Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU full virus?


  • Please log in to reply
14 replies to this topic

#1 elena54

elena54

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:25 AM

Posted 23 December 2014 - 09:36 AM

Hello!

 

 

Yesterday I tried to install Java, but after finishing I realised that my computer was running very slow and my CPU was 100 % full.
I thought that Java was the problem and I uninstalled it, but the problem didn't dissapear.
 
Then I thought it might be a virus, so I made a scan with Avast and it found some viruses in C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
and 
C:\ProgramData\lePluginServices\PluginService.exe
 
I couldn't find the first location, I also tried entering and scanning from the safe mode, but I think tht I got rid of the second virus, because I scanned with Malwarebytes, too and that folder disappeared.
I also deleted all the files from the Icons folder, but the problem persists.
 
I also made several scans with Adwcleaner, TDSS Killer and Kaspersky and I removed some viruses, but the CPU is still 90-100%.
 
 
In TaskManger I can see that every time I open my computer, one or two processes have about 40-50 %. Sometimes is taskhost.exe, but it could also be AthBtTray.exe, explorer.exe. I should mention that yesterday the CPU was max 30-50% full, but now it is full since the first boot of the laptop. Also, in safe mode is works fine.
 
What should I do? How to get rid of this virus? I can't work with the CPU full.
 
thank you! :)


BC AdBot (Login to Remove)

 


#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 23 December 2014 - 10:49 AM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this. Are you able to provide us with the logs of your previous scan?
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

:step4: Non-malware removal steps
 
Run System File Checker - http://support.microsoft.com/KB/929833
Run Disk Check - http://support.microsoft.com/kb/2641432
Run Disk Cleanup - http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup

Thanks and good luck!



#3 elena54

elena54
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania

Posted 23 December 2014 - 01:01 PM

Hello, thank you so much!

 

These are the logs:

 

 

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Elena (administrator) on 23-12-2014 at 18:45:51
Running from "C:\Users\Elena\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.37273 - BitTorrent Inc.)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{C074A0D0-2704-A130-3371-6EF9964442E2}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.2.0.65 - Atheros Communications)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
BS Player ControlBar B Toolbar for IE (HKLM\...\IECT3329621) (Version: 6.23.0.9 - BS Player ControlBar B)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
BuyNssave (HKLM\...\{842C4394-47F7-60DE-480B-C09116B63559}) (Version:  - BuyNsave)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) Hidden
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 2.4.0.0280 - Disc Soft Ltd)
Dotfuscator Software Services - Community Edition (HKLM\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions)
ETDWare PS/2-x86 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPSS World Student Version (HKLM\...\{C3BB98C4-9801-4BA3-A861-16D691438057}) (Version: 5.0.2 - Minuteman Software)
Intel® Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
Intel® Chipset Device Software (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Launch Manager (HKLM\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mandelbulber v2 (HKLM\...\35A39AB0-5E9F-4B70-98DA-4B8158C89C4B) (Version: 2.02 - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Professional - ENU (HKLM\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729 - Microsoft Corporation) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OCaml (HKLM\...\OCaml) (Version: 4.01.0 - Inria)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Structure Synth version 1.5 (HKLM\...\{E4CDF523-5418-47F2-8C82-3AA9688270BE}_is1) (Version: 1.5 - Syntopia)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TortoiseSVN 1.8.8.25755 (32 bit) (HKLM\...\{E9741943-84C8-48D3-9B88-CDD9CADF9DA0}) (Version: 1.8.25755 - TortoiseSVN)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
========================= Restore Points ==================================
 
09-12-2014 20:59:44 Installed Bluetooth Win7 Suite.
09-12-2014 21:02:24 Installed Adobe Reader 9.1 MUI.
09-12-2014 21:05:53 Instalat Realtek USB 2.0 Card Reader
09-12-2014 21:06:31 Installed Broadcom Gigabit NetLink Controller.
09-12-2014 21:11:55 Windows Update
09-12-2014 21:21:05 Installed Intel® Turbo Boost Technology Monitor
09-12-2014 21:21:37 Installed Intel® Turbo Boost Technology Monitor.
09-12-2014 21:22:55 Installed NVIDIA PhysX
09-12-2014 22:29:56 Installed Renesas Electronics USB 3.0 Host Controller Driver
10-12-2014 00:11:10 Instalat Realtek USB 2.0 Card Reader
10-12-2014 00:32:17 Removed Bluetooth Win7 Suite.
10-12-2014 00:33:24 Installed Bluetooth Win7 Suite.
10-12-2014 00:40:40 Installed Broadcom Gigabit NetLink Controller.
10-12-2014 10:29:17 Windows Update
10-12-2014 10:32:24 Installed GPSS World Student Version
10-12-2014 13:34:15 avast! antivirus system restore point
10-12-2014 13:37:01 avast! antivirus system restore point
10-12-2014 14:33:21 Windows Update
10-12-2014 14:54:42 Windows Update
10-12-2014 15:10:00 Windows Update
10-12-2014 18:39:34 Installed Microsoft Office Enterprise 2007
11-12-2014 11:28:03 Installed Microsoft Visual Studio 2010 Professional - ENU
11-12-2014 13:24:43 Windows Update
11-12-2014 14:17:46 Intel® Driver Update Utility
11-12-2014 14:22:01 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
15-12-2014 17:02:08 Installed TortoiseSVN 1.8.8.25755 (32 bit)
21-12-2014 14:54:05 Installed DirectX
21-12-2014 14:57:43 Removed TuneUp Utilities 2014
21-12-2014 14:58:58 Removed TuneUp Utilities 2014 (en-US)
22-12-2014 18:50:56 Removed Java 8 Update 25
22-12-2014 18:58:40 Installed Java SE Development Kit 8 Update 25
22-12-2014 20:02:38 Removed Java 8 Update 25
22-12-2014 20:13:16 Removed Java SE Development Kit 8 Update 25
23-12-2014 11:40:46 Windows Update
 
**** End of log ****
 
 
 
 
 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 
 
 
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 23.12.2014
Scan Time: 18:50:12
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.23.05
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Elena
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364430
Time Elapsed: 22 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
And also:
 
 
 
Windows Resource Protection did not find any integrity violations.
 
 
 
 
The system keeps freezing at startup because explorer.exe has 60-70% from CPU and I have to restart the computer very often or end processes from TaskManager in order to make the system run a little bit faster.
 
I would like to mention that I reinstalled Windows one or two weeks ago.
 
Thank you! :)
 
 


#4 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 23 December 2014 - 01:14 PM

Hello there,

:step1: Please uninstall some programs
 
There's currently some programs on your PC that we need to remove, for the time-being at least. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • µTorrent
  • BS Player ControlBar B Toolbar for IE

If any programs listed above aren't in Programs and Features, you can just skip them. Please download JavaRa from here and once opened it, select 'remove JRE' (If that's not there, select remove Java Runtime). Make sure you skip the re-install Java option!

:step2: Please download rKill to your desktop

  • Double click it (Win 7, 8 and Vista users, right-click and select run as admin)
  • The tool will run and then a log file should open.
  • Please post the contents of it in your next reply.

Please don't restart your computer before running the next step.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

:step5: Please visit the ESET Online Scanner webpage
:exclame: Internet Explorer MUST be used for this step.  :exclame:

  • Click the checkbox next to 'Yes, I accept the Terms of Use' and click start.
  • Select the checkboxes which are displayed in the picture below.

jqnp8z.png

  • Press start and the scan will now begin - this scan will take a long time.
  • When the scand finished, select list threats and then export.
  • Choose a name for the log (e.g ESET) and click save (to your desktop)
  • Press the back button and then click finish. Please include the contents of the log in your reply.


#5 elena54

elena54
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:25 AM

Posted 23 December 2014 - 02:40 PM

I'm back, but only with part I (the ESET online scanner is at 36% and he has already found 2 viruses:
 
JS/Kryptik.ATB trojan and
 
MSIL/FakeTool.PS trojan till now)
 
the rest of the logs:
 
Rkill 2.6.9 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/23/2014 08:26:19 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 12/23/2014 08:28:23 PM
Execution time: 0 hours(s), 2 minute(s), and 3 seconds(s)
 
 
 
# AdwCleaner v4.106 - Report created 23/12/2014 at 20:37:51
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Elena - ELENA-PC
# Running from : C:\Users\Elena\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : TBSrv
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\7379379916839794332
Folder Deleted : C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\END
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3329621
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar_B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.18667
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [2595 octets] - [23/12/2014 20:31:12]
AdwCleaner[S0].txt - [2455 octets] - [23/12/2014 20:37:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2515 octets] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x86
Ran by Elena on 23.12.2014 at 20:43:27,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.12.2014 at 20:54:27,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 


#6 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 23 December 2014 - 02:41 PM

ESET is known to take a long time :)



#7 elena54

elena54
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania

Posted 23 December 2014 - 05:37 PM

Part II :)
 
 
C:\Users\All Users\khdfcgjnkedbaaincngcbmlhmjcfipff\J9uGC.js JS/Kryptik.ATB trojan
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\ProgramData\khdfcgjnkedbaaincngcbmlhmjcfipff\J9uGC.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Elena\AppData\Local\ARFworks\Portnetg.dll a variant of Win32/Boaxxe.CJ trojan cleaned by deleting - quarantined
C:\Users\Elena\AppData\Local\Osttics\acxEnc.dll a variant of Win32/Boaxxe.CI trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Elena\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\backup\an 3 info\Daw\dtlite4413-0173.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
D:\backup\AN III info\Daw\dtlite4413-0173.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
D:\backup\POZE\POZE\New folder\LIMBO_byTorenico.rar a variant of Win32/HackTool.Crack.B potentially unsafe application deleted - quarantined
Operating memory a variant of Win32/Boaxxe.CI trojan contained infected files
 
Is it bad? Is Kryptik.ATB trojan causing the problems?
Thank you so much!


#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 23 December 2014 - 06:21 PM

It's possible that they were causing the issue.

 

Did you delete the quarantined files? Can you let me know how the PC is running now please.



#9 elena54

elena54
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:25 AM

Posted 23 December 2014 - 06:30 PM

Yes, I deleted the quarantined files and it seems that it works again!  :D Wow, thank you so much!

The CPU is now under 20%.   :)

 

But when I start the computer an error pops up, saying that the C:\Users\Elena\AppData\Local\Osttics\acxEnc.dll is missing.

 

Should I delete the entire folder Osttics? It contains a acxEnc.txt right now. I don't know what is it, I think that it was created by the virus.

I see that the date of the file is 22.12.2014, 20:29.

 

I also noticed this day and hour in other locations suspected to have viruses.

 

Do you have any idea why I got this virus and how to prevent a situation like this from now on?

Once again, thank you very much!


Edited by elena54, 23 December 2014 - 06:34 PM.


#10 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 23 December 2014 - 06:38 PM

Let's see what could be causing this error..

Download CCleaner from here. Once installed, open it and head over to the tools tab and select start-up. In the bottom right hand corner, select save to text file and select a name for it. Open the saved document and post the contents of it into your next reply. As-well as that. click the 'cleaner' tab, keep all the checkboxes the same and press run cleaner.

Download Autoruns from here, save it to your desktop and then extract it. Double click the extracted folder and navigate to autoruns and double-click it. Select file, save and change the 'save as type' to text file. Type in a name for it, such as Autoruns log and click save. Please post the contents of it into your next reply.



#11 elena54

elena54
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania

Posted 24 December 2014 - 04:24 AM

Good morning!

 

Here are the logs:

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run DAEMON Tools Ultra Agent Disc Soft Ltd "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
Yes HKCU:Run Obdrics Microsoft Corporation C:\Windows\System32\regsvr32.exe C:\Users\Elena\AppData\Local\ARFworks\Portnetg.dll
Yes HKCU:Run Osttics Microsoft Corporation regsvr32.exe C:\Users\Elena\AppData\Local\Osttics\acxEnc.dll
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run SoftonicAssistant "C:\Users\Elena\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run AthBtTray Atheros Commnucations "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
Yes HKLM:Run AtherosBtStack Atheros Commnucations "C:\Program Files\Bluetooth Suite\BtvStack.exe"
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run ETDWare ELAN Microelectronic Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run GrooveMonitor Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IAStorIcon Intel Corporation C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run LManager Dritek System Inc. C:\Program Files\Launch Manager\LManager.exe
Yes HKLM:Run NUSB3MON Renesas Electronics Corporation "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run WinampAgent Nullsoft, Inc. "C:\Program Files\Winamp\winampa.exe"
 
 
 
and
 
 
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "20.11.2010 23:35"
+ "rdpclip" "" "" "File not found: rdpclip" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "22.12.2014 22:04"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe" "28.02.2009 03:10"
+ "AthBtTray" "Bluetooth Tray" "Atheros Commnucations" "c:\program files\bluetooth suite\athbttray.exe" "13.03.2011 04:55"
+ "AtherosBtStack" "Bluetooth Stack Server" "Atheros Commnucations" "c:\program files\bluetooth suite\btvstack.exe" "13.03.2011 04:56"
+ "AvastUI.exe" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe" "27.11.2014 19:52"
+ "ETDWare" "ETD Control Center" "ELAN Microelectronic Corp." "c:\program files\elantech\etdctrl.exe" "13.04.2010 09:15"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe" "27.10.2006 08:53"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe" "31.01.2013 01:17"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastoricon.exe" "13.04.2010 18:52"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe" "31.01.2013 01:18"
+ "LManager" "Launch Manager" "Dritek System Inc." "c:\program files\launch manager\lmanager.exe" "10.08.2010 11:05"
+ "NUSB3MON" "USB 3.0 Monitor" "Renesas Electronics Corporation" "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe" "08.09.2011 08:47"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe" "31.01.2013 01:17"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rthdvcpl.exe" "22.06.2010 10:56"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe" "11.12.2009 04:54"
+ "WinampAgent" "Winamp Agent" "Nullsoft, Inc." "c:\program files\winamp\winampa.exe" "20.06.2012 18:13"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "10.12.2014 22:51"
+ ".NET Framework" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14.07.2009 01:42"
+ "Active Directory Service Interface" "Google Chrome Installer" "Google Inc." "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" "06.12.2014 00:59"
+ "Browsing Enhancements" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14.07.2009 01:42"
+ "DirectDrawEx" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14.07.2009 01:42"
+ "Dynamic HTML Data Binding" "Google Chrome Installer" "Google Inc." "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" "06.12.2014 00:59"
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" "06.12.2014 00:59"
+ "HTML Help" "Google Chrome Installer" "Google Inc." "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" "06.12.2014 00:59"
+ "Internet Explorer Core Fonts" "Google Chrome Installer" "Google Inc." "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" "06.12.2014 00:59"
+ "Internet Explorer Help" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14.07.2009 01:42"
+ "Internet Explorer Setup Tools" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14.07.2009 01:42"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14.07.2009 01:42"
+ "Microsoft Windows Script 5.6" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14.07.2009 01:42"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "23.12.2014 14:48"
+ "CCleaner Monitoring" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "09.12.2014 23:53"
+ "DAEMON Tools Ultra Agent" "DAEMON Tools Ultra Agent" "Disc Soft Ltd" "c:\program files\daemon tools ultra\dtagent.exe" "10.07.2014 10:01"
+ "Obdrics" "" "" "File not found: C:\Users\Elena\AppData\Local\ARFworks\Portnetg.dll" ""
+ "Osttics" "" "" "File not found: C:\Users\Elena\AppData\Local\Osttics\acxEnc.dll" ""
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe" "03.12.2014 12:56"
+ "SoftonicAssistant" "" "" "File not found: C:\Users\Elena\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe" ""
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "10.12.2014 20:44"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll" "27.10.2006 06:31"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "10.12.2014 20:44"
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll" "27.10.2006 09:20"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll" "19.08.2006 10:23"
+ "skypec2c" "Skype Click to Call IE Add-on" "Microsoft Corporation" "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll" "14.07.2014 19:06"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" "" "10.12.2014 20:44"
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "21.12.2014 16:58"
+ "ANotepad++" "ShellHandler for Notepad++" "" "c:\program files\notepad++\nppshell_06.dll" "12.05.2014 11:49"
+ "Atheros" "Bluetooth Application Extension" "Atheros Commnucations" "c:\program files\bluetooth suite\btvappext.dll" "13.03.2011 04:55"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "06.11.2014 14:51"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "02.12.2014 12:07"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "15.12.2014 19:04"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "15.12.2014 19:04"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "10.12.2014 20:44"
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "06.11.2014 14:51"
+ "FTShellContext" "ShellContextExt Module" "Atheros Commnucations" "c:\program files\bluetooth suite\shellcontextext.dll" "13.03.2011 04:54"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "21.12.2014 16:58"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "15.12.2014 19:04"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" "" "15.12.2014 19:04"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "15.12.2014 19:04"
+ "Ath_CopyHook" "AthCopyHook Dynamic Link Library" "Atheros Commnucations" "c:\program files\bluetooth suite\athcopyhook.dll" "13.03.2011 04:54"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "15.12.2014 19:04"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "14.07.2009 03:09"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "31.01.2013 01:18"
+ "NvCplDesktopContext" "NVIDIA Display Shell Extension" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll" "30.08.2013 01:00"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "15.12.2014 19:04"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll" "27.02.2009 22:16"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "15.12.2014 19:04"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "06.11.2014 14:51"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "02.12.2014 12:07"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "15.12.2014 19:04"
+ "TortoiseSVN" "" "" "c:\program files\tortoisesvn\bin\tortoisestub32.dll" "10.08.2014 14:58"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "02.12.2014 12:07"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "22.12.2014 23:08"
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "06.11.2014 14:51"
+ "1TortoiseNormal" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll" "13.06.2011 10:20"
+ "2TortoiseModified" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll" "13.06.2011 10:20"
+ "3TortoiseConflict" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll" "13.06.2011 10:20"
+ "4TortoiseLocked" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll" "13.06.2011 10:20"
+ "5TortoiseReadOnly" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll" "13.06.2011 10:20"
+ "6TortoiseDeleted" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll" "13.06.2011 10:20"
+ "7TortoiseAdded" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll" "13.06.2011 10:20"
+ "8TortoiseIgnored" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll" "13.06.2011 10:20"
+ "9TortoiseUnversioned" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll" "13.06.2011 10:20"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "23.12.2014 20:37"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll" "27.02.2009 22:07"
+ "CIESpeechBHO Class" "Bluetooth IE PlugIn" "Atheros Commnucations" "c:\program files\bluetooth suite\ieplugin.dll" "13.03.2011 04:54"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll" "27.10.2006 09:20"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "10.12.2014 20:45"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll" "27.10.2006 05:32"
+ "Send by Bluetooth to" "Bluetooth IE PlugIn" "Atheros Commnucations" "c:\program files\bluetooth suite\ieplugin.dll" "13.03.2011 04:54"
+ "Skype Click to Call settings" "Skype Click to Call IE Add-on" "Microsoft Corporation" "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll" "14.07.2014 19:06"
"Task Scheduler" "" "" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "09.12.2014 23:53"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "14.07.2009 01:37"
+ "\Microsoft\Windows Defender\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "14.07.2009 01:37"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "10.06.2009 23:19"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "14.07.2009 02:09"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe" "20.11.2010 11:40"
"HKLM\System\CurrentControlSet\Services" "" "" "" "24.12.2014 11:11"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "22.11.2014 00:47"
+ "AtherosSvc" "Atheros BT Stack Service Agent" "Atheros Commnucations" "c:\program files\bluetooth suite\adminservice.exe" "13.03.2011 04:54"
+ "avast! Antivirus" "Manages and implements Avast antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe" "06.11.2014 14:58"
+ "AvastVBoxSvc" "AvastVirtualBox Interface" "Avast Software" "c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe" "05.11.2014 12:42"
+ "Bonjour Service" "##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762##" "Apple Computer, Inc." "c:\program files\bonjour\mdnsresponder.exe" "28.02.2006 22:42"
+ "c2cautoupdatesvc" "Downloads and installs product updates." "Microsoft Corporation" "c:\program files\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe" "14.07.2014 19:06"
+ "c2cpnrsvc" "Provides phone number recognition services." "Microsoft Corporation" "c:\program files\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe" "14.07.2014 19:07"
+ "Disc Soft Bus Service" "Disc soft bus service" "Disc Soft Ltd" "c:\program files\daemon tools ultra\discsoftbusservice.exe" "10.07.2014 10:00"
+ "DsiWMIService" "Dritek WMI Service" "Dritek System Inc." "c:\program files\launch manager\dsiwmis.exe" "10.08.2010 11:05"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" "27.06.2006 09:39"
+ "gupdate" "Menţine software-ul Google actualizat. Dacă acest serviciu este dezactivat sau oprit, software-ul dvs. Google nu va fi actualizat, ceea ce înseamnă că eventualele vulnerabilităţi de securitate nu pot fi remediate, iar utilizarea anumitor funcţii s-ar putea dovedi imposibilă. Acest serviciu se dezinstalează automat atunci când nu este utilizat de niciun software Google." "Google Inc." "c:\program files\google\update\googleupdate.exe" "06.11.2014 19:49"
+ "gupdatem" "Menţine software-ul Google actualizat. Dacă acest serviciu este dezactivat sau oprit, software-ul dvs. Google nu va fi actualizat, ceea ce înseamnă că eventualele vulnerabilităţi de securitate nu pot fi remediate, iar utilizarea anumitor funcţii s-ar putea dovedi imposibilă. Acest serviciu se dezinstalează automat atunci când nu este utilizat de niciun software Google." "Google Inc." "c:\program files\google\update\googleupdate.exe" "06.11.2014 19:49"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe" "13.04.2010 18:52"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files\intel\intel® management engine components\lms\lms.exe" "04.03.2010 00:33"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes anti-malware\mbamscheduler.exe" "12.09.2014 03:29"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes anti-malware\mbamservice.exe" "20.11.2014 22:08"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe" "27.10.2006 08:44"
+ "MSSQL$SQLEXPRESS" "Provides storage, processing and controlled access of data, and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\sqlservr.exe" "30.03.2009 00:29"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe" "30.08.2013 01:00"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files\nvidia corporation\nvidia update core\daemonu.exe" "29.08.2013 23:25"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe" "27.10.2006 04:48"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe" "26.10.2006 23:00"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe" "03.04.2014 21:16"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe" "10.07.2008 00:38"
+ "TurboBoost" "Turbo Boost Monitor Service" "Intel® Corporation" "c:\program files\intel\turboboost\turboboost.exe" "02.11.2009 22:43"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files\intel\intel® management engine components\uns\uns.exe" "04.03.2010 00:35"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "27.05.2013 06:57"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "20.11.2010 12:36"
"HKLM\System\CurrentControlSet\Services" "" "" "" "24.12.2014 11:11"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "06.12.2008 01:59"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "01.05.2007 19:29"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "28.02.2007 02:03"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys" "12.04.2006 02:20"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "14.07.2009 01:11"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "19.03.2010 03:08"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "20.03.2009 20:35"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "19.03.2010 18:19"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "24.05.2007 23:31"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "14.01.2009 21:26"
+ "aswHwid" "avast! HardwareID" "" "c:\windows\system32\drivers\aswhwid.sys" "06.11.2014 14:54"
+ "aswMonFlt" "avast! mini-filter driver (aswMonFlt)" "AVAST Software" "c:\windows\system32\drivers\aswmonflt.sys" "06.11.2014 14:52"
+ "aswRvrt" "" "" "c:\windows\system32\drivers\aswrvrt.sys" "06.11.2014 14:53"
+ "aswSnx" "Avast! Virtualization Driver" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys" "21.11.2014 13:16"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys" "18.11.2014 11:06"
+ "aswVmm" "avast! VM Monitor" "" "c:\windows\system32\drivers\aswvmm.sys" "06.11.2014 14:53"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athr.sys" "07.05.2010 01:56"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys" "14.02.2009 00:10"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys" "26.04.2009 13:15"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "06.08.2006 23:33"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "06.08.2006 23:33"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "06.08.2006 23:33"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "06.08.2006 23:33"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "06.08.2006 23:33"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "09.08.2006 14:02"
+ "BTATH_BUS" "Atheros BUS driver" "Atheros" "c:\windows\system32\drivers\btath_bus.sys" "24.06.2010 08:17"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "14.07.2009 01:11"
+ "dtscsibus" "DAEMON Tools Virtual SCSI Bus Driver" "Disc Soft Ltd" "c:\windows\system32\drivers\dtscsibus.sys" "29.10.2012 11:28"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys" "31.12.2008 18:06"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "04.02.2009 00:09"
+ "ETD" "ETD Control Center" "ELAN Microelectronic Corp." "c:\windows\system32\drivers\etd.sys" "13.04.2010 12:12"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "11.05.2009 09:22"
+ "HECI" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\heci.sys" "17.09.2009 21:54"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "19.05.2009 01:42"
+ "iaStor" "Intel Rapid Storage Technology driver - x86" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys" "13.04.2010 18:33"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "11.06.2010 02:45"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys" "31.01.2013 01:34"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "13.12.2005 23:48"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys" "27.02.2010 01:31"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys" "22.06.2010 11:17"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys" "23.08.2011 15:11"
+ "k57nd60x" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60x.sys" "15.05.2010 14:51"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "10.12.2008 00:28"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "19.05.2009 02:19"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "19.05.2009 02:31"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "17.04.2009 00:14"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys" "03.09.2014 19:50"
+ "MBAMSwissArmy" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbamswissarmy.sys" "20.09.2014 00:13"
+ "MBAMWebAccessControl" "Malwarebytes Web Access Control" "Malwarebytes Corporation" "c:\windows\system32\drivers\mwac.sys" "18.06.2014 04:06"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "19.05.2009 03:09"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "19.05.2009 03:25"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "06.06.2006 23:12"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 327.02 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys" "29.08.2013 23:41"
+ "nvpciflt" "NVIDIA Windows Kernel Mode Driver, Version 327.02 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvpciflt.sys" "29.08.2013 23:42"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "19.03.2010 23:00"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "19.03.2010 22:51"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "23.01.2009 01:28"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "19.05.2009 03:17"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys" "22.09.2010 03:46"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "13.09.2006 15:18"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "24.09.2008 20:19"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "01.10.2008 23:52"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "18.02.2009 01:03"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "11.12.2009 04:29"
+ "TurboB" "Turbo Boost UI Monitor driver" "" "c:\windows\system32\drivers\turbob.sys" "02.11.2009 22:45"
+ "VBoxAswDrv" "VirtualBox Support Driver" "Avast Software" "c:\program files\avast software\avast\ng\vbox\vboxaswdrv.sys" "05.11.2014 13:30"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "14.07.2009 01:11"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "31.01.2009 03:13"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "15.12.2014 20:11"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "14.07.2009 03:06"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll" "20.11.2010 13:59"
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "10.12.2014 08:48"
+ "C:\Program Files\Internet Explorer\iexplore.exe" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "21.11.2014 09:56"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" "" "10.12.2014 17:00"
+ "C:\Windows\system32\nvinit.dll" "NVIDIA shim initialization dll, Version 327.02 " "NVIDIA Corporation" "c:\windows\system32\nvinit.dll" "29.08.2013 23:32"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "14.12.2014 19:28"
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Computer, Inc." "c:\program files\bonjour\mdnsnsp.dll" "28.02.2006 22:42"
"WMI Database Entries - run as Administrator for complete scan" "" "" "" ""
+ "BVTConsumer" "" "" "File not found: KernCap.vbs" ""
 

Edited by elena54, 24 December 2014 - 04:26 AM.


#12 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 24 December 2014 - 05:31 AM

Please select the following and click disable in the right-hand side in CCleaner:

  • Yes HKLM:Run WinampAgent Nullsoft, Inc. "C:\Program Files\Winamp\winampa.exe"
  • Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
  • Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
  • Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
  • Yes HKLM:Run IAStorIcon Intel Corporation C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
  • Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
  • Yes HKLM:Run GrooveMonitor Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  • Yes HKCU:Run SoftonicAssistant "C:\Users\Elena\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"

In Autoruns, please navigate to any entries that are highlighted in yellow, right-click them and select delete.



#13 elena54

elena54
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:25 AM

Posted 24 December 2014 - 05:51 AM

The errors don't appear at startup anymore :D Thank you very kindly for your time and for the clear instructions! You are great, I'm glad that I found this forum. :)



#14 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 24 December 2014 - 06:12 AM

Glad your issue is now resolved, have a Merry Christmas :)

For one last final step, please download Delfix from here and save it to your desktop. Right-click it and select run as administrator. Select the following and press run:

  • Remove disinfection tools
  • Purge system restore

To prevent infections in the future, I recommend you install the programs below:

One more thing, please download the latest version of Adobe Reader from here.

 

Happy surfing!



#15 elena54

elena54
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania

Posted 24 December 2014 - 07:00 AM

Done! :)

 

# DelFix v10.8 - Logfile created 24/12/2014 at 13:41:56
# Updated 29/07/2014 by Xplode
# Username : Elena - ELENA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\AdwCleaner
Deleted : C:\Users\Elena\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Elena\Desktop\JRT.txt
Deleted : C:\Users\Elena\Desktop\log.txt
Deleted : C:\Users\Elena\Desktop\minitoolbox.txt
Deleted : C:\Users\Elena\Desktop\Rkill.txt
Deleted : C:\Users\Elena\Downloads\adwcleaner_4.106.exe
Deleted : C:\Users\Elena\Downloads\JRT (1).exe
Deleted : C:\Users\Elena\Downloads\JRT.exe
Deleted : C:\Users\Elena\Downloads\JavaRa-2.6.zip
Deleted : C:\Users\Elena\Downloads\MiniToolBox.exe
Deleted : C:\Users\Elena\Downloads\Result.txt
Deleted : C:\Users\Elena\Downloads\rkill.exe
Deleted : C:\Users\Elena\Downloads\SecurityCheck.exe
Deleted : C:\Users\Elena\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #3 [Installed Bluetooth Win7 Suite. | 12/09/2014 20:59:44]
Deleted : RP #4 [Installed Adobe Reader 9.1 MUI. | 12/09/2014 21:02:24]
Deleted : RP #6 [Instalat Realtek USB 2.0 Card Reader | 12/09/2014 21:05:53]
Deleted : RP #7 [Installed Broadcom Gigabit NetLink Controller. | 12/09/2014 21:06:31]
Deleted : RP #8 [Windows Update | 12/09/2014 21:11:55]
Deleted : RP #10 [Installed Intel® Turbo Boost Technology Monitor | 12/09/2014 21:21:05]
Deleted : RP #11 [Installed Intel® Turbo Boost Technology Monitor. | 12/09/2014 21:21:37]
Deleted : RP #12 [Installed NVIDIA PhysX | 12/09/2014 21:22:55]
Deleted : RP #13 [Installed Renesas Electronics USB 3.0 Host Controller Driver | 12/09/2014 22:29:56]
Deleted : RP #15 [Instalat Realtek USB 2.0 Card Reader | 12/10/2014 00:11:10]
Deleted : RP #16 [Removed Bluetooth Win7 Suite. | 12/10/2014 00:32:17]
Deleted : RP #17 [Installed Bluetooth Win7 Suite. | 12/10/2014 00:33:24]
Deleted : RP #18 [Installed Broadcom Gigabit NetLink Controller. | 12/10/2014 00:40:40]
Deleted : RP #19 [Windows Update | 12/10/2014 10:29:17]
Deleted : RP #20 [Installed GPSS World Student Version | 12/10/2014 10:32:24]
Deleted : RP #22 [avast! antivirus system restore point | 12/10/2014 13:34:15]
Deleted : RP #24 [avast! antivirus system restore point | 12/10/2014 13:37:01]
Deleted : RP #25 [Windows Update | 12/10/2014 14:33:21]
Deleted : RP #26 [Windows Update | 12/10/2014 14:54:42]
Deleted : RP #27 [Windows Update | 12/10/2014 15:10:00]
Deleted : RP #29 [Installed Microsoft Office Enterprise 2007 | 12/10/2014 18:39:34]
Deleted : RP #30 [Installed Microsoft Visual Studio 2010 Professional - ENU | 12/11/2014 11:28:03]
Deleted : RP #31 [Windows Update | 12/11/2014 13:24:43]
Deleted : RP #32 [Intel® Driver Update Utility | 12/11/2014 14:17:46]
Deleted : RP #33 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 | 12/11/2014 14:22:01]
Deleted : RP #34 [Installed TortoiseSVN 1.8.8.25755 (32 bit) | 12/15/2014 17:02:08]
Deleted : RP #36 [Installed DirectX | 12/21/2014 14:54:05]
Deleted : RP #37 [Removed TuneUp Utilities 2014 | 12/21/2014 14:57:43]
Deleted : RP #38 [Removed TuneUp Utilities 2014 (en-US) | 12/21/2014 14:58:58]
Deleted : RP #39 [Removed Java 8 Update 25 | 12/22/2014 18:50:56]
Deleted : RP #40 [Installed Java SE Development Kit 8 Update 25 | 12/22/2014 18:58:40]
Deleted : RP #41 [Removed Java 8 Update 25 | 12/22/2014 20:02:38]
Deleted : RP #42 [Removed Java SE Development Kit 8 Update 25 | 12/22/2014 20:13:16]
Deleted : RP #43 [Windows Update | 12/23/2014 11:40:46]
 
New restore point created !
 
########## - EOF - ##########
 
Now I'm installing Adobe Reader and scanning for outdated programs.
 
Thank you so much! Merry Christmas  :santa: and a Happy New Year to you and your loved ones!  :)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users