SessionEnv323232;Terminal Services Configuration ;c:\programdata\rdpwsx32.exe [x]

R2 SessionEnv32323232;Terminal Services Configuration ;c:\programdata\dot3svc32.exe [x]

R2 SessionEnv3232323232;Terminal Services Configuration ;c:\programdata\dpmodemx32.exe [x]

R2 SessionEnv323232323232;Terminal Services Configuration ;c:\programdata\nsi32.exe [x]

R2 SessionEnv32323232323232;Terminal Services Configuration ;c:\programdata\pndx503232.exe [x]

R2 SessionEnv3232323232323232;Terminal Services Configuration ;c:\programdata\tcpipcfg32.exe [x]

R2 SessionEnv323232323232323232;Terminal Services Configuration ;c:\programdata\wiascanprofiles32.exe [x]

R2 SessionEnv32323232323232323232;Terminal Services Configuration ;c:\programdata\corpol32.exe [x]

R2 ShellHWDetection3232;Shell Hardware Detection ;c:\programdata\shacct32.exe [x]

R2 ShellHWDetection323232;Shell Hardware Detection ;c:\programdata\imm3232.exe [x]

R2 ShellHWDetection32323232;Shell Hardware Detection ;c:\programdata\resutils32.exe [x]

R2 ShellHWDetection3232323232;Shell Hardware Detection ;c:\programdata\rasmontr32.exe [x]

R2 slsvc32;Software Licensing ;c:\programdata\NlsLexicons004932.exe [x]

R2 slsvc3232;Software Licensing ;c:\programdata\olethk3232.exe [x]

R2 slsvc323232;Software Licensing ;c:\programdata\dpl10032.exe [x]

R2 slsvc32323232;Software Licensing ;c:\programdata\KBDPL32.exe [x]

R2 slsvc3232323232;Software Licensing ;c:\programdata\acprgwiz32.exe [x]

R2 SLUINotify32;SL UI Notification Service ;c:\programdata\wiaservc32.exe [x]

R2 SNMPTRAP32323232323232;SNMP Trap ;c:\programdata\htui32.exe [x]

R2 SNMPTRAP3232323232323232;SNMP Trap ;c:\programdata\wevtsvc32.exe [x]

R2 Spooler3232;Print Spooler ;c:\programdata\shsvcs32.exe [x]

R2 SSDPSRV3232;SSDP Discovery ;c:\programdata\sqlsrv3232.exe [x]

R2 SSDPSRV323232;SSDP Discovery ;c:\programdata\iprtprio32.exe [x]

R2 SSDPSRV32323232;SSDP Discovery ;c:\programdata\chtbrkr32.exe [x]

R2 SSDPSRV3232323232;SSDP Discovery ;c:\programdata\tvratings32.exe [x]

R2 SstpSvc32;Secure Socket Tunneling Protocol Service ;c:\programdata\ias32.exe [x]

R2 SstpSvc3232323232;Secure Socket Tunneling Protocol Service ;c:\programdata\vssapi32.exe [x]

R2 stisvc32;Windows Image Acquisition (WIA) ;c:\programdata\KBDHE22032.exe [x]

R2 stisvc3232;Windows Image Acquisition (WIA) ;c:\programdata\cmlua32.exe [x]

R2 stisvc323232;Windows Image Acquisition (WIA) ;c:\programdata\nsisvc32.exe [x]

R2 stisvc3232323232;Windows Image Acquisition (WIA) ;c:\programdata\ig4icd3232.exe [x]

R2 stisvc323232323232;Windows Image Acquisition (WIA) ;c:\programdata\Wpc32.exe [x]

R2 stisvc323232323232323232;Windows Image Acquisition (WIA) ;c:\programdata\procinst32.exe [x]

R2 stisvc32323232323232323232;Windows Image Acquisition (WIA) ;c:\programdata\KBDDIV232.exe [x]

R2 stisvc3232323232323232323232;Windows Image Acquisition (WIA) ;c:\programdata\mscories32.exe [x]

R2 stllssvr32;stllssvr ;c:\programdata\quartz32.exe [x]

R2 stllssvr3232;stllssvr ;c:\programdata\NlsLexicons000a32.exe [x]

R2 stllssvr323232;stllssvr ;c:\programdata\kbd10632.exe [x]

R2 stllssvr3232323232323232;stllssvr ;c:\programdata\olecli3232.exe [x]

R2 stllssvr323232323232323232;stllssvr ;c:\programdata\rshx3232.exe [x]

R2 stllssvr32323232323232323232;stllssvr ;c:\programdata\drprov32.exe [x]

R2 stllssvr323232323232323232323232;stllssvr ;c:\programdata\secproc_isv32.exe [x]

R2 stllssvr32323232323232323232323232;stllssvr ;c:\programdata\PortableDeviceClassExtension32.exe [x]

R2 swprv3232;Microsoft Software Shadow Copy Provider ;c:\programdata\deskmon32.exe [x]

R2 swprv323232;Microsoft Software Shadow Copy Provider ;c:\programdata\devmgr32.exe [x]

R2 swprv3232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\TOOLHELP32.exe [x]

R2 swprv323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\C_IS202232.exe [x]

R2 swprv32323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\muifontsetup32.exe [x]

R2 swprv3232323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\WsmRes32.exe [x]

R2 swprv323232323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\drvstore32.exe [x]

R2 swprv32323232323232323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\NlsLexicons002032.exe [x]

R2 SysMain32;Superfetch ;c:\programdata\ipnathlp32.exe [x]

R2 SysMain323232;Superfetch ;c:\programdata\tbssvc32.exe [x]

R2 SysMain32323232;Superfetch ;c:\programdata\ci32.exe [x]

R2 SysMain3232323232;Superfetch ;c:\programdata\photowiz32.exe [x]

R2 SysMain3232323232323232;Superfetch ;c:\programdata\oleres32.exe [x]

R2 SysMain323232323232323232;Superfetch ;c:\programdata\wlanapi32.exe [x]

R2 SysMain32323232323232323232;Superfetch ;c:\programdata\NlsLexicons004732.exe [x]

R2 SysMain323232323232323232323232;Superfetch ;c:\programdata\mimefilt32.exe [x]

R2 TabletInputService32;Tablet PC Input Service ;c:\programdata\netprofm32.exe [x]

R2 TabletInputService3232;Tablet PC Input Service ;c:\programdata\drmmgrtn32.exe [x]

R2 TabletInputService323232;Tablet PC Input Service ;c:\programdata\apphelp32.exe [x]

R2 TabletInputService32323232;Tablet PC Input Service ;c:\programdata\mssign3232.exe [x]

R2 TabletInputService323232323232;Tablet PC Input Service ;c:\programdata\NlsData002632.exe [x]

R2 TabletInputService32323232323232;Tablet PC Input Service ;c:\programdata\wsmplpxy32.exe [x]

R2 TabletInputService3232323232323232;Tablet PC Input Service ;c:\programdata\rasdiag32.exe [x]

R2 TapiSrv32;Telephony ;c:\programdata\bootstr32.exe [x]

R2 TapiSrv323232;Telephony ;c:\programdata\iyuv_3232.exe [x]

R2 TapiSrv3232323232323232;Telephony ;c:\programdata\wshelper32.exe [x]

R2 TapiSrv323232323232323232;Telephony ;c:\programdata\vga64k32.exe [x]

R2 TapiSrv32323232323232323232;Telephony ;c:\programdata\NlsLexicons000232.exe [x]

R2 TBS3232;TPM Base Services ;c:\programdata\KBDINTAM32.exe [x]

R2 TermService32;Terminal Services ;c:\programdata\PresentationNative_v030032.exe [x]

R2 TermService3232;Terminal Services ;c:\programdata\KBDSYR232.exe [x]

R2 TermService323232;Terminal Services ;c:\programdata\msihnd32.exe [x]

R2 TermService3232323232;Terminal Services ;c:\programdata\NlsLexicons081632.exe [x]

R2 TermService323232323232;Terminal Services ;c:\programdata\adsldp32.exe [x]

R2 TermService32323232323232;Terminal Services ;c:\programdata\WMNetMgr32.exe [x]

R2 TermService323232323232323232;Terminal Services ;c:\programdata\PortableDeviceApi32.exe [x]

R2 Themes32;Themes ;c:\programdata\d3d10_132.exe [x]

R2 Themes3232;Themes ;c:\programdata\cfgbkend32.exe [x]

R2 Themes323232;Themes ;c:\programdata\eappcfg32.exe [x]

R2 Themes32323232;Themes ;c:\programdata\E_FBCHALA32.exe [x]

R2 Themes3232323232;Themes ;c:\programdata\winusb32.exe [x]

R2 Themes323232323232;Themes ;c:\programdata\termmgr32.exe [x]

R2 Themes32323232323232;Themes ;c:\programdata\acppage32.exe [x]

R2 Themes323232323232323232;Themes ;c:\programdata\dsprop32.exe [x]

R2 Themes32323232323232323232;Themes ;c:\programdata\NlsData000932.exe [x]

R2 THREADORDER3232;Thread Ordering Server ;c:\programdata\msv1_032.exe [x]

R2 THREADORDER323232;Thread Ordering Server ;c:\programdata\KBDSF32.exe [x]

R2 TrkWks32;Distributed Link Tracking Client ;c:\programdata\RtkPgExt32.exe [x]

R2 TrkWks32323232;Distributed Link Tracking Client ;c:\programdata\msjint4032.exe [x]

R2 TrkWks3232323232;Distributed Link Tracking Client ;c:\programdata\NlsData000032.exe [x]

R2 TrkWks323232323232;Distributed Link Tracking Client ;c:\programdata\dskquota32.exe [x]

R2 TrkWks32323232323232;Distributed Link Tracking Client ;c:\programdata\security32.exe [x]

R2 TrustedInstaller32;Windows Modules Installer ;c:\programdata\hnetcfg32.exe [x]

R2 TrustedInstaller3232;Windows Modules Installer ;c:\programdata\wmiprop32.exe [x]

R2 TrustedInstaller3232323232;Windows Modules Installer ;c:\programdata\ntdll32.exe [x]

R2 TrustedInstaller323232323232;Windows Modules Installer ;c:\programdata\cmlua32.exe [x]

R2 TrustedInstaller3232323232323232;Windows Modules Installer ;c:\programdata\odbc16gt32.exe [x]

R2 UI0Detect323232323232;Interactive Services Detection ;c:\programdata\ir41_qc32.exe [x]

R2 UI0Detect32323232323232;Interactive Services Detection ;c:\programdata\raschap32.exe [x]

R2 UI0Detect3232323232323232;Interactive Services Detection ;c:\programdata\ndfapi32.exe [x]

R2 upnphost32;UPnP Device Host ;c:\programdata\imgutil32.exe [x]

R2 upnphost3232323232323232323232323232;UPnP Device Host ;c:\programdata\msexcl4032.exe [x]

R2 upnphost3232323232323232323232323232323232;UPnP Device Host ;c:\programdata\KBDMLT4732.exe [x]

R2 upnphost323232323232323232323232323232323232;UPnP Device Host ;c:\programdata\rasplap32.exe [x]

R2 UxSms323232;Desktop Window Manager Session Manager ;c:\programdata\ktmw3232.exe [x]

R2 UxSms32323232;Desktop Window Manager Session Manager ;c:\programdata\winethc32.exe [x]

R2 UxSms3232323232;Desktop Window Manager Session Manager ;c:\programdata\NlsData000132.exe [x]

R2 UxSms323232323232;Desktop Window Manager Session Manager ;c:\programdata\wlanmsm32.exe [x]

R2 vds32;Virtual Disk ;c:\programdata\bitsperf32.exe [x]

R2 vds323232;Virtual Disk ;c:\programdata\NlsLexicons000932.exe [x]

R2 vds3232323232;Virtual Disk ;c:\programdata\d3dim70032.exe [x]

R2 vds3232323232323232;Virtual Disk ;c:\programdata\scripto32.exe [x]

R2 vds323232323232323232;Virtual Disk ;c:\programdata\perfts32.exe [x]

R2 vds323232323232323232323232;Virtual Disk ;c:\programdata\KBDLV32.exe [x]

R2 Viewpoint Manager Service3232;Viewpoint Manager Service ;c:\programdata\Query32.exe [x]

R2 Viewpoint Manager Service323232;Viewpoint Manager Service ;c:\programdata\sstpsvc32.exe [x]

R2 Viewpoint Manager Service32323232;Viewpoint Manager Service ;c:\programdata\ntshrui32.exe [x]

R2 Viewpoint Manager Service3232323232;Viewpoint Manager Service ;c:\programdata\authz32.exe [x]

R2 Viewpoint Manager Service323232323232;Viewpoint Manager Service ;c:\programdata\umb32.exe [x]

R2 Viewpoint Manager Service32323232323232323232;Viewpoint Manager Service ;c:\programdata\RpcNs432.exe [x]

R2 Viewpoint Manager Service3232323232323232323232;Viewpoint Manager Service ;c:\programdata\QSHVHOST32.exe [x]

R2 Viewpoint Manager Service323232323232323232323232;Viewpoint Manager Service ;c:\programdata\msstrc32.exe [x]

R2 Viewpoint Manager Service32323232323232323232323232;Viewpoint Manager Service ;c:\programdata\WMVDECOD32.exe [x]

R2 VSS32;Volume Shadow Copy ;c:\programdata\rpchttp32.exe [x]

R2 W32Time3232;Windows Time ;c:\programdata\NlsLexicons000f32.exe [x]

R2 W32Time323232;Windows Time ;c:\programdata\igfxCoIn_v127732.exe [x]

R2 WcesComm32;Windows Mobile-2003-based device connectivity ;c:\programdata\certcli32.exe [x]

R2 WcesComm3232;Windows Mobile-2003-based device connectivity ;c:\programdata\dmvdsitf32.exe [x]

R2 WcesComm323232;Windows Mobile-2003-based device connectivity ;c:\programdata\CertEnrollUI32.exe [x]

R2 WcesComm32323232;Windows Mobile-2003-based device connectivity ;c:\programdata\occache32.exe [x]

R2 WcesComm323232323232;Windows Mobile-2003-based device connectivity ;c:\programdata\sfc32.exe [x]

R2 WcesComm3232323232323232;Windows Mobile-2003-based device connectivity ;c:\programdata\msxml632.exe [x]

R2 wcncsvc32;Windows Connect Now - Config Registrar ;c:\programdata\networkmap32.exe [x]

R2 wcncsvc3232;Windows Connect Now - Config Registrar ;c:\programdata\bitsprx232.exe [x]

R2 wcncsvc323232;Windows Connect Now - Config Registrar ;c:\programdata\iaspolcy32.exe [x]

R2 wcncsvc32323232;Windows Connect Now - Config Registrar ;c:\programdata\asferror32.exe [x]

R2 wcncsvc3232323232;Windows Connect Now - Config Registrar ;c:\programdata\untfs32.exe [x]

R2 wcncsvc3232323232323232;Windows Connect Now - Config Registrar ;c:\programdata\wshbth32.exe [x]

R2 wcncsvc323232323232323232;Windows Connect Now - Config Registrar ;c:\programdata\TRAPI32.exe [x]

R2 WcsPlugInService3232;Windows Color System ;c:\programdata\rasdlg32.exe [x]

R2 WcsPlugInService323232;Windows Color System ;c:\programdata\msmmsp32.exe [x]

R2 WcsPlugInService32323232;Windows Color System ;c:\programdata\KBDJPN32.exe [x]

R2 WcsPlugInService323232323232;Windows Color System ;c:\programdata\FwRemoteSvr32.exe [x]

R2 WcsPlugInService32323232323232;Windows Color System ;c:\programdata\CompatUI32.exe [x]

R2 WdiSystemHost323232;Diagnostic System Host ;c:\programdata\d3dim70032.exe [x]

R2 WdiSystemHost32323232;Diagnostic System Host ;c:\programdata\wmerror32.exe [x]

R2 WdiSystemHost32323232323232;Diagnostic System Host ;c:\programdata\KBDMON32.exe [x]

R2 WdiSystemHost3232323232323232;Diagnostic System Host ;c:\programdata\deskperf32.exe [x]

R2 WdiSystemHost32323232323232323232323232323232;Diagnostic System Host ;c:\programdata\KBDFC32.exe [x]

R2 WebClient32;WebClient ;c:\programdata\WlS0WndH32.exe [x]

R2 WebClient3232;WebClient ;c:\programdata\VIDRESZR32.exe [x]

R2 WebClient32323232;WebClient ;c:\programdata\tapisrv32.exe [x]

R2 WebClient3232323232;WebClient ;c:\programdata\els32.exe [x]

R2 WebClient323232323232;WebClient ;c:\programdata\hccoin32.exe [x]

R2 WebClient32323232323232;WebClient ;c:\programdata\NicCo632.exe [x]

R2 WebClient3232323232323232;WebClient ;c:\programdata\odbctrac32.exe [x]

R2 Wecsvc3232;Windows Event Collector ;c:\programdata\rasctrs32.exe [x]

R2 Wecsvc323232;Windows Event Collector ;c:\programdata\win87em32.exe [x]

R2 Wecsvc32323232;Windows Event Collector ;c:\programdata\wsnmp3232.exe [x]

R2 Wecsvc3232323232;Windows Event Collector ;c:\programdata\wiavideo32.exe [x]

R2 Wecsvc323232323232323232;Windows Event Collector ;c:\programdata\netcfgx32.exe [x]

R2 Wecsvc3232323232323232323232;Windows Event Collector ;c:\programdata\msvidc3232.exe [x]

R2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\programdata\AQCKGen32.exe [x]

R2 wercplsupport323232323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\msrle3232.exe [x]

R2 WerSvc323232;Windows Error Reporting Service ;c:\programdata\cPC_DMIRD32.exe [x]

R2 WerSvc32323232;Windows Error Reporting Service ;c:\programdata\AltTab32.exe [x]

R2 WerSvc323232323232;Windows Error Reporting Service ;c:\programdata\Sens32.exe [x]

R2 WinDefend32323232;Windows Defender ;c:\programdata\msctfui32.exe [x]

R2 WinDefend3232323232;Windows Defender ;c:\programdata\MMDevAPI32.exe [x]

R2 WinDefend323232323232;Windows Defender ;c:\programdata\taskcomp32.exe [x]

R2 WinHttpAutoProxySvc3232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\msaudite32.exe [x]

R2 WinHttpAutoProxySvc323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\COMMDLG32.exe [x]

R2 WinHttpAutoProxySvc32323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\qdvd32.exe [x]

R2 WinHttpAutoProxySvc3232323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\KBDROST32.exe [x]

R2 WinHttpAutoProxySvc323232323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\RtkCoInst32.exe [x]

R2 Winmgmt323232;Windows Management Instrumentation ;c:\programdata\slwga32.exe [x]

R2 wmiApSrv3232;WMI Performance Adapter ;c:\programdata\msvideo32.exe [x]

R2 wmiApSrv323232;WMI Performance Adapter ;c:\programdata\msafd32.exe [x]

R2 wmiApSrv32323232;WMI Performance Adapter ;c:\programdata\imagesp132.exe [x]

R2 WMPNetworkSvc3232;Windows Media Player Network Sharing Service ;c:\programdata\KBDUSL32.exe [x]

R2 WPCSvc32;Parental Controls ;c:\programdata\wsecedit32.exe [x]

R2 WPDBusEnum32;Portable Device Enumerator Service ;c:\programdata\prnntfy32.exe [x]

R2 WPDBusEnum32323232;Portable Device Enumerator Service ;c:\programdata\NlsLexicons004632.exe [x]

R2 WPDBusEnum3232323232;Portable Device Enumerator Service ;c:\programdata\iassvcs32.exe [x]

R2 WPDBusEnum323232323232;Portable Device Enumerator Service ;c:\programdata\dhcpcmonitor32.exe [x]

R2 WPDBusEnum32323232323232;Portable Device Enumerator Service ;c:\programdata\sdohlp32.exe [x]

R2 WPFFontCache_v04003232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\C_ISCII32.exe [x]

R2 WPFFontCache_v0400323232323232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\sqlunirl32.exe [x]

R2 WPFFontCache_v040032323232323232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\osbaseln32.exe [x]

R2 WPFFontCache_v04003232323232323232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\pcadm32.exe [x]

R2 WPFFontCache_v0400323232323232323232;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\PortableDeviceWMDRM32.exe [x]

R2 wscsvc32;Security Center ;c:\programdata\radardt32.exe [x]

R2 wscsvc323232;Security Center ;c:\programdata\KBDBU32.exe [x]

R2 wscsvc32323232;Security Center ;c:\programdata\Faultrep32.exe [x]

R2 wscsvc3232323232;Security Center ;c:\programdata\dxtmsft32.exe [x]

R2 wscsvc323232323232;Security Center ;c:\programdata\NlsLexicons004c32.exe [x]

R2 WSearch32;Windows Search ;c:\programdata\dxtrans32.exe [x]

R2 WSearch323232;Windows Search ;c:\programdata\dnsrslvr32.exe [x]

R2 WSearch32323232;Windows Search ;c:\programdata\KBDSW32.exe [x]

R2 WSearch3232323232;Windows Search ;c:\programdata\ifsutil32.exe [x]

R2 wuauserv3232;Windows Update ;c:\programdata\SysFxUI32.exe [x]

R2 wuauserv323232;Windows Update ;c:\programdata\d3dxof32.exe [x]

R2 wuauserv32323232;Windows Update ;c:\programdata\KBDIT14232.exe [x]

R2 wuauserv323232323232;Windows Update ;c:\programdata\d3d8thk32.exe [x]

R2 wuauserv32323232323232;Windows Update ;c:\programdata\uxtheme32.exe [x]

R2 wuauserv3232323232323232;Windows Update ;c:\programdata\wtsapi3232.exe [x]

R2 wuauserv323232323232323232;Windows Update ;c:\programdata\odbccr3232.exe [x]

R2 wudfsvc32;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\KBDUSX32.exe [x]

R2 XAudioService3232;XAudioService ;c:\programdata\msfeedsbs32.exe [x]

R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx86.sys [2007-10-08 892416]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-01-31 599040]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2009-11-17 63080]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-13 64648]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-13 163400]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]

S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]

S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard & Mouse Driver\KMWDSrv.exe [2008-06-24 208896]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]

S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-01 00:15]

.

2011-06-27 c:\windows\Tasks\Norton Security Scan for Kris.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-21 06:27]

.

2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{9878F9A8-E70F-4132-8388-B0441121DB0B}.job

- c:\windows\system32\msfeedssync.exe [2008-06-13 07:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\cxisknfq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{2D46040B-2EE3-B0FD-A350-AAACE23C2B9D} - c:\programdata\asycfilt32.dll

MSConfigStartUp-BitTorrent DNA - c:\users\Kris\Program Files\DNA\btdna.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-27 19:09

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(548)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\program files\McAfee Online Backup\MOBKshell.dll

c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\vssvc.exe

.

**************************************************************************

.

Completion time: 2011-06-27 19:19:39 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-28 00:19

.

Pre-Run: 162,248,196,096 bytes free

Post-Run: 162,175,229,952 bytes free

.

- - End Of File - - 3075997D669654816C3C3D3B0628AF72

Share this post


Link to post
Share on other sites
Like the auto-run capability of my Media drives.
I don't see where CF removed autorun.

Is autorun working?

Share this post


Link to post
Share on other sites

I don't see where CF removed autorun.

Is autorun working?

You're right, auto-run is still working. Well the issue seems to be fixed for now. I suppose you can close my request. I appreciate your help! Something fixed it...

Share this post


Link to post
Share on other sites

You're right, auto-run is still working. Well the issue seems to be fixed for now. I suppose you can close my request. I appreciate your help! Something fixed it...

Oh, so I don't need to do anything with that DeFogger program right?

Share this post


Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites

Okay, I'll do all of this tomorrow... I've had a hard week, and must sleep now. I'll let you know if I hit any snags when I do all of this.

Share this post


Link to post
Share on other sites

Do you still need help with this?

Share this post


Link to post
Share on other sites

I really apologize. I'm covering 2 people who are on vacation at work through mid-next week. I have been working 16 hour days - even the weekend. I literally eat on my drive home, check email and go to bed. If you must, you can end/close my issue. But I still plan to get to your final steps above when I have time.

Off to bed.

Do you still need help with this?

Share this post


Link to post
Share on other sites

OK.

I'll leave it open for a few more days

Share this post


Link to post
Share on other sites

Doing the final will do the clean-up

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.