Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Locked by Ukash Police Virus. Help needed, please!


  • Please log in to reply
22 replies to this topic

#1 purplerain

purplerain

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 July 2012 - 07:08 PM

My computer seems to have become hijacked. Is there someone that can help me, please?

I can only access my computer in 'safe mode'.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 AM

Posted 30 July 2012 - 07:48 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 purplerain

purplerain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 July 2012 - 08:07 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Can I do this in safe mode?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 AM

Posted 30 July 2012 - 08:13 PM

Yes :thumbup2:

#5 purplerain

purplerain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 July 2012 - 08:21 PM

Launched TDSSkiller, but no log was produced.
Launched aswMBR, it is scanning.

#6 purplerain

purplerain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 July 2012 - 08:30 PM

aswMBR scan completed.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 03:15:44
-----------------------------
03:15:44.656 OS Version: Windows x64 6.1.7601 Service Pack 1
03:15:44.656 Number of processors: 4 586 0x2505
03:15:44.657 ComputerName: POP-HP UserName: pop
03:15:46.541 Initialize success
03:18:04.929 AVAST engine defs: 12073100
03:19:36.813 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:19:36.815 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
03:19:36.828 Disk 0 MBR read successfully
03:19:36.846 Disk 0 MBR scan
03:19:36.849 Disk 0 Windows 7 default MBR code
03:19:36.862 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
03:19:36.878 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 460811 MB offset 409600
03:19:36.915 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15825 MB offset 944150528
03:19:36.927 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
03:19:36.974 Disk 0 scanning C:\Windows\system32\drivers
03:19:50.012 Service scanning
03:20:15.091 Modules scanning
03:20:15.091 Disk 0 trace - called modules:
03:20:15.158 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
03:20:15.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005141060]
03:20:15.159 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f1f050]
03:20:17.043 AVAST engine scan C:\Windows
03:20:20.212 AVAST engine scan C:\Windows\system32
03:23:41.552 AVAST engine scan C:\Windows\system32\drivers
03:23:59.411 AVAST engine scan C:\Users\pop
03:24:40.053 Disk 0 MBR has been saved successfully to "C:\Users\pop\Desktop\MBR.dat"
03:24:40.141 The log file has been saved successfully to "C:\Users\pop\Desktop\aswMBR.txt"

#7 purplerain

purplerain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 July 2012 - 08:34 PM

Do I need to uninstall the antivirus that I already have?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 AM

Posted 30 July 2012 - 08:35 PM

Lets look into that later.Lets remove the infections first :thumbup2:

#9 purplerain

purplerain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 30 July 2012 - 08:41 PM

Scan in progress.
I guess the scan will take some time, will it not?

Edited by purplerain, 30 July 2012 - 08:42 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 AM

Posted 30 July 2012 - 08:48 PM

Yes

#11 purplerain

purplerain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 31 July 2012 - 02:17 AM

ESET scan completed:

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined

I have started my computer in normal mode, and the problem is still there. What should I do now? Thanks.

I also did a scan with Malwarebytes:

Windows 7 Service Pack 1 x64 NTFS (Mode segur/Amb xarxa)
Internet Explorer 9.0.8112.16421
pop :: POP-HP [administrador]

Protecció: Desactivada

31/07/2012 09:53:10
mbam-log-2012-07-31 (09-53-10).txt

Tipus d'anàlisi: Anàlisi completa (C:\|)
Opcions d’anàlisi activades: Memòria | Inici | Registre | Sistema d’arxius | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opcions d’anàlisi desactivades: P2P
Objectes analitzats: 466454
Temps transcorregut: 1 hora(es), 48 minut(s), 33 segon(s)

Processos en memòria detectats: 0
(Cap element maliciós detectat)

Mòduls de memòria detectats: 0
(Cap element maliciós detectat)

Claus de registre detectades: 0
(Cap element maliciós detectat)

Valors de registre detectats: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|StructuredQuery (Trojan.Agent) -> Dades: C:\Users\pop\AppData\Local\Microsoft\Windows\673\StructuredQuery.exe -> En quarantena i esborrat amb èxit.

Elements de dades del registre detectats: 0
(Cap element maliciós detectat)

Carpetes detectades: 0
(Cap element maliciós detectat)

Fitxers detectats: 2
C:\Users\pop\AppData\Local\Microsoft\Windows\673\StructuredQuery.exe (Trojan.Agent) -> En quarantena i esborrat amb èxit.
C:\$Recycle.Bin\S-1-5-21-64043062-1297582148-1406898536-1000\$ROWKOYB.Beta\DVDFab.8.1.9.7.Beta\Patch.exe (Riskware.Tool.CK) -> En quarantena i esborrat amb èxit.

(fi)

Edited by purplerain, 31 July 2012 - 04:53 AM.


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 AM

Posted 31 July 2012 - 06:40 AM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#13 purplerain

purplerain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 31 July 2012 - 10:39 AM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 7.0" "AcroTray" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 7.0\distillr\acrotray.exe"
+ "AdobeCS6ServiceManager" "Adobe CS6 Service Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgtray.exe"
+ "Easybits Recovery" "" "EasyBits Software AS" "c:\program files (x86)\easybits for kids\ezrecover.exe"
+ "EEventManager" "EEventManager Application" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\event manager\eeventmanager.exe"
+ "HP Quick Launch" "HP Message Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe"
+ "HPOSD" "HP On Screen Display" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "IMSS" "PIconStartup application" "" "c:\program files (x86)\intel\intel® management engine components\imss\piconstartup.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Adobe Acrobat Speed Launcher.lnk" "" "" "c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\sc_acrobat.exe"
+ "Snapfish PictureMover.lnk" "PictureMover Application" "Hewlett-Packard Company" "c:\program files (x86)\picturemover\bin\picturemover.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Advanced SystemCare 5" "Advanced SystemCare 5 Tray" "IObit" "c:\program files (x86)\iobit\advanced systemcare 5\asctray.exe"
+ "AlcoholAutomount" "Alcohol Launcher" "Alcohol Soft Development Team" "c:\program files (x86)\alcohol soft\alcohol 120\axcmd.exe"
+ "DAEMON Tools Pro Agent" "DAEMON Tools Pro Agent" "DT Soft Ltd" "c:\program files (x86)\daemon tools pro\dtagent.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgppa.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "EasyBits Security Shield Hook - prevents launching insecure programs by kids" "EasyBits Security Shield component" "EasyBits Software Corp." "c:\windows\syswow64\ezupbhook.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "ASCv5ExtMenu Module" "" "c:\program files (x86)\iobit\advanced systemcare 5\ascv5extmenu_64.dll"
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgsea.dll"
+ "DaemonShellExtImage" "DAEMON Tools Pro" "DT Soft Ltd" "c:\program files (x86)\daemon tools pro\dtshl64.dll"
+ "NPShellExtension" "Nitro Pro ShellExtension " "" "c:\program files\common files\nitro pdf\professional\7.0\npshellextension64.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
+ "Zecter" "ShellExt Dynamic Link Library" "Versionate Inc." "c:\program files (x86)\hewlett-packard\hp clouddrive\shellext64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 7.0\acrobat elements\contextmenu.dll"
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgse.dll"
+ "DaemonShellExtImage" "DAEMON Tools Pro" "DT Soft Ltd" "c:\program files (x86)\daemon tools pro\dtshl32.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 11\nero backitup\nbshell.dll"
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"
+ "TotalConverter" "" "" "c:\program files (x86)\totalaudioconverter\axtotalconverter.dll"
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "ASCv5ExtMenu Module" "" "c:\program files (x86)\iobit\advanced systemcare 5\ascv5extmenu_64.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Destinació de supressió del Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Destinació de supressió del Windows Sidebar" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\adobe\acrobat 7.0\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
+ "Zecter" "ShellExt Dynamic Link Library" "Versionate Inc." "c:\program files (x86)\hewlett-packard\hp clouddrive\shellext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgse.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 11\nero backitup\nbshell.dll"
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "NBShellHook" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 11\nero backitup\nbshell.dll"
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00Zecter" "ShellExt Dynamic Link Library" "Versionate Inc." "c:\program files (x86)\hewlett-packard\hp clouddrive\shellext64.dll"
+ "01Zecter" "ShellExt Dynamic Link Library" "Versionate Inc." "c:\program files (x86)\hewlett-packard\hp clouddrive\shellext64.dll"
+ "02Zecter" "ShellExt Dynamic Link Library" "Versionate Inc." "c:\program files (x86)\hewlett-packard\hp clouddrive\shellext64.dll"
+ "03Zecter" "ShellExt Dynamic Link Library" "Versionate Inc." "c:\program files (x86)\hewlett-packard\hp clouddrive\shellext64.dll"
+ "04Zecter" "ShellExt Dynamic Link Library" "Versionate Inc." "c:\program files (x86)\hewlett-packard\hp clouddrive\shellext64.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgssiea.dll"
+ "Complitly" "Complitly - Helps you search the web" "SimplyGen" "c:\users\pop\appdata\roaming\complitly\64\complitly64.dll"
+ "Easy Photo Print" "Epson Easy Photo Print (TBL x64)" "SEIKO EPSON CORPORATION / CyCom Technology Corp." "c:\program files (x86)\epson software\easy photo print\eptbl.dll"
+ "Expat Shield Class" "" "AnchorFree Inc." "c:\program files (x86)\expat shield\hssie\expatie_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg64.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe IE plugin" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\acrobat 7.0\acrobat\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Adobe PDF Reader Link Helper" "Adobe Acrobat IE Helper Version 7.0 for ActiveX" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\acrobat 7.0\activex\acroiehelper.dll"
+ "Ajudant d'inici de sessió del Windows Live ID" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgssie.dll"
+ "Complitly" "Complitly - Helps you search the web" "SimplyGen" "c:\users\pop\appdata\roaming\complitly\complitly.dll"
+ "Expat Shield Class" "" "AnchorFree Inc." "c:\program files (x86)\expat shield\hssie\expatie.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "EPTBL" "Epson Easy Photo Print (TBL x64)" "SEIKO EPSON CORPORATION / CyCom Technology Corp." "c:\program files (x86)\epson software\easy photo print\eptbl.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe IE plugin" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\acrobat 7.0\acrobat\acroiefavclient.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\ASC4_AutoCare" "" "" "File not found: C:\Program Files (x86)\IObit\Advanced SystemCare 4\AutoCare.exe"
+ "\ASC4_AutoSweep" "" "" "File not found: C:\Program Files (x86)\IObit\Advanced SystemCare 4\AutoSweep.exe"
+ "\ASC4_AutoUpdate" "" "" "File not found: C:\Program Files (x86)\IObit\Advanced SystemCare 4\AutoUpdate.exe"
+ "\ASC4_PerformanceMonitor" "" "" "File not found: C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe"
+ "\ASC5_AutoClean" "Advanced SystemCare Auto Sweep" "IObit" "c:\program files (x86)\iobit\advanced systemcare 5\autosweep.exe"
+ "\ASC5_AutoUpdate" "Advanced SystemCare Updater" "IObit" "c:\program files (x86)\iobit\advanced systemcare 5\autoupdate.exe"
+ "\HPCeeScheduleForpop" "HP Ceement" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Aplicación de configuración del Servicio de uso compartido de red del Reproductor de Windows Media" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\MirageAgent" "YouCam Mirage" "CyberLink" "c:\program files (x86)\cyberlink\youcam\ycmmirage.exe"
+ "\Norton AntiVirus\Norton Error Analyzer" "" "" "File not found: C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.0.18\SymErr.exe"
+ "\SidebarExecute" "Gadgets de l'escriptori del Windows" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ABBYY.Licensing.FineReader.Sprint.9.0" "This service is required for the operation of the ABBYY FineReader 9.0 Express Edition licensing mechanism." "ABBYY" "c:\program files (x86)\common files\abbyy\finereadersprint\9.00\licensing\networklicenseserver.exe"
+ "Adobe LM Service" "AdobeLM Service" "Adobe Systems" "c:\program files (x86)\common files\adobe systems shared\service\adobelmsvc.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater mantiene actualizado el software de Adobe." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "Este servicio mantiene actualizada la instalación de Adobe Flash Player con las últimas mejoras y soluciones de seguridad." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AdvancedSystemCareService5" "Advanced SystemCare Service" "IObit" "c:\program files (x86)\iobit\advanced systemcare 5\ascservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "avgfws" "AVG Firewall Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgfws.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "ExpatShieldService" "" "" "c:\program files (x86)\expat shield\bin\openvpnas.exe"
+ "ExpatSrv" "" "AnchorFree Inc." "c:\program files (x86)\expat shield\hsswpr\hsssrv.exe"
+ "ExpatTrayService" "" "" "c:\program files (x86)\expat shield\bin\expattrayservice.exe"
+ "ExpatWd" "" "" "c:\program files (x86)\expat shield\bin\hsswd.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files (x86)\windows live\family safety\fsssvc.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\hp games\hp game console\gameconsoleservice.exe"
+ "gusvc" "Google Updater mantiene actualizado el software de Google. Si el servicio Google Updater está inhabilitado o se ha detenido, el software de Google no se mantendrá actualizado, por lo que es posible que las vulnerabilidades de seguridad que surjan no se solucionen y algunos componentes no funcionen correctamente." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe"
+ "HP Wireless Assistant Service" "This service monitors the wireless devices in this computer and allows the HP Wireless Assistant application to turn devices on and off." "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp wireless assistant\hpwa_service.exe"
+ "HPClientSvc" "HP Client Services" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp client services\hpclientservices.exe"
+ "HPDrvMntSvc.exe" "HP Quick Synchronization Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "HPWMISVC" "HP Quick Launch WMI Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe"
+ "IAStorDataMgrSvc" "Notifica sobre eventos de almacenamiento y gestiona la comunicación entre el controlador de almacenamiento y las aplicaciones de espacio de usuario." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "iPod Service" "Serveis de gestió del maquinari de l’iPod" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MDM" "Admite depuración local y remota para depuradores de secuencia de comandos de Visual Studio. Si este servicio se detiene, los depuradores no funcionarán adecuadamente." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe"
+ "MozillaMaintenance" "El servei de manteniment de Mozilla garanteix que teniu la darrera i més segura versió del Mozilla Firefox a l'ordinador. Mantenir el Firefox al dia és molt important per a la seguretat en línia i, per tant, Mozilla recomana que tingueu activat aquest servei." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "NAUpdate" "Administra las aplicaciones de Nero y proporciona acceso a actualizaciones para éstas." "Nero AG" "c:\program files (x86)\nero\update\nasvc.exe"
+ "NitroDriverReadSpool2" "Nitro PDF Driver Read Spool 2" "Nitro PDF Software" "c:\program files\common files\nitro pdf\professional\7.0\nitropdfdriverservice2x64.exe"
+ "nlsX86cc" "Nalpeiron Licensing Service" "Nalpeiron Ltd." "c:\windows\syswow64\nlssrv32.exe"
+ "ose" "Guarda los archivos de instalación utilizados para las actualizaciones y reparaciones, y es necesario para descargar actualizaciones del programa de instalación e informes de error de Watson." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "ServiceLayer" "ServiceLayer Module" "Nokia" "c:\program files (x86)\pc connectivity solution\servicelayer.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv64.exe"
+ "StarWindServiceAE" "Enables network access to local burners via iSCSI protocol." "Rocket Division Software" "c:\program files (x86)\alcohol soft\alcohol 120\starwind\starwindserviceae.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protecció contra programari espia i potencialment no desitjat" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Habilita l'autenticació del Windows Live ID." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Comparte las bibliotecas del Reproductor de Windows Media con otros dispositivos multimedia y reproductores en red mediante Plug and Play universal." "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ab153t4j" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\ab153t4j.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "anrgb50c" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\anrgb50c.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "Avgfwfd" "AVG network filter driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgfwd6a.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriver.sys"
+ "AVGIDSEH" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidseh.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilter.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Controlador I/F serie de Brother (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "clwvd" "CyberLink WebCam Virtual Driver" "CyberLink Corporation" "c:\windows\system32\drivers\clwvd.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "dtsoftbus01" "DAEMON Tools Virtual Bus Driver" "DT Soft Ltd" "c:\windows\system32\drivers\dtsoftbus01.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "HssDrv" "Expat Shield Routing Driver" "AnchorFree Inc." "c:\windows\system32\drivers\hssdrv.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "netw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nmwcd" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmbx64.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "pccsmcfd" "PCCS Mode Change Filter Driver" "Nokia" "c:\windows\system32\drivers\pccsmcfdx64.sys"
+ "pcouffin" "low level access layer for CD/DVD/BD devices" "VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSPCIESTOR" "Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtspstor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "sptd" "SCSI Pass Through Direct Host" "Duplex Secure Ltd." "c:\windows\system32\drivers\sptd.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "taphss" "TAP-Win32 Virtual Network Driver" "AnchorFree Inc" "c:\windows\system32\drivers\taphss.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "yukonw7" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk62x64.sys"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "vidc.ffds" "" "" "File not found: -"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Códec Cinepak®" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "_ VSO Preview Filter" "Video preview filter" "VSO Software SARL" "c:\program files (x86)\vso\common\vsovprev.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON SX130 Series 64MonitorBE" "EPSON Bi-directional Monitor AMD64" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_ilmhje.dll"
+ "Nitro PDF Port Monitor" "Windows NT Nitro Print PDF Interface Driver" "Nitro PDF Software" "c:\windows\system32\nitrolocalmon2.dll"

I did this in normal mode, is that ok?

Edited by purplerain, 31 July 2012 - 11:23 AM.


#14 purplerain

purplerain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 31 July 2012 - 10:41 AM

By the way, Malwarebytes found 3 problems, 2 were quarantined and deleted, this has allowed my to access windows, normally.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 AM

Posted 31 July 2012 - 01:04 PM

Run Malwarebytes in normal mode and post the log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users