Jump to content

CPU usage 25%+.


Recommended Posts

This problem started a few weeks ago tried quite a few things nothing worked.Deleted quite a few malware but the issue remained.5-10 minutes after start up an unknown random process starts up in the task manager and starts using my cpu at around 25-30%.If i close the process another one with different name starts up,sometimes this 25% cpu usage issue can attach even to my programs like skype or opera,very strange.At the time i made these logs the running process is "C:\Users\NASKON~1\AppData\Local\Temp\hbaxvf.exe" i closed it and now a new one opened "C:\Users\NASKON~1\AppData\Local\Temp\wincaygjc.exe".This is causing high idle CPU temperatures (50-60C) and like 60-70C when browsing.

 

DDS.txt

.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
D:\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwssvc.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\NASKON~1\AppData\Local\Temp\hbaxvf.exe
C:\Users\NASKON~1\AppData\Local\Temp\wineffmi.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\NASKON~1\AppData\Local\Temp\wincaygjc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [!iLividDSOP] C:\Windows\System32\RUNDLL32.EXE C:\Users\NASKON~1\AppData\Local\Temp\SRAssetsHelper.dll,_SetOperaAssets http://dts.search-results.com/sr?src=opb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4192649920054270&q=%s,Search Results,r,
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: LogonType = dword:0
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll






TCP: NameServer = 213.16.45.18 85.118.91.2
TCP: Interfaces\{07959628-8791-4E9F-B19A-6C61E06E46AB} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145} : DHCPNameServer = 213.16.45.18 85.118.91.2
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145}\4505D2C494E4B4F5246454336303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145}\946716E6D2144435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145}\E41637B6F6E6479637 : DHCPNameServer = 213.16.45.18 85.118.91.2
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145}\E61637B6F6E6474796 : DHCPNameServer = 213.16.45.18 85.118.91.2
TCP: Interfaces\{F65BEA71-95A3-4444-849D-79797A7A4B7B} : DHCPNameServer = 85.118.91.2 213.16.45.17
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Lphant Applications\MediaBar\Datamngr\x64\BrowserConnection.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: {EA35911C-1B6A-4AF3-B803-913BA025C271} - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll


x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Hi-Rez Studios\HiPatchService.exe [2013-6-15 9216]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-6-22 30496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-4 283200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-6 418376]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwssvc.exe [2011-12-9 34320]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-1 2337144]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-2-19 718072]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-29 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-28 287232]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-6 25928]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2011-2-19 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IndieVolumeService;IndieVolume Service;C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe [2011-4-23 160768]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-6 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 Installer Service;Installer Service;C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\InstallerService.exe [2012-3-18 125952]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-21 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-29 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Услуга на технологиите за активиране на Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-29 1255736]
.
=============== Created Last 30 ================
.
2013-07-01 06:11:24 103140 ----a-w- C:\fqtmhh.pif
2013-06-22 17:43:33 -------- d-----w- C:\Windows\SysWow64\NV
2013-06-22 17:43:33 -------- d-----w- C:\Windows\System32\NV
2013-06-22 17:06:52 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-22 17:06:52 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-06-22 17:06:52 6491936 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-22 17:06:52 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-22 17:06:52 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-22 17:06:52 3165737 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-22 17:06:52 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-06-22 17:06:52 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-22 17:06:52 1025312 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-06-22 17:06:30 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-06-22 17:06:30 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-06-22 17:06:23 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-06-16 15:07:08 -------- d-----w- C:\Users\Naskontis\AppData\Local\NVIDIA
2013-06-15 17:14:54 -------- d-----w- C:\Users\Naskontis\AppData\Roaming\Awesomium
2013-06-15 17:14:09 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2013-06-15 17:05:02 -------- d-----w- C:\Users\Naskontis\AppData\Roaming\TERA
2013-06-09 15:25:52 -------- d-sh--w- C:\found.000
2013-06-06 07:48:12 -------- d-----w- C:\Users\Naskontis\AppData\Roaming\Malwarebytes
2013-06-06 07:48:05 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-06 07:48:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-06 07:48:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-06 07:46:05 -------- d-----w- C:\Program Files (x86)\FinalWire
2013-06-06 07:41:18 -------- d-----w- C:\ProgramData\Innovative Solutions
2013-06-06 07:41:16 -------- d-----w- C:\Users\Naskontis\AppData\Local\Innovative Solutions
2013-06-06 07:41:16 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions
2013-06-06 07:41:15 42496 ----a-w- C:\Windows\SysWow64\AdvUninstCPL.cpl
2013-06-06 07:41:13 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2013-06-06 07:12:43 -------- d-----w- C:\Users\Naskontis\AppData\Local\Macromedia
2013-06-06 07:11:44 -------- d-----w- C:\Users\Naskontis\AppData\Local\Mozilla
.
==================== Find3M ====================
.
2013-06-12 19:17:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 19:17:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 9:38:21,71 ===============

 

attach.txt

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 28.1.2011 г. 22:18:08
System Uptime: 1.7.2013 г. 09:09:46 (1 hours ago)
.
Motherboard: Acer | | Aspire 5742G
Processor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 11,241 GiB free.
D: is FIXED (NTFS) - 249 GiB total, 178,665 GiB free.
E: is FIXED (NTFS) - 298 GiB total, 198,185 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Архиватор WinRAR
µTorrent
Acrobat.com
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader XI (11.0.02)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Uninstaller PRO - Version 11
AIDA64 Business Edition v2.85
Aimersoft Video Converter Ultimate(Build 3.2.2.1)
Broadcom 802.11 Network Adapter
Broadcom Gigabit NetLink Controller
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Земя
Intel® Turbo Boost Technology Monitor
Java Auto Updater
Java 6 Update 23 (64-bit)
Java 6 Update 25
Java 7 Update 4 (64-bit)
Malwarebytes Anti-Malware, версия 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Bulgarian) 2010
Microsoft Office Excel MUI (Bulgarian) 2010
Microsoft Office Groove MUI (Bulgarian) 2010
Microsoft Office InfoPath MUI (Bulgarian) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Bulgarian) 2010
Microsoft Office Outlook MUI (Bulgarian) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (Bulgarian) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Bulgarian) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proofing (Bulgarian) 2010
Microsoft Office Publisher MUI (Bulgarian) 2010
Microsoft Office Shared 64-bit MUI (Bulgarian) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (Bulgarian) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (Bulgarian) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
neroxml
Nitro PDF Reader
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 320.18
NVIDIA Control Panel 320.18
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 320.18
NVIDIA Install Application
NVIDIA Optimus 4.11.9
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 4.11.9
NVIDIA Update Components
Opera 12.15
PC Connectivity Solution
PDF Settings
PotPlayer64 1.5.31934 BG
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 6.5
Synaptics Pointing Device Driver
TERA
Total Video Converter 3.71 100812
TwistedBrush Pro Studio
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Windows Driver Package - Nokia Modem (02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
YTD Video Downloader 3.9.6
«F1 2012» 1.1
.
==== Event Viewer Messages From Past Week ========
.
30.6.2013 г. 16:22:13, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
30.6.2013 г. 12:56:01, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
30.6.2013 г. 12:55:57, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
30.6.2013 г. 12:55:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
30.6.2013 г. 12:55:54, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
30.6.2013 г. 09:13:35, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
29.6.2013 г. 16:12:03, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
28.6.2013 г. 17:04:57, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
27.6.2013 г. 16:51:01, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
26.6.2013 г. 16:39:37, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
26.6.2013 г. 09:05:17, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
25.6.2013 г. 10:56:17, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
25.6.2013 г. 08:10:00, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
24.6.2013 г. 15:16:41, Error: Service Control Manager [7031] - Услуга TeamViewer 6 беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 60000 милисекунди ще бъде предприето следното коригиращо действие: Рестартиране на услугата.
24.6.2013 г. 15:16:39, Error: Service Control Manager [7034] - Услуга Skype C2C Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
24.6.2013 г. 15:16:37, Error: Service Control Manager [7034] - Услуга ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
24.6.2013 г. 15:16:34, Error: Service Control Manager [7034] - Услуга IndieVolume Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
24.6.2013 г. 15:16:33, Error: Service Control Manager [7034] - Услуга NitroPDFReaderDriverCreatorReadSpool беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
24.6.2013 г. 15:16:06, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
1.7.2013 г. 09:10:33, Error: Service Control Manager [7034] - Услуга IndieVolume Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
1.7.2013 г. 09:10:18, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
1.7.2013 г. 09:03:20, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
1.7.2013 г. 08:45:50, Error: Service Control Manager [7024] - Услуга HomeGroup Listener прекъсна със следната специфична за услугите грешка %%-2147023143.
1.7.2013 г. 08:45:41, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
1.7.2013 г. 08:45:34, Error: Service Control Manager [7024] - Услуга Защитна стена на Windows прекъсна със следната специфична за услугите грешка Достъпът е отказан..
1.7.2013 г. 08:35:48, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
1.7.2013 г. 08:22:32, Error: Service Control Manager [7034] - Услуга IndieVolume Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
1.7.2013 г. 08:18:40, Error: Service Control Manager [7001] - Услуга Windows Image Acquisition (WIA) зависи от услуга Откриване на хардуера за обвивката, която не може да бъде стартирана поради следната грешка: Услугата не може да бъде стартирана, защото е дезактивирана или защото няма разрешени устройства, асоциирани с нея.
.
==== End Of File ===========================

Link to post
Share on other sites

Hello naskontis and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: µTorrent

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    2012081517h0349.png

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 5
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log
Link to post
Share on other sites

tdsskiller log is too long link -  http://www.mediafire.com/download/de62u8djagdp3ww/TDSSKiller.2.8.16.0_02.07.2013_08.58.28_log.txt

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Naskontis at 9:10:16 on 2013-07-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.2807.1641 [GMT 3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
D:\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [!iLividDSOP] C:\Windows\System32\RUNDLL32.EXE C:\Users\NASKON~1\AppData\Local\Temp\SRAssetsHelper.dll,_SetOperaAssets http://dts.search-results.com/sr?src=opb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4192649920054270&q=%s,Search Results,r,
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: LogonType = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll






TCP: NameServer = 213.16.45.18 85.118.91.2
TCP: Interfaces\{07959628-8791-4E9F-B19A-6C61E06E46AB} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145} : DHCPNameServer = 213.16.45.18 85.118.91.2
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145}\4505D2C494E4B4F5246454336303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145}\946716E6D2144435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145}\E41637B6F6E6479637 : DHCPNameServer = 213.16.45.18 85.118.91.2
TCP: Interfaces\{63E21FBB-E466-4AA2-A119-BF4BAC3A3145}\E61637B6F6E6474796 : DHCPNameServer = 213.16.45.18 85.118.91.2
TCP: Interfaces\{F65BEA71-95A3-4444-849D-79797A7A4B7B} : DHCPNameServer = 85.118.91.2 213.16.45.17
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: {EA35911C-1B6A-4AF3-B803-913BA025C271} - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll


x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Hi-Rez Studios\HiPatchService.exe [2013-6-15 9216]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-7-2 30496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-4 283200]
R2 IndieVolumeService;IndieVolume Service;C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe [2011-4-23 160768]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-6 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-6 701512]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-1 2337144]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-2-19 718072]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-28 287232]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-6 25928]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2011-2-19 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-29 2320920]
S3 Installer Service;Installer Service;C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\InstallerService.exe [2012-3-18 125952]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-21 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-29 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Услуга на технологиите за активиране на Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-29 1255736]
.
=============== Created Last 30 ================
.
2013-07-02 05:57:15 208216 ----a-w- C:\Windows\System32\drivers\49634993.sys
2013-07-02 05:37:58 -------- d-----w- C:\Windows\ERUNT
2013-07-02 05:37:47 -------- d-----w- C:\JRT
2013-07-02 05:35:53 -------- d-----w- C:\Windows\SysWow64\NV
2013-07-02 05:35:53 -------- d-----w- C:\Windows\System32\NV
2013-07-02 05:30:31 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-07-02 05:30:31 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-07-02 05:30:31 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-07-02 05:30:31 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-07-02 05:30:31 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-07-02 05:30:31 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-07-02 05:30:31 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-07-02 05:30:31 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-07-02 05:30:31 1025312 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-07-02 05:30:02 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-07-02 05:30:02 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-06-22 17:06:23 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-06-16 15:07:08 -------- d-----w- C:\Users\Naskontis\AppData\Local\NVIDIA
2013-06-15 17:14:54 -------- d-----w- C:\Users\Naskontis\AppData\Roaming\Awesomium
2013-06-15 17:14:09 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2013-06-15 17:05:02 -------- d-----w- C:\Users\Naskontis\AppData\Roaming\TERA
2013-06-09 15:25:52 -------- d-sh--w- C:\found.000
2013-06-06 07:48:12 -------- d-----w- C:\Users\Naskontis\AppData\Roaming\Malwarebytes
2013-06-06 07:48:05 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-06 07:48:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-06 07:48:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-06 07:46:05 -------- d-----w- C:\Program Files (x86)\FinalWire
2013-06-06 07:41:18 -------- d-----w- C:\ProgramData\Innovative Solutions
2013-06-06 07:41:16 -------- d-----w- C:\Users\Naskontis\AppData\Local\Innovative Solutions
2013-06-06 07:41:16 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions
2013-06-06 07:41:15 42496 ----a-w- C:\Windows\SysWow64\AdvUninstCPL.cpl
2013-06-06 07:41:13 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2013-06-06 07:12:43 -------- d-----w- C:\Users\Naskontis\AppData\Local\Macromedia
2013-06-06 07:11:44 -------- d-----w- C:\Users\Naskontis\AppData\Local\Mozilla
.
==================== Find3M ====================
.
2013-06-12 19:17:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 19:17:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 9:11:53,41 ===============

 

Junkware Removal Tool log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Naskontis on ўв 02.07.2013 Ј. at 8:38:27,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] mywebsearchservice
Successfully deleted: [service] mywebsearchservice



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2057200185-894290512-1624029863-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\shoppingreport2
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\utorrentbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext\download with &media finder
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\browserconnection.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{ce4db5a3-58e6-41f1-8761-47238df4f468}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\typelib\{75e8da27-44af-40ae-927c-f2eec99d65b1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilivid_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilivid_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividmediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividmediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminentsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminentsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\ilividsrtb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{86F737CA-37F5-4ECF-BDF2-DA6149EABAB2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E6B74624-1C8E-4DF7-815A-E75E9EC27D85}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files

Successfully deleted: [File] "C:\Users\Naskontis\AppData\Roaming\microsoft\windows\start menu\programs\ilivid.lnk"
Successfully deleted: [File] "C:\chromehplog.txt"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\clsoft ltd"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Naskontis\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Naskontis\AppData\Roaming\kmpmediatoolbar"
Successfully deleted: [Folder] "C:\Users\Naskontis\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\Naskontis\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Naskontis\AppData\Roaming\pricegong"
Successfully deleted: [Folder] "C:\Users\Naskontis\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\local\conduitengine"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\local\tempdir"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\local\utorrentbar"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\kmpmediatoolbar"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\searchresultstb"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\shoppingreport2"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Users\Naskontis\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\funwebproducts"
Successfully deleted: [Folder] "C:\Program Files (x86)\kmpmediatoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\mywebsearch"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ўв 02.07.2013 Ј. at 8:42:14,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner log

 

# AdwCleaner v2.303 - Днвеник създаден на 02/07/2013 в 08:45:25
# Обновен на 08/06/2013 от Xplode
# Операционна Система : Microsoft Windows XP Service Pack 3 (64 bits)
# Потребител : Naskontis - NASKONTIS-PC
# Стартиращ режим : Нормален режим
# Стартиран от : C:\Users\Naskontis\Desktop\AdwCleaner.exe
# Настройка [Изтриване]


***** [Услуги] *****


***** [Файлове / Папки] *****

Папка Изтрити : C:\Program Files (x86)\1ClickDownload
Папка Изтрити : C:\Program Files (x86)\Gophoto.it
Папка Изтрити : C:\Program Files (x86)\TornTV.com
Папка Изтрити : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Папка Изтрити : C:\Users\Naskontis\AppData\Local\PackageAware
Папка Изтрити : C:\Users\Naskontis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Папка Изтрити : C:\Users\Naskontis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Системен регистър] *****

Ключ Изтрити : HKCU\Software\ConduitSearchScopes
Ключ Изтрити : HKCU\Software\DataMngr
Ключ Изтрити : HKCU\Software\DataMngr_Toolbar
Ключ Изтрити : HKCU\Software\Headlight
Ключ Изтрити : HKCU\Software\InstallCore
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C8ABA42-2B80-4CDC-8BA9-540D924C1BFF}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Ключ Изтрити : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Ключ Изтрити : HKCU\Software\PrivitizeVPNInstallDates
Ключ Изтрити : HKCU\Software\uTorrentBar
Ключ Изтрити : HKCU\Toolbar
Ключ Изтрити : HKCU\Software\92da8be53cb841
Ключ Изтрити : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Ключ Изтрити : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Ключ Изтрити : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Ключ Изтрити : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Ключ Изтрити : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Ключ Изтрити : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Ключ Изтрити : HKLM\Software\DataMngr
Ключ Изтрити : HKLM\Software\FocusInteractive
Ключ Изтрити : HKLM\Software\Fun Web Products
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Ключ Изтрити : HKLM\Software\uTorrentBar
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B44BC60-2457-4528-815B-93663CE808CB}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Ключ Изтрити : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Ключ Изтрити : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Ключ Изтрити : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Ключ Изтрити : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Ключ Изтрити : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Ключ Изтрити : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Ключ Изтрити : HKLM\SOFTWARE\DataMngr
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Ключ Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Ключ Изтрити : HKLM\SOFTWARE\Tarma Installer
Стойност Изтрити : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Стойност Изтрити : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Стойност Изтрити : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Стойност Изтрити : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]
Стойност Изтрити : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Стойност Изтрити : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Стойност Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Стойност Изтрити : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Стойност Изтрити : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

***** [Интернет браузъри] *****

-\\ Internet Explorer v8.0.7601.17514




-\\ Google Chrome v [неизвестна версия]

Файл : C:\Users\Naskontis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Файлът е чист.

-\\ Opera v12.15.1748.0

Файл : C:\Users\Naskontis\AppData\Roaming\Opera\Opera\operaprefs.ini



*************************

AdwCleaner[s1].txt - [32961 octets] - [02/07/2013 08:45:25]

########## EOF - C:\AdwCleaner[s1].txt - [33022 octets] ##########

 

Malwarebytes' Anti-Malware log

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Версия на базата от данни: v2013.07.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Naskontis :: NASKONTIS-PC [администратор]

Защита: включена

2.7.2013 г. 09:02:36 ч.
mbam-log-2013-07-02 (09-02-36).txt

Тип сканиране: Бързо сканиране
Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM
Изключени опции за сканиране: P2P
Сканирани обекти: 238088
Изминало време: 4 минута(и), 38 секунда(и)

Открити процеси в паметта: 0
(Не бяха открити зловредни обекти)

Открити модули в паметта: 0
(Не бяха открити зловредни обекти)

Открити ключове в системния регистър: 0
(Не бяха открити зловредни обекти)

Открити стойности в системния регистър: 0
(Не бяха открити зловредни обекти)

Открити информационни обекти в системния регистър: 0
(Не бяха открити зловредни обекти)

Открити папки: 0
(Не бяха открити зловредни обекти)

Открити файлове: 8
C:\fqtmhh.pif (Trojan.Malpack.Gen) -> Поставен под карантина и изтрит успешно.
C:\Users\Naskontis\AppData\Local\Temp\aoda.exe (Spyware.Password) -> Поставен под карантина и изтрит успешно.
C:\Users\Naskontis\AppData\Local\Temp\kqwqrs.exe (Trojan.Downloader) -> Поставен под карантина и изтрит успешно.
C:\Users\Naskontis\AppData\Local\Temp\ndgb.exe (Spyware.Password) -> Ще бъде изтрит при рестартиране.
C:\Users\Naskontis\AppData\Local\Temp\winkislp.exe (Trojan.Downloader) -> Поставен под карантина и изтрит успешно.
C:\Users\Naskontis\AppData\Local\Temp\winngglf.exe (Trojan.Downloader) -> Ще бъде изтрит при рестартиране.
C:\Users\Naskontis\AppData\Local\Temp\winpbpq.exe (Trojan.Downloader) -> Поставен под карантина и изтрит успешно.
C:\Users\Naskontis\AppData\Local\Temp\winsumj.exe (Trojan.Downloader) -> Поставен под карантина и изтрит успешно.

(край)

Link to post
Share on other sites

This is so evil it can attach even to malware bytes and start using my CPU! I though its fixed it was gone for 30 minutes but now its back! :wacko: But while it was gone my cpu usage was still high.The laptop was cleaned before a few weeks yet its running hot! I don't like these temperatures.Could it be hardware problem?a few months ago my dad spread coffee on it.We had to change the keyboard only but now i am starting to suspect something else has been damaged.But temperatures were fine after it was cleaned for a few days.(I am confused)

Link to post
Share on other sites

Let's clean your system from malware and then will know more.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 13-07-02.03 - Naskontis 07.2013 г. 23:04:10.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.2807.1721 [GMT 3:00]
Running from: c:\users\Naskontis\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\fqtmhh.pif
c:\programdata\Broowse2soave
c:\programdata\MAAggniPic
c:\programdata\SearchNewTab
c:\users\Naskontis\AppData\Local\assembly\tmp
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\networkdlllsp.dll
c:\windows\XSxS
D:\jwgkbb.pif
D:\pmldum.pif
D:\utic.pif
E:\cjov.pif
E:\fbtqx.pif
E:\gtpkp.pif
E:\lacjl.pif
E:\nspr.pif
E:\wqvq.pif
.
.
((((((((((((((((((((((((( Files Created from 2013-06-02 to 2013-07-02 )))))))))))))))))))))))))))))))
.
.
2013-07-02 20:10 . 2013-07-02 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-02 20:06 . 2013-07-02 20:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C9FF355-4ED5-4B83-9A6A-1EEAE1207A46}\offreg.dll
2013-07-02 05:57 . 2013-07-02 05:57 208216 ----a-w- c:\windows\system32\drivers\49634993.sys
2013-07-02 05:37 . 2013-07-02 05:37 -------- d-----w- c:\windows\ERUNT
2013-07-02 05:37 . 2013-07-02 05:38 -------- d-----w- C:\JRT
2013-07-02 05:35 . 2013-07-02 05:35 -------- d-----w- c:\windows\SysWow64\NV
2013-07-02 05:35 . 2013-07-02 05:35 -------- d-----w- c:\windows\system32\NV
2013-07-02 05:31 . 2013-07-02 05:31 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-07-02 05:30 . 2013-06-21 10:23 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-07-02 05:30 . 2013-06-21 10:23 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-07-02 05:30 . 2013-06-21 10:23 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-07-02 05:30 . 2013-06-21 10:23 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-07-02 05:30 . 2013-06-21 10:23 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-07-02 05:30 . 2013-06-21 10:23 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-07-02 05:30 . 2013-06-21 10:23 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-07-02 05:30 . 2013-06-21 10:23 1025312 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-07-02 05:30 . 2013-06-20 04:17 3253909 ----a-w- c:\windows\system32\nvcoproc.bin
2013-07-02 05:30 . 2013-06-21 12:06 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-07-02 05:30 . 2013-06-21 12:06 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-22 17:07 . 2013-07-02 05:35 -------- d-----w- c:\programdata\NVIDIA
2013-06-22 17:07 . 2013-06-22 17:07 -------- d-----w- c:\users\UpdatusUser
2013-06-22 17:06 . 2013-07-02 05:29 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-06-22 16:37 . 2013-06-22 16:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-06-16 15:07 . 2013-07-02 05:21 -------- d-----w- c:\users\Naskontis\AppData\Local\NVIDIA
2013-06-15 17:14 . 2013-06-15 17:14 -------- d-----w- c:\users\Naskontis\AppData\Roaming\Awesomium
2013-06-15 17:14 . 2013-06-15 17:14 -------- d-----w- c:\programdata\Hi-Rez Studios
2013-06-15 17:05 . 2013-06-15 17:05 -------- d-----w- c:\users\Naskontis\AppData\Roaming\TERA
2013-06-09 15:25 . 2013-06-09 15:25 -------- d-----w- C:\found.000
2013-06-06 07:48 . 2013-06-06 07:48 -------- d-----w- c:\users\Naskontis\AppData\Roaming\Malwarebytes
2013-06-06 07:48 . 2013-06-06 07:48 -------- d-----w- c:\programdata\Malwarebytes
2013-06-06 07:48 . 2013-06-06 07:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-06 07:48 . 2013-04-04 11:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-06 07:46 . 2013-06-06 07:46 -------- d-----w- c:\program files (x86)\FinalWire
2013-06-06 07:41 . 2013-07-01 05:47 -------- d-----w- c:\programdata\Innovative Solutions
2013-06-06 07:41 . 2013-06-06 07:41 -------- d-----w- c:\users\Naskontis\AppData\Local\Innovative Solutions
2013-06-06 07:41 . 2013-06-06 07:41 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2013-06-06 07:41 . 2009-11-05 09:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl
2013-06-06 07:41 . 2013-06-06 07:41 -------- d-----w- c:\program files (x86)\Innovative Solutions
2013-06-06 07:12 . 2013-06-06 07:12 -------- d-----w- c:\users\Naskontis\AppData\Local\Macromedia
2013-06-06 07:11 . 2013-06-06 07:11 -------- d-----w- c:\users\Naskontis\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 19:17 . 2012-07-25 06:19 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 19:17 . 2011-05-31 12:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"LogonType"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IndieVolumeService;IndieVolume Service;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dump_wmimmc;dump_wmimmc;d:\games\URohan\URohan\GameGuard\dump_wmimmc.sys;d:\games\URohan\URohan\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\InstallerService.exe;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\InstallerService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Naskontis\Desktop\RealTemp_370\WinRing0x64.sys;c:\users\Naskontis\Desktop\RealTemp_370\WinRing0x64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 19:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 213.16.45.18 85.118.91.2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - (no file)
BHO-{EA35911C-1B6A-4AF3-B803-913BA025C271} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-NVIDIA StereoUSB Driver - c:\program files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe
AddRemove-{8AE07235-3471-F7FA-0EAE-B77DF1C9679B} - c:\progra~3\InstallMate\{1A4275A1-16A4-4ED8-AC33-5E86C1A15757}\Setup.exe
AddRemove-{F04C60A3-3807-A31B-9448-F11748910B84} - c:\progra~3\InstallMate\{DCF6EA8F-1FFC-46A1-A44A-57DE0715C879}\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2057200185-894290512-1624029863-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F0691CC0-13AF-E5C7-FDAB-107CAE69D468}*]
"maaffimlglaajmlpfeigdcjnfp"=hex:64,61,69,66,65,68,6b,66,00,63
"laaffimlglaajmlphecjnand"=hex:67,62,68,66,67,67,6d,67,6c,63,6a,61,6e,6a,6b,66,
69,67,6e,63,6a,64,6c,63,6f,6f,70,69,6a,6d,66,6a,68,64,69,64,6e,61,6e,6c,6b,\
"lagemmiljljfhjfoppjhecee"=hex:67,62,68,66,67,67,6d,67,6c,63,6a,61,6e,6a,6b,66,
69,67,6e,63,6a,64,6c,63,6f,6f,70,69,6a,6d,66,6a,68,64,69,64,6e,61,6e,6c,6b,\
.
[HKEY_USERS\S-1-5-21-2057200185-894290512-1624029863-1000\Software\SecuROM\License information*]
"datasecu"=hex:96,79,34,26,72,3f,81,f4,41,93,40,44,58,98,dc,b4,d6,0f,cd,94,d9,
02,e1,1c,e5,a0,cc,44,d5,a0,46,30,d9,fe,a5,7e,d1,da,a9,74,0c,fb,37,c2,55,22,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\B20@O=5 *=0 *C*C*l*e*a*n*e*r*& \command]
@="c:\\Program Files\\CCleaner\\ccleaner.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-02 23:12:11
ComboFix-quarantined-files.txt 2013-07-02 20:12
.
Pre-Run: 11 264 466 944 bytes free
Post-Run: 11 192 238 080 bytes free
.
- - End Of File - - 29D847C8063E3A30730CAE7E91A16E08
A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::

IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

I think i just censoreded everything up.

I ran combofix just like you told me to but forgot malwarebyes on and everything froze and had to restart the laptop now my other pc has no internet connection and i failed everything  :wacko: .Combofix is indeed too powerful....i am so stupid......What to do now? :unsure:

Link to post
Share on other sites

No, leave it. It is not important at all.

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Longest scan so far at least 2 hours.

 

ESETscan.txt 

 

 

C:\fqtmhh.pif Win32/Sality virus
C:\ProgramData\YTD YouTube Downloader & Converter\ytd_installer.exe Win32/Sality.NBA virus
C:\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-A95000000001}\Setup.exe Win32/Sality.NBA virus
C:\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe Win32/Sality.NBA virus
C:\Users\All Users\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Nokia_PC_Suite_eng_web.exe Win32/Sality.NBA virus
C:\Users\All Users\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Installer\CommonCustomActions\UninstCCD.exe Win32/Sality.NBA virus
C:\Users\All Users\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Installer\CommonCustomActions\UninstPCS.exe Win32/Sality.NBA virus
C:\Users\All Users\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Installer\CommonCustomActions\UninstPCSFEMsi.exe Win32/Sality.NBA virus
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe Win32/Sality.NBA virus
C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\pcswpc.exe Win32/Sality.NBA virus
C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\Run_XML6_SP1.exe Win32/Sality.NBA virus
C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\WMF11Runx86.exe Win32/Sality.NBA virus
C:\Users\All Users\NVIDIA\Updatus\Packages\00003a6e\drsupdate.15912677_RUNASUSER.exe Win32/Sality.NBA virus
C:\Users\All Users\NVIDIA\Updatus\Packages\00003df8\updatus.16280348_RUNASUSER.exe Win32/Sality.NBA virus
C:\Users\All Users\NVIDIA\Updatus\Packages\00003e66\dao.16303927.exe Win32/Sality.NBA virus
C:\Users\All Users\NVIDIA\Updatus\Packages\00003e7b\dao.16329232.exe Win32/Sality.NBA virus
C:\Users\All Users\NVIDIA\Updatus\Packages\00003e82\dao.16337275.exe Win32/Sality.NBA virus
C:\Users\All Users\YTD YouTube Downloader & Converter\ytd_installer.exe Win32/Sality.NBA virus
C:\Users\Naskontis\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbgodljdhnfjdbbnlmjhjlmkfchlhgg\1\5165ac8710f9b6.78247037.js Win32/Adware.MultiPlug.H application
C:\Users\Naskontis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgoibmcbckkifnnckamlpmbhbdblegmo\1\517b89ea599cc1.15477760.js Win32/Adware.MultiPlug.H application
C:\Users\Naskontis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eioldfnpenccpifjhmedmpojpdmmcbfo\1\517b8ab89a7196.65049762.js Win32/Adware.MultiPlug.H application
C:\Users\Naskontis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjbpoadjckmllcpbffjmbjibhjkmcmfi\1\517b89c7a5d406.55780701.js Win32/Adware.MultiPlug.H application
C:\Users\Naskontis\AppData\Local\Google\Chrome\User Data\Default\Extensions\molknnbgpenpkepmifonkbncgbjdinkc\1\517b8ab2639400.30821566.js Win32/Adware.MultiPlug.H application
C:\Users\Naskontis\AppData\Local\Pando_Temp\PMBInst.exe Win32/Sality.NBA virus
C:\Users\Naskontis\AppData\Local\Temp\cqiqn.exe a variant of Win32/Spy.Keatep.A trojan
C:\Users\Naskontis\AppData\Local\Temp\nqwh.exe Win32/Agent.HLU trojan
C:\Users\Naskontis\AppData\Local\Temp\rjqv.exe Win32/Agent.HLU trojan
C:\Users\Naskontis\AppData\Local\Temp\rvbwg.exe Win32/Agent.HLU trojan
C:\Users\Naskontis\AppData\Local\Temp\tesrlh.exe Win32/Agent.HLU trojan
C:\Users\Naskontis\AppData\Local\Temp\tmrmxf.exe a variant of Win32/Spy.Keatep.A trojan
C:\Users\Naskontis\AppData\Local\Temp\winlojxm.exe a variant of Win32/Spy.Keatep.A trojan
C:\Users\Naskontis\AppData\Local\Temp\winlyal.exe Win32/Agent.HLU trojan
C:\Users\Naskontis\AppData\Local\Unity\WebPlayer\Uninstall.exe Win32/Sality.NBA virus
C:\Users\Naskontis\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application
C:\Users\Naskontis\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application
C:\Users\Naskontis\AppData\Roaming\MP3 Quality Modifier\Validator.exe Win32/Sality.NBA virus
C:\Users\Naskontis\Downloads\NFSHP_Activator.rar.exe Win32/InstalleRex.J application
D:\autorun.inf INF/Autorun.gen worm
D:\egem.exe Win32/Sality virus
D:\rmkwwi.exe Win32/Sality virus
D:\utic.pif Win32/Sality virus
D:\xbko.exe Win32/Sality virus
D:\Games\InstallHiRezGamesEnglish.exe Win32/Sality.NBA virus
D:\Games\F1 2012 (Repack) (Patch 1.1) [R.G. Catalyst]\Setup.exe Win32/Sality.NBA virus
D:\Games\Generals2\Command & Conquer Generals Zero Hour\generals.exe Win32/Sality.NBA virus
D:\Games\Generals2\Command & Conquer Generals Zero Hour\C&C Generals Zero Hour v1.04-Eng NoCD by IguanaMGT\generals.exe Win32/Sality.NBA virus
D:\Games\GTA 4\Grand Theft Auto IV\gta4Browser.exe Win32/Sality.NBA virus
D:\Games\GTA 4\Grand Theft Auto IV\gtaEncoder.exe Win32/Sality.NBA virus
D:\Games\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe Win32/Sality.NBA virus
D:\Games\GTA 4\Grand Theft Auto IV\SecuLauncher.exe Win32/Sality.NBA virus
D:\Games\Just Cause 2\JustCause2.exe Win32/Sality.NBA virus
D:\Games\Need for Speed Hot Pursuit\NFS11.exe Win32/Sality.NBA virus
D:\Games\TERA\Client\TL.exe Win32/Sality.NBA virus
D:\Hi-Rez Studios\AwesomiumProcess.exe Win32/Sality.NBA virus
D:\Qoobox\Quarantine\D\utic.pif.vir Win32/Sality virus
D:\R.G. Catalyst\F1 2012\uninstall\unins000.exe Win32/Sality.NBA virus
D:\Rohan YUEA\bugslayerutil.dll Win32/Ramnit.H virus
D:\Rohan YUEA\dbghelp.dll Win32/Ramnit.H virus
D:\Rohan YUEA\Error.exe Win32/Sality.NBA virus
D:\Rohan YUEA\fmod.dll Win32/Ramnit.H virus
D:\Rohan YUEA\GoUninstUSA.exe Win32/Sality.NBA virus
D:\Rohan YUEA\libeay32.dll Win32/Ramnit.H virus
D:\Rohan YUEA\Loader.exe Win32/Sality.NBA virus
D:\Rohan YUEA\makereg.exe Win32/Sality.NBA virus
D:\Rohan YUEA\MFC71.dll Win32/Ramnit.H virus
D:\Rohan YUEA\msvcp71.dll Win32/Ramnit.H virus
D:\Rohan YUEA\msvcr71.dll Win32/Ramnit.H virus
D:\Rohan YUEA\npkpdb.dll Win32/Ramnit.H virus
D:\Rohan YUEA\rohanclientmgr.exe Win32/Sality.NBA virus
D:\Rohan YUEA\wmasf.dll Win32/Ramnit.H virus
D:\Rohan YUEA\data\fairyclient.exe Win32/Ramnit.H virus
E:\autorun.inf INF/Autorun.gen worm
E:\fbtqx.pif Win32/Sality virus
E:\tkoigb.exe Win32/Sality virus
E:\CALC PHILIPS DE DOS\CALC PHILIPS DE DOS.exe Win32/Sality.NBA virus
E:\Pixarra.TwistedBrush.Pro.Studio.v19.17.Incl.Keygen-BRD\Keygen.exe Win32/Sality.NBA virus
E:\Pixarra.TwistedBrush.Pro.Studio.v19.17.Incl.Keygen-BRD\tbrusha.exe Win32/Sality.NBA virus
E:\Qoobox\Quarantine\E\fbtqx.pif.vir Win32/Sality virus
E:\????? ??????????\MP3QualityModifier.exe Win32/Sality.NBA virus
E:\????? 2\??.????? - ????? 2\Megane II X84 NT8266 ? 28-06-2004\NTSE.EXE Win32/Sality.NBA virus
C:\autorun.inf INF/Autorun.gen worm cleaned by deleting (after the next restart) - quarantined
C:\ComboFix\iexplore.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ComboFix\NircmdB.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ComboFix\SF.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ComboFix\en-US\iexplore.exe Win32/Sality.NBA virus cleaned - quarantined
C:\IGG\g2_en_kg\7zr.exe Win32/Sality.NBA virus cleaned - quarantined
C:\IGG\g2_en_kg\GameLoader.exe Win32/Sality.NBA virus cleaned - quarantined
C:\JRT\erunt\ERUNT.EXE Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\296.10\WinVista_Win7_64\International\NV3DVision\3DVision_296.10.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\314.22\Win8_WinVista_Win7_64\International\NV3DVision\3DVision_314.22.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7\International\Display.NView\nvAppBar.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7\International\Display.NView\nvTaskBar.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7\International\Display.NView\nwiz.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7\International\GFExperience\7z.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7\International\NV3DVision\3DVision_320.18.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\GFExperience\7z.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\International\NV3DVision\3DVision_320.18.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\GeForce320.18Driver\GFExperience\7z.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\GeForce320.18Driver\NV3DVision\3DVision_320.18.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\GeForce320.49Driver\GFExperience\7z.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\GeForce320.49Driver\NV3DVision\3DVision_320.49.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\bcmwlu00.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Diskeeper Corporation\Diskeeper\setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{4ABCC37A-5587-4BA6-BCD9-C6E1E71A8093}\7z.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU_\instmsiw.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU_\setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\CmdConverter.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\DAEMON Tools Lite\DTHelper.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Daum\PotPlayer\DTDrop.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\FinalWire\AIDA64 Business Edition\aida64.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\FinalWire\AIDA64 Business Edition\unins000.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\FFMPEG.EXE Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\adv_lib.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\InstallShield Installation Information\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}\setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Lphant Applications\MediaBar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Lphant Applications\MediaBar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Microsoft Office\OFFICE11\trz65FD.tmp Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Microsoft Office\OFFICE11\trzA2E7.tmp Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\ApplicationInstaller.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\CommunicationCentre.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\ConnectionManager.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\ContentCopier.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\ConversionHandler.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\GetConnected.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\ImageStore.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\OneTouchAccess.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PcSync2.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSyncLV.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\VideoManager.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\7z.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Opera\Autorun.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Opera\X64\setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Opera\X86\setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Pando Networks\Media Booster\BsSndRpt.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclBCBTSrv.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Pixarra\TwistedBrush\Uninstal.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Pixarra\TwistedBrush\AutoIt3\Au3Check.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Pixarra\TwistedBrush\AutoIt3\Au3Info.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Pixarra\TwistedBrush\AutoIt3\AutoIt3Help.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Pixarra\TwistedBrush\AutoIt3\Extras\Au3Record\Au3Record.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Pixarra\TwistedBrush\AutoIt3\Extras\SQLite\sqlite3.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Pixarra\TwistedBrush\AutoIt3\SciTE\SciTE.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Power Video Downloader\Power Video Downloader.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\AtomicParsley.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\GameCapture.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\itunescpy.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\Kdc.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\MediaBurner.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\RmDiskCp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\Total FLV sniffer.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\tvc.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\tvcshell.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\tvp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Total Video Converter\unins000.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\Video Snooper\WinPcap_4_1_1.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-A95000000001}\Setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Nokia_PC_Suite_eng_web.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Installer\CommonCustomActions\UninstCCD.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Installer\CommonCustomActions\UninstPCS.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Installer\CommonCustomActions\UninstPCSFEMsi.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\pcswpc.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\Run_XML6_SP1.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer\CommonCustomActions\WMF11Runx86.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NVIDIA\Updatus\Packages\00003a6e\drsupdate.15912677_RUNASUSER.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NVIDIA\Updatus\Packages\00003df8\updatus.16280348_RUNASUSER.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NVIDIA\Updatus\Packages\00003e66\dao.16303927.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NVIDIA\Updatus\Packages\00003e7b\dao.16329232.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NVIDIA\Updatus\Packages\00003e82\dao.16337275.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\YTD YouTube Downloader & Converter\ytd_installer.exe a variant of Win32/Bundled.Toolbar.Ask.C application cleaned - quarantined
C:\Qoobox\Quarantine\C\fqtmhh.pif.vir Win32/Sality virus deleted - quarantined
C:\Qoobox\Quarantine\D\jwgkbb.pif.vir Win32/Sality virus deleted - quarantined
C:\Qoobox\Quarantine\D\pmldum.pif.vir Win32/Sality virus deleted - quarantined
C:\Qoobox\Quarantine\D\utic.pif.vir Win32/Sality virus deleted - quarantined
C:\Qoobox\Quarantine\E\cjov.pif.vir Win32/Sality virus deleted - quarantined
C:\Qoobox\Quarantine\E\fbtqx.pif.vir Win32/Sality virus deleted - quarantined
C:\Qoobox\Quarantine\E\gtpkp.pif.vir Win32/Sality virus deleted - quarantined
C:\Qoobox\Quarantine\E\lacjl.pif.vir Win32/Sality virus deleted - quarantined
C:\Qoobox\Quarantine\E\nspr.pif.vir Win32/Sality virus deleted - quarantined
C:\Qoobox\Quarantine\E\wqvq.pif.vir Win32/Sality virus deleted - quarantined

Link to post
Share on other sites

I'm afraid I have some very bad news...

Sality is what we call a file-infector.

These are particularly malicious, in that they infect all of your legitimate programs.

The problem is... the virus is very buggy, so it does not do a good job of infecting your files, so any attempt to disinfect and possibly save your files would be futile, in that, due to the buggy virus, we cannot properly disinfect your files.

What I highly recommend now is a reformat and a reinstallation of Windows XP.

http://support.microsoft.com/kb/313348

Please let me know if you are prepared to do so.

You may backup and save all files except programs (meaning pictures and documents are okay), because if you backup any applications, they will transfer to your clean system, and you will be reinfected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.