Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus and malware infection avalanche - at least one still hidden and active


  • Please log in to reply
7 replies to this topic

#1 Akilia

Akilia

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 28 October 2015 - 09:42 AM

Dell XP5 PC running Windows 10 Pro 64-bit.

Browser: Internet Explorer version11.0.10240.16431

Second Browser: Moxilla Firefox version 41.0.1

Standard OS Firewall and Windows Defender.

 

So yesterday I was hit whilst I was investigating a P2P website.

Not sure what click wot click did it but...

 

SYMPTOMS:

 

1. A Chinese script +chinese ads pop-up appeared bottom right screen.

2. Random large obtrusive pop-ups appeared in centre of screen all Chinese or Asian text.

3. Browser hijack to default website called "hsiao123/[text string very long following]"

4. Random automatic visits, when IE11 opened, to:

 //www.jonline.com/news/2015-08-07/0FH0412015.shtml#pid%3D556fcad1bf8d907ecaf5f889%26adpro%3D5630ba16d0161b19006d702c

The tab in IE11 was in Chinese symbols only at that website.

5. Windows Defender somehow "Turned off as Group Policy".

6. Loads of additional PUPs, many Trojans, 2 Rootkit viruses, and over 3,200 malware elements identified by MBAM in chameleon mode.

 

WHAT HAVE I DONE SO FAR?

 

a) MBAM full scan - required windows SAFE mode and run in chameleon mode to successfully operate. Huge amount of malicious stuff including one rootkit successfully removed as far as I can see.

b ) Windows 10's "gpedit" to re-activate Windows Defender in Group Policy successfully.
Identified that Defender had been running OK as usual doing scheduled scans until earlier that morning.
Defo had been scuttled by malware not user error.

c) Defender full scan. The second Rootkit virus identified and removed. Approx 300 other malicious viruses, malware, and PUP elements removed. Reboot.

d) CCleaner to remove registry remnants - approximately 600 changes made. Reboot.

e) HitmanPro latest version - another 33 malware elements and some sundry PUPs removed. Reboot.

f) CCleaner registry again. Reboot to Safe mode.

f) Tdsskiller in Safe mode, and then in normal mode. Nothing found.

g) RogueKillerX64: sundry malware and PUPS removed. Reboot to Safe mode.

h) SuperAntiSpyware run in Safe mode, lots of additional malware and PUPs removed.

i) CCleaner registry cleaned again. Reboot.

j) Adware Cleaner 5.015 -  some more stuff removed. Reboot.

k) Adware Removal Tool - some more stuff removed. Reboot.

l) CCleaner registry again. Reboot.

m) JunkRemovalTool JRT removed stuff. Reboot.

n) Defender run in normal mode. Another malware/PUP removed. Reboot.

o) CCleaner registry again. Reboot.

 

Now:

 

MBAM clear.

Defender clear.

HitmanPro clear.

SuperAntiSpyware clear.

JRT clear.

RogueKillerX64 clear.

Adware removal tool clear.

Adwcleaner clear.

All Browsers flushed and with default settings.

No abnormal apps in list.

No abnormal icons on desktop.

Nothing strange to me, on inspecting windows program folders.

 

BUT:

1. Chinese pop-ups still there, and //www.jonline.com still happening when IE Browser open.

2. TaskManager shows high usage by a process called vcboa.exe (32 bit)

There are THREE active processes in Task Manager with that name.

All three carry the same strange symbol logo found on the Chinese pop-ups

Location is: C:\Users\Andrew\AppData\Roaming\afght\xxsxvr

Associated file is: tqMeepo.dll found at same location.

Signature list = Wuanyo Electronic (Shanghai) Co. Ltd.,  Digest Algorithm = sha1

 

I've manually deleted  \afght\xxsvr and all contents, in all users.

This may not be the only problem remaining on my PC!

 

What must I do now?

 

Sincere thanks,

Andrew.

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:42 PM

Posted 28 October 2015 - 10:43 AM

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as Autoruns.txt file to know location.
You must select Text from drop-down menu as a file type:

p4436801.gif

Paste content of Autoruns.txt file into your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 28 October 2015 - 12:06 PM

Here's the autorun logt (text) :

 

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "27/10/2015 15:05" ""
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe" "07/04/2015 05:04" ""
+ "RtHDVBg" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe" "28/04/2015 07:44" ""
+ "RTHDVCPL" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rtkngui64.exe" "23/06/2015 10:31" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "28/10/2015 14:45" ""
+ "CLMLServer_For_P2G8" "CyberLink MediaLibray Service" "CyberLink" "c:\program files (x86)\cyberlink\power2go8\clmlsvc_p2g8.exe" "08/06/2012 03:20" ""
+ "CLVirtualDrive" "CyberLink Virtual Drive" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go8\virtualdrive.exe" "04/07/2012 12:11" ""
+ "EEventManager" "EEventManager Application" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\event manager\eeventmanager.exe" "03/12/2009 01:06" ""
+ "FUFAXRCV" "Fax Reception" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\fax utility\fufaxrcv.exe" "19/09/2012 02:47" ""
+ "FUFAXSTM" "Fax Transmission" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\fax utility\fufaxstm.exe" "19/09/2012 02:48" ""
+ "IAStorIcon" "Delayed launcher" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoriconlaunch.exe" "17/07/2012 03:23" ""
+ "OV3_Monitor" "resident module - First Starter" "OLYMPUS IMAGING CORP." "c:\program files (x86)\olympus\olympus viewer 3\firststart.exe" "05/02/2015 09:21" ""
+ "RemoteControl10" "PowerDVD RC Service" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe" "01/06/2012 12:45" ""
+ "Shwicon9106" "IconUtility Shwicon  Application" "" "c:\program files (x86)\multimedia card reader(9106)\shwicon9106.exe" "28/06/2012 07:39" ""
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe" "22/08/2015 02:05" ""
+ "WD Drive Unlocker" "WD Drive Auto Unlock" "Western Digital Technologies, Inc." "c:\program files (x86)\western digital\wd security\wddriveautounlock.exe" "15/10/2013 14:36" ""
+ "WD Quick View" "WD Quick View" "Western Digital Technologies, Inc." "c:\program files (x86)\western digital\wd quick view\wddmstatus.exe" "21/07/2015 00:51" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "27/10/2015 22:03" ""
+ "Amazon Music" "" "" "c:\users\andrew\appdata\local\amazon music\amazon music helper.exe" "08/10/2015 04:29" ""
+ "AmazonMP3DownloaderHelper" "" "" "c:\users\andrew\appdata\local\program files\amazon\mp3 downloader\amazonmp3downloaderhelper.exe" "09/05/2013 20:10" ""
+ "Dropbox Update" "Dropbox Update" "Dropbox, Inc." "c:\users\andrew\appdata\local\dropbox\update\dropboxupdate.exe" "30/04/2015 20:41" ""
+ "EPSON PX820FWD Series" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\x64\3\e_iatigxe.exe" "08/01/2010 09:54" ""
+ "Epson Stylus Photo PX820FWD(Network)" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\x64\3\e_iatigxe.exe" "08/01/2010 09:54" ""
+ "Epson Stylus Photo PX820FWD(Network) (Copy 1)" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\x64\3\e_iatigxe.exe" "08/01/2010 09:54" ""
+ "EPSON9A8529 (Epson Stylus Photo PX820FWD)" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\x64\3\e_iatigxe.exe" "08/01/2010 09:54" ""
+ "NETGEARGenie" "NETGEAR Genie" "NETGEAR Inc." "c:\program files (x86)\netgear genie\bin\netgeargenie.exe" "02/06/2015 06:39" ""
+ "OneDrive" "Microsoft OneDrive" "Microsoft Corporation" "c:\users\andrew\appdata\local\microsoft\onedrive\onedrive.exe" "20/10/2015 00:08" ""
+ "OV3_Monitor" "resident module" "OLYMPUS IMAGING CORP." "c:\program files (x86)\olympus\olympus viewer 3\ov3monitor.exe" "05/02/2015 09:23" ""
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware" "c:\program files\superantispyware\superantispyware.exe" "23/10/2015 16:52" ""
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "24/09/2015 09:48" ""
+ "ImageBrowser EX Agent.lnk" "MFManager" "" "c:\program files (x86)\canon\imagebrowser ex\mfmanager.exe" "08/04/2014 00:13" ""
"C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "27/10/2015 16:27" ""
+ "Adobe Gamma.lnk" "Adobe Gamma Loader" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\calibration\adobe gamma loader.exe" "04/11/1999 22:06" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe" "23/09/2015 23:06" ""
+ "OneNote 2010 Screen Clipper and Launcher.lnk" "Microsoft OneNote Quick Launcher" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onenotem.exe" "25/06/2013 21:46" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" "" "24/09/2015 09:39" ""
+ "BtvStack" "" "" "File not found: C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" "" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "24/09/2015 09:30" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "10/07/2015 03:20" ""
+ "Microsoft Windows Media Player" "" "" "File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "27/10/2015 16:51" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "10/07/2015 03:31" ""
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "24/09/2015 09:42" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll" "28/02/2010 09:24" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "27/10/2015 22:03" ""
+ "CLVDShellExt" "Cyberlink Shell Extension dynamic link library" "Cyberlink" "c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll" "13/06/2012 02:16" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll" "06/06/2014 18:40" ""
+ "WDBackupMenuHandler" "WD ContextMenu Handler" "Western Digital Technologies, Inc." "c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll" "21/07/2015 00:56" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshls64.dll" "02/05/2014 09:59" ""
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "27/10/2015 22:03" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll" "02/05/2014 09:53" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "24/09/2015 09:42" ""
+ "CLVDShellExt" "Cyberlink Shell Extension dynamic link library" "Cyberlink" "c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll" "13/06/2012 02:16" ""
+ "CWDDriveMenuHandler" "WD ContextMenu Handler" "Western Digital Technologies, Inc." "c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll" "21/07/2015 00:56" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "24/09/2015 09:42" ""
+ "WDBackupPropSheetHandler" "WD ContextMenu Handler" "Western Digital Technologies, Inc." "c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll" "21/07/2015 00:56" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "27/10/2015 22:03" ""
+ "DeleteFiles" "" "" "c:\program files\file shredder\fsshell.dll" "31/03/2012 23:06" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll" "06/06/2014 18:40" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "27/10/2015 22:03" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll" "06/06/2014 18:40" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshls64.dll" "02/05/2014 09:59" ""
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "27/10/2015 22:03" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll" "02/05/2014 09:53" ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "24/09/2015 09:42" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshls64.dll" "02/05/2014 09:59" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "24/09/2015 09:42" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll" "02/05/2014 09:53" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "24/09/2015 09:34" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll" "03/08/2015 19:56" ""
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "14/10/2015 16:43" ""
+ "dBpShell Class" "Provides dBpoweramp Shell Interaction" "Illustrate" "c:\program files\dbpoweramp\dbshell.dll" "18/05/2015 13:55" ""
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "14/10/2015 16:43" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "11/05/2013 09:34" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "27/10/2015 15:15" ""
+ "WDBackupMenuHandler" "WD ContextMenu Handler" "Western Digital Technologies, Inc." "c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll" "21/07/2015 00:56" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshls64.dll" "02/05/2014 09:59" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "27/10/2015 15:15" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll" "02/05/2014 09:53" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "24/09/2015 09:42" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshls64.dll" "02/05/2014 09:59" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "24/09/2015 09:42" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll" "02/05/2014 09:53" ""
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" "" "24/09/2015 09:42" ""
+ "WDBackupPropSheetHandler" "WD ContextMenu Handler" "Western Digital Technologies, Inc." "c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll" "21/07/2015 00:56" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "27/10/2015 17:49" ""
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll" "06/03/2013 07:39" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "27/10/2015 16:27" ""
+ "EpsonToolBandKicker Class" "EPSON Web-To-Page" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson\epson web-to-page\epson web-to-page.dll" "22/02/2005 04:50" ""
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll" "06/03/2013 07:38" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "28/10/2015 12:31" ""
+ "EPSON Web-To-Page" "EPSON Web-To-Page" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson\epson web-to-page\epson web-to-page.dll" "22/02/2005 04:50" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "24/09/2015 09:43" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll" "06/03/2013 09:37" ""
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll" "19/03/2015 19:10" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "24/09/2015 09:45" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll" "06/03/2013 09:25" ""
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll" "19/03/2015 19:04" ""
"Task Scheduler" "" "" "" "" ""
+ "\Adobe Acrobat Update Task" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "14/09/2015 16:19" ""
+ "\DropboxUpdateTaskUserS-1-5-21-271104307-3997771569-46810807-1001Core" "Dropbox Update" "Dropbox, Inc." "c:\users\andrew\appdata\local\dropbox\update\dropboxupdate.exe" "30/04/2015 20:41" ""
+ "\DropboxUpdateTaskUserS-1-5-21-271104307-3997771569-46810807-1001UA" "Dropbox Update" "Dropbox, Inc." "c:\users\andrew\appdata\local\dropbox\update\dropboxupdate.exe" "30/04/2015 20:41" ""
+ "\eKTqvKFkEtdTAPTCT" "" "" "File not found: C:\Users\Andrew\AppData\Roaming\eKTqvKFkEtdTAPTCT.exe" "" ""
+ "\fmD2HSuJznvn98stgCij7P" "" "" "File not found: C:\Users\Andrew\AppData\Roaming\fmD2HSuJznvn98stgCij7P.exe" "" ""
+ "\jjk  Files Update Ver 20151027" "" "" "File not found: C:\Users\Andrew\AppData\Roaming\afght\xxsxvr\vcboa.exe" "" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "18/06/2015 01:06" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "10/07/2015 03:19" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "10/07/2015 03:19" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "10/07/2015 03:19" ""
+ "\Microsoft\Windows\Windows Defender\Windows Defender Verification" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "10/07/2015 03:19" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "10/07/2015 03:13" ""
+ "\PCDEventLauncherTask" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\dell\supportassist\sessionchecker.exe" "20/05/2015 01:13" ""
+ "\PCDoctorBackgroundMonitorTask" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\dell\supportassist\uaclauncher.exe" "20/05/2015 01:10" ""
+ "\SystemToolsDailyTest" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\dell\supportassist\uaclauncher.exe" "20/05/2015 01:10" ""
+ "\Wake for scheduled backup" "" "" "File not found: exit" "" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "28/10/2015 15:16" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe" "22/07/2014 23:31" ""
+ "Adobe LM Service" "AdobeLM Service" "Adobe Systems" "c:\program files (x86)\common files\adobe systems shared\service\adobelmsvc.exe" "07/01/2005 14:00" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "14/09/2015 16:19" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "15/10/2015 04:45" ""
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe" "22/08/2015 01:48" ""
+ "Apple Mobile Device Service" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe" "19/12/2014 12:38" ""
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "31/08/2011 05:52" ""
+ "Dell Customer Connect" "Presents Feedback to Dell" "Dell Inc." "c:\program files (x86)\dell customer connect\dccservice.exe" "22/09/2015 21:19" ""
+ "DellUpdate" "Downloads and installs updates for your Dell device" "Dell Inc." "c:\program files (x86)\dell update\dellupservice.exe" "27/08/2015 18:11" ""
+ "EpsonBidirectionalService" "eEBAPI Core Process module" "SEIKO EPSON CORPORATION" "c:\program files (x86)\common files\epson\ebapi\eebsvc.exe" "19/12/2006 12:53" ""
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe" "09/07/2012 20:47" ""
+ "Intel® Capability Licensing Service Interface" "Version: 1.31.8.1" "Intel® Corporation" "c:\program files\intel\icls client\heciserver.exe" "27/08/2013 12:32" ""
+ "Intel® Capability Licensing Service TCP IP Interface" "Version: 1.31.8.1" "Intel® Corporation" "c:\program files\intel\icls client\socketheciserver.exe" "27/08/2013 12:32" ""
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" "07/04/2015 05:04" ""
+ "jhi_service" "Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL" "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe" "17/07/2013 02:50" ""
+ "LMS" "Intel® Management and Security Application Local Management Service - Provides OS-related Intel® ME functionality." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe" "26/06/2013 22:39" ""
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes" "c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe" "03/09/2015 13:08" ""
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe" "29/09/2015 23:45" ""
+ "MyEpson Portal Service" "MyEpson Portal Service" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson\myepson portal\mepservice.exe" "16/09/2011 03:18" ""
+ "NETGEARGenieDaemon" "NETGEAR Genie Daemon for Windows" "NETGEAR" "c:\program files (x86)\netgear genie\bin\netgeargeniedaemon64.exe" "29/04/2015 06:35" ""
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe" "10/01/2010 04:16" ""
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe" "12/08/2009 02:00" ""
+ "RichVideo" "RichVideo Module" "" "c:\program files (x86)\cyberlink\shared files\richvideo.exe" "13/02/2012 02:33" ""
+ "RtkAudioService" "For cooperation with Realtek audio driver." "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rtkaudioservice64.exe" "22/05/2015 06:16" ""
+ "upsMonitor" "LaunchAnywhere" "Acresso" "c:\program files (x86)\viewpower2.10\upsmonitor.exe" "25/09/2008 17:38" ""
+ "upsTomcat" "Apache Tomcat Server - http://tomcat.apache.org/" "Apache Software Foundation" "c:\program files (x86)\viewpower2.10\tomcat\bin\tomcat6.exe" "09/05/2007 13:47" ""
+ "WDBackup" "WD SmartWare Backup Engine" "Western Digital Technologies, Inc." "c:\program files (x86)\western digital\wd smartware\wdbackupengine.exe" "21/07/2015 00:53" ""
+ "WDDriveService" "Provides discovery of WD Drives" "Western Digital Technologies, Inc." "c:\program files (x86)\western digital\wd drive manager\wddriveservice.exe" "21/07/2015 00:50" ""
+ "WdNisSvc" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\windows defender\nissrv.exe" "10/07/2015 03:19" ""
+ "WinDefend" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe" "10/07/2015 03:18" ""
+ "Windows Event Log Viewer" "winevent" "winevent" "c:\windows\win services\winevent.exe" "15/10/2015 07:59" ""
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "10/07/2015 03:18" ""
+ "ZAtheros Bt and Wlan Coex Agent" "Co-existence Coordinator Service between 11a/b/g/n Wireless LAN and Bluetooth." "Atheros" "c:\program files (x86)\bluetooth suite\ath_coexagent.exe" "23/11/2012 07:41" ""
+ "ZAtheros Wlan Agent" "Atheros agent for Wlan" "Atheros" "c:\program files (x86)\dell wireless\ath_wlanagent.exe" "19/06/2012 09:17" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "28/10/2015 15:16" ""
+ "3ware" "LSI 3ware SCSI Storport Driver" "LSI" "c:\windows\system32\drivers\3ware.sys" "18/05/2015 22:28" ""
+ "ADP80XX" "PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller" "PMC-Sierra" "c:\windows\system32\drivers\adp80xx.sys" "09/04/2015 20:49" ""
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys" "22/08/2015 02:10" ""
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys" "22/08/2015 01:45" ""
+ "amdsata" "AHCI 1.3 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "14/05/2015 12:14" ""
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "11/12/2012 21:21" ""
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "01/05/2015 00:55" ""
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "PMC-Sierra, Inc." "c:\windows\system32\drivers\arcsas.sys" "09/04/2015 19:12" ""
+ "athr" "Qualcomm Atheros Extensible Wireless LAN device driver" "Qualcomm Atheros Communications, Inc." "c:\windows\system32\drivers\athw10x.sys" "18/05/2015 06:33" ""
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdwt6.sys" "26/05/2015 01:21" ""
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "04/02/2013 19:47" ""
+ "bcmfn2" "BCM Function 2  Device Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn2.sys" "16/03/2014 10:07" ""
+ "BTATH_BUS" "Qualcomm Atheros BUS driver" "Qualcomm Atheros" "c:\windows\system32\drivers\btath_bus.sys" "20/01/2014 14:20" ""
+ "BtFilter" "Qualcomm Atheros BtFilter Driver" "Qualcomm Atheros" "c:\windows\system32\drivers\btfilter.sys" "29/06/2015 10:31" ""
+ "CLVirtualDrive" "CyberLink CLVirtualDrive Driver" "CyberLink" "c:\windows\system32\drivers\clvirtualdrive.sys" "26/12/2011 13:26" ""
+ "DellRbtn" "Airplane Mode Switch Driver" "OSR Open Systems Resources, Inc." "c:\windows\system32\drivers\dellrbtn.sys" "03/08/2012 21:32" ""
+ "ebdrv" "QLogic 10 GigE VBD" "QLogic Corporation" "c:\windows\system32\drivers\evbda.sys" "12/01/2015 10:29" ""
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "03/05/2012 19:56" ""
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "26/03/2013 21:36" ""
+ "iaLPSSi_GPIO" "Intel® Serial IO GPIO Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_gpio.sys" "02/02/2015 09:00" ""
+ "iaLPSSi_I2C" "Intel® Serial IO I2C Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_i2c.sys" "02/02/2015 09:00" ""
+ "iaStorA" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastora.sys" "18/09/2012 22:46" ""
+ "iaStorAV" "Intel® Rapid Storage Technology driver (inbox) - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorav.sys" "19/02/2015 12:08" ""
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "11/04/2011 18:48" ""
+ "ibbus" "InfiniBand Fabric Bus Driver" "Mellanox" "c:\windows\system32\drivers\ibbus.sys" "29/03/2015 14:28" ""
+ "incdrm" "" "" "File not found: C:\WINDOWS\System32\Drivers\incdrm.sys" "" ""
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "24/06/2015 10:04" ""
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys" "19/06/2012 14:40" ""
+ "LEqdUsb" "Logitech Equad USB Driver." "Logitech, Inc." "c:\windows\system32\drivers\leqdusb.sys" "03/01/2013 08:12" ""
+ "LHidEqd" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhideqd.sys" "03/01/2013 08:12" ""
+ "LHidFilt" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidfilt.sys" "03/01/2013 08:13" ""
+ "LMouFilt" "Logitech Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lmoufilt.sys" "03/01/2013 08:13" ""
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "25/03/2015 19:36" ""
+ "LSI_SAS2i" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2i.sys" "08/04/2015 20:58" ""
+ "LSI_SAS3i" "Avago SAS Gen3 Driver (StorPort)" "Avago Technologies" "c:\windows\system32\drivers\lsi_sas3i.sys" "09/04/2015 18:07" ""
+ "LSI_SSS" "LSI SSS PCIe/Flash Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sss.sys" "15/03/2013 23:39" ""
+ "LUsbFilt" "Logitech USB Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lusbfilt.sys" "03/01/2013 08:13" ""
+ "mbamchameleon" "Malwarebytes Chameleon Protection Driver" "Malwarebytes" "c:\windows\system32\drivers\mbamchameleon.sys" "04/08/2015 18:26" ""
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes" "c:\windows\system32\drivers\mbam.sys" "11/08/2015 17:35" ""
+ "MBAMWebAccessControl" "Malwarebytes Web Access Control" "Malwarebytes Corporation" "c:\windows\system32\drivers\mwac.sys" "18/06/2014 02:07" ""
+ "megasas" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas.sys" "05/03/2015 02:36" ""
+ "megasr" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "03/06/2013 22:02" ""
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\teedriverx64.sys" "05/09/2013 18:02" ""
+ "mlx4_bus" "MLX4 Bus Driver" "Mellanox" "c:\windows\system32\drivers\mlx4_bus.sys" "29/03/2015 14:36" ""
+ "mvumis" "Marvell Flash Controller Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvumis.sys" "23/05/2014 20:39" ""
+ "ndfltr" "NetworkDirect Support Filter Driver" "Mellanox" "c:\windows\system32\drivers\ndfltr.sys" "29/03/2015 14:27" ""
+ "NPF" "npf.sys (NT5/6 AMD64) Kernel Driver" "CACE Technologies, Inc." "c:\windows\system32\drivers\npf.sys" "25/06/2010 16:50" ""
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "21/04/2014 18:28" ""
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "21/04/2014 18:34" ""
+ "PcaSp60" "@oem134.inf,%PCASP60_Desc%;Rawether NDIS 6.X SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\drivers\pcasp60.sys" "07/09/2010 18:27" ""
+ "percsas2i" "MEGASAS RAID Controller Driver for Windows" "LSI Corporation" "c:\windows\system32\drivers\percsas2i.sys" "05/02/2015 22:51" ""
+ "percsas3i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas3i.sys" "04/02/2015 22:52" ""
+ "pmxdrv" "" "" "c:\windows\system32\drivers\pmxdrv.sys" "27/01/2010 21:53" ""
+ "rt640x64" "Realtek 8136/8168/8169 NDIS 6.40 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt640x64.sys" "01/04/2015 14:34" ""
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys" "21/07/2011 23:03" ""
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys" "12/07/2011 21:00" ""
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "24/09/2008 18:28" ""
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "01/10/2008 21:56" ""
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows x64" "Promise Technology, Inc." "c:\windows\system32\drivers\stexstor.sys" "27/11/2012 00:02" ""
+ "TrueSight" "" "" "c:\windows\system32\drivers\truesight.sys" "04/12/2014 11:36" ""
+ "UdeCx" "" "" "c:\windows\system32\drivers\udecx.sys" "10/07/2015 03:21" ""
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys" "15/07/2014 17:30" ""
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "22/04/2014 19:21" ""
+ "VSTXRAID" "VIA StorX RAID Controller Driver" "VIA Corporation" "c:\windows\system32\drivers\vstxraid.sys" "21/01/2013 19:00" ""
+ "WDC_SAM" "@oem55.inf,%WDC_SAM_ServiceDesc%;Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys" "16/04/2008 08:39" ""
+ "wfpcapture" "@wfpcapture.inf,%WfpCapture_Desc%;Microsoft WFP Message Capture" "" "File not found: C:\WINDOWS\System32\drivers\wfpcapture.sys" "" ""
+ "WinMad" "Kernel WinMad" "Mellanox" "c:\windows\system32\drivers\winmad.sys" "29/03/2015 14:27" ""
+ "WinVerbs" "Kernel WinVerbs" "Mellanox" "c:\windows\system32\drivers\winverbs.sys" "29/03/2015 14:27" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "24/09/2015 09:30" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "27/08/2015 05:54" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "24/09/2015 09:33" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "10/07/2015 03:13" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "24/09/2015 09:33" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "10/07/2015 03:24" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "10/07/2015 03:32" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "24/09/2015 09:42" ""
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\plugin\wavdest.ax" "20/05/2015 23:07" ""
+ "Canon AAC Dec Wrapper" "CanonAACDecWrapper" "Canon Inc." "c:\program files (x86)\canon\canon mov decoder\canonaacdecwrapper.ax" "12/09/2011 07:49" ""
+ "Canon DES Resizer SaveMode" "CanonDESResizer" "Canon Inc." "c:\program files (x86)\canon\mdl40\canondesresizer.ax" "21/07/2011 06:28" ""
+ "Canon H.264 Decode Filter" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files (x86)\canon\canon mov decoder\canonh264filter.ax" "24/04/2014 09:56" ""
+ "Canon H.264 Encoder" "Canon H264 Encoder Filter" "CANON INC." "c:\program files (x86)\canon\canon mov encoder\canonh264encoder.ax" "11/10/2012 10:41" ""
+ "Canon Image Rotation Filter" "Canon Image Rotation Filter " "Canon Inc." "c:\program files (x86)\canon\mdp\canonrotatefilter.dll" "28/07/2011 01:05" ""
+ "Canon MDP Motion-JPEG Decoder" "Canon MDP Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files (x86)\canon\mdp\canonmdpmjpegdecoder.ax" "02/06/2009 04:41" ""
+ "Canon Motion-JPEG Decoder" "Canon Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files (x86)\canon\mdl40\canonmjpegdecoder.ax" "21/07/2011 06:59" ""
+ "Canon Motion-JPEG Encoder" "Motion-JPEG Encoder Filter" "Canon Inc." "c:\program files (x86)\canon\mdl40\canonmjpegencoder.ax" "21/07/2011 08:03" ""
+ "Canon Mov File Parser Filter" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files (x86)\canon\canon mov decoder\canonh264filter.ax" "24/04/2014 09:56" ""
+ "Canon Mov File Parser Filter2" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files (x86)\canon\canon mov decoder\canonh264filter.ax" "24/04/2014 09:56" ""
+ "Canon Mp4 File Parser Filter" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files (x86)\canon\canon mov decoder\canonh264filter.ax" "24/04/2014 09:56" ""
+ "Canon Resizer" "CanonResizer" "Canon Inc." "c:\program files (x86)\canon\mdl40\canonresizer.ax" "21/07/2011 06:41" ""
+ "Canon Text Source Filter" "Canon Text Source Filter" "Canon Inc." "c:\program files (x86)\canon\mdl40\canontextsourcefilter.ax" "22/07/2011 00:38" ""
+ "Canon WAV Dest" "CanonWavDest" "Canon Inc." "c:\program files (x86)\canon\mdl40\canonwavdest.ax" "21/07/2011 06:49" ""
+ "Canon-Actual-Data-Length-Setter" "CanonActualDataLengthSetter" "Canon Inc." "c:\program files (x86)\canon\mdl40\canonactualdatalengthsetter.ax" "21/07/2011 06:14" ""
+ "CyberLink Audio Decoder (PDVD10)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claud.ax" "22/05/2012 08:03" ""
+ "CyberLink Audio Effect (PDVD10)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudfx.ax" "25/12/2009 08:54" ""
+ "CyberLink Audio Watermark Detector" "Audio Watermark Detector" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clawmdetector.ax" "16/05/2012 02:01" ""
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudwizard.ax" "14/08/2009 13:26" ""
+ "CyberLink AudioCD Filter (PDVD10)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudiocd.ax" "23/06/2009 14:00" ""
+ "Cyberlink Demuxer 2.0" "CLDemuxer2" "Cyberlink" "c:\program files (x86)\cyberlink\powerdvd10\navfilter\cldemuxer2.ax" "11/07/2012 03:40" ""
+ "CyberLink Digest Filter (PDVD10)" "DigestFilter Dynamic Link Library" "" "c:\program files (x86)\cyberlink\powerdvd10\digestfilter.dll" "28/04/2010 12:54" ""
+ "CyberLink DVD Navigator (PDVD10)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clnavx.ax" "02/02/2012 12:46" ""
+ "CyberLink HAM Decoder" "CyberLink Video Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax" "24/05/2012 01:34" ""
+ "CyberLink HD/BD Mixer (PDVD10)" "CLHBMixer" " " "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clhbmixer.ax" "11/04/2012 10:03" ""
+ "CyberLink Line21 Decoder (PDVD10)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clline21.ax" "24/07/2009 02:21" ""
+ "CyberLink Matroska Splitter(PDVD10)" "CyberLink Matroska Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clmkvsplter.ax" "02/07/2010 09:20" ""
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clsplter.ax" "06/06/2012 01:36" ""
+ "CyberLink MPEG-4 Splitter (PDVD10)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clm4splt.ax" "25/05/2012 08:19" ""
+ "CyberLink RealAudio Decoder(PDVD10)" "CyberLink RealMedia Audio Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clrmaud.ax" "25/12/2009 03:44" ""
+ "CyberLink RealMedia Splitter(PDVD10)" "CyberLink RealMedia Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\navfilter\clrmsplitter.ax" "06/05/2010 09:42" ""
+ "CyberLink RealVideo Decoder(PDVD10)" "CyberLink RealMedia Video Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clrmvd.ax" "25/12/2009 03:42" ""
+ "Cyberlink SubTitle Importor (PDVD10)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax" "23/06/2011 07:22" ""
+ "Cyberlink SubTitle Importor 2.0 (PDVD10)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax" "23/06/2011 07:22" ""
+ "CyberLink TimeStretch Filter (PDVD10)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clauts.ax" "04/10/2010 03:39" ""
+ "CyberLink Tzan Filter (PDVD10)" "CyberLink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\cltzan.ax" "15/09/2011 06:04" ""
+ "CyberLink Video Decoder (PDVD10)" "CyberLink Video Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax" "24/05/2012 01:34" ""
+ "CyberLink Video/SP Decoder (PDVD10)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd10\videofilter\clvsd.ax" "11/05/2012 09:40" ""
+ "psWav Dest" "Canon Utilities Support Library" "Canon Inc." "c:\program files (x86)\canon\imagebrowser ex\pswavdes.ax" "04/09/2006 10:39" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "24/09/2015 10:00" ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "30/07/2015 03:42" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" "" "30/07/2015 22:42" ""
+ "_Wow64" "" "" "File not found: C:\WINDOWS\SysWOW64\Wow64.dll" "" ""
+ "_Wow64cpu" "" "" "File not found: C:\WINDOWS\SysWOW64\Wow64cpu.dll" "" ""
+ "_Wow64win" "" "" "File not found: C:\WINDOWS\SysWOW64\Wow64win.dll" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "24/09/2015 09:43" ""
+ "AthCredentialProvider" "Bluetooth Credential Provider" "Qualcomm®Atheros®" "c:\windows\system32\athcredentialprovider.dll" "24/01/2014 11:22" ""
+ "FaceCredentialProvider" "" "" "c:\windows\system32\facecredentialprovider.dll" "18/08/2015 06:54" ""
+ "IrisCredentialProvider" "" "" "c:\windows\system32\facecredentialprovider.dll" "18/08/2015 06:54" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" "" "24/09/2015 09:43" ""
+ "AthCredentialProvider" "Bluetooth Credential Provider" "Qualcomm®Atheros®" "c:\windows\system32\athcredentialprovider.dll" "24/01/2014 11:22" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "24/09/2015 09:46" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "31/08/2011 05:44" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "24/09/2015 09:46" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "31/08/2011 05:53" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "24/09/2015 09:52" ""
+ "EPSON PX820FWD Series 64MonitorBE" "EPSON Bi-directional Monitor AMD64" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_ilmgxe.dll" "12/11/2008 01:39" ""
+ "EpsonNet Print Port" "EpsonNet Print Component" "SEIKO EPSON CORPORATION" "c:\windows\system32\enppmon.dll" "12/11/2012 06:15" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" "" "28/10/2015 12:32" ""
+ "livessp" "" "" "File not found: livessp" "" ""
"HKCU\Software\Microsoft\Office\Outlook\Addins" "" "" "" "24/09/2015 09:39" ""
+ "{5B7AB748-6D2E-4827-90A5-32B426DC61B7}" "" "" "" "24/09/2015 09:39" ""
+ "{EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}" "" "" "" "24/09/2015 09:39" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\Outlook\Addins" "" "" "" "24/09/2015 09:45" ""
+ "Connect Class" "Microsoft Outlook Social Connector" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\socialconnector.dll" "13/05/2015 01:21" ""
+ "FormRegionAddin Class" "" "" "c:\program files (x86)\microsoft office\office14\addins\umoutlookaddin.dll" "14/02/2013 15:46" ""
+ "Microsoft VBA for Outlook Addin" "Outlook VBA Integration Add-In" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\addins\outlvba.dll" "14/02/2013 15:43" ""
+ "OneNote Notes about Outlook Items" "Microsoft OneNote Outlook Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnol.dll" "22/03/2015 22:25" ""
"HKCU\Software\Microsoft\Office\PowerPoint\Addins" "" "" "" "24/09/2015 09:39" ""
X "{3A7CAEBB-C5C3-4EFF-ADDF-C32663BDF8DA}" "" "" "" "24/09/2015 09:39" ""
+ "{49DCCAF0-D245-4463-A290-4688A06D0486}" "" "" "" "24/09/2015 09:39" ""
"HKCU\Software\Microsoft\Office\Word\Addins" "" "" "" "24/09/2015 09:39" ""
+ "{5B24624D-9DD8-4B23-BFB2-A8A5E60CB019}" "" "" "" "24/09/2015 09:39" ""
X "{C580A1B2-5915-4DC3-BE93-8A51F4CAB320}" "" "" "" "24/09/2015 09:39" ""

 



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:42 PM

Posted 28 October 2015 - 01:49 PM

Re-run Autoruns.
Scroll down to "Task Scheduler" section and uncheck following lines:

+ "\eKTqvKFkEtdTAPTCT"
+ "\fmD2HSuJznvn98stgCij7P"
+ "\jjk  Files Update Ver 20151027"
+ "\Wake for scheduled backup"

 

Restart computer and see how things are.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 29 October 2015 - 05:14 AM

Thanks for that.

PC behaving normally at last.

Is there anything else I should do now?

 

Andrew.



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:42 PM

Posted 29 October 2015 - 06:21 PM

I think you ran enough other scans to declare your computer as clean :)


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Akilia

Akilia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 29 October 2015 - 07:09 PM

Cool.

Thanks for the clean finish!

Andrew



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:42 PM

Posted 29 October 2015 - 07:10 PM

You're very welcome p22002759.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users