Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Regedit's weird file asking for permission

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Regedit's weird file asking for permission

Unread postby Amaia » January 9th, 2013, 5:24 am

I think that my PC might be having a malware problem. Each time my PC starts, regedit asks for a permission for a weird file called PorTiAleMiAmor3813479005862333144.reg to do some changes. It's quite a suspicious file name I must admit. I haven't been doing anything related to hacks or any unsafe thing, at least not that I know of. I'd be very happy if you could help me out a bit :/

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.9.2
Run by Dijana at 10:13:17 on 2013-01-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3948.2234 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Telenor Internet\AssistantServices.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Telenor Internet\UIExec.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Telenor Internet\UIMain.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Telenor Internet\CMUpdater.exe
C:\Windows\regedit.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [CONNMGRTRAY] C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe Silent
uRun: [Facebook Update] "C:\Users\Dijana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Firewall] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Dijana\AppData\Roaming\Frutas\servidorcito.jar"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [UIExec] "C:\Program Files (x86)\Telenor Internet\UIExec.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.10.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{B7446F02-7257-44FC-AD4D-EF22CED22830} : DHCPNameServer = 192.168.10.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{B7446F02-7257-44FC-AD4D-EF22CED22830}\24F63716023305 : DHCPNameServer = 192.168.10.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{B7446F02-7257-44FC-AD4D-EF22CED22830}\24F63716023374 : DHCPNameServer = 192.168.10.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{B7446F02-7257-44FC-AD4D-EF22CED22830}\24F637163305 : DHCPNameServer = 192.168.10.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{B7446F02-7257-44FC-AD4D-EF22CED22830}\4656A616E677966696 : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-11-17 30056]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-17 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-17 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-17 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-17 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-17 44808]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-10 8704]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-17 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Telenor Internet\AssistantServices.exe [2012-11-18 270672]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-17 365376]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2012-11-17 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2012-11-17 21080]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2012-11-17 51752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-17 317440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-11-17 433976]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-11-18 11776]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-11-17 15712]
.
=============== Created Last 30 ================
.
2013-01-08 23:14:51 -------- d-----w- C:\Users\Dijana\AppData\Local\Stefan_Wobbe
2013-01-08 23:14:30 -------- d-----w- C:\Program Files (x86)\GIF Viewer
2013-01-08 23:10:53 33280 ----a-w- C:\rundll32.exe
2013-01-07 16:19:38 -------- d-----w- C:\Program Files (x86)\GPL MPEG Decoder
2013-01-07 16:17:10 -------- d-----w- C:\Users\Dijana\AppData\Local\DDMSettings
2013-01-07 16:14:06 -------- d-----w- C:\Program Files\DivX
2013-01-07 16:13:58 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2013-01-07 16:10:16 -------- d-----w- C:\Program Files (x86)\DivX
2013-01-07 16:09:43 -------- d-----w- C:\ProgramData\DivX
2013-01-05 21:47:03 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.2
2013-01-05 21:42:31 -------- d-s---w- C:\Users\Dijana\AppData\Roaming\Frutas
2012-12-27 16:31:29 -------- d-----w- C:\Users\Dijana\AppData\Roaming\.techniclauncher
2012-12-27 15:32:54 -------- d-----w- C:\Users\Dijana\AppData\Roaming\.minecraft
2012-12-22 15:34:16 -------- d-----w- C:\Users\Dijana\AppData\Roaming\NVIDIA
2012-12-14 18:50:07 -------- d-----w- C:\Users\Dijana\AppData\Local\qBittorrent
2012-12-14 18:50:06 -------- d-----w- C:\Users\Dijana\AppData\Roaming\qBittorrent
2012-12-14 10:56:46 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-14 10:56:46 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-14 10:56:36 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-13 12:41:03 -------- d-----w- C:\Program Files (x86)\qBittorrent
2012-12-12 21:37:56 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-12-10 19:09:55 -------- d-----w- C:\gravity
2012-12-10 12:15:19 -------- d-----w- C:\Users\Dijana\AppData\Roaming\Awesomium
2012-12-10 12:15:03 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-12-10 12:14:55 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
.
==================== Find3M ====================
.
2013-01-08 20:40:00 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 20:40:00 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-17 11:45:25 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-11-13 20:29:04 354216 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-22 16:39:58 12887552 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-10-22 16:39:56 10674176 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-10-22 16:39:54 5903392 ----a-w- C:\Windows\System32\GfxUI.exe
2012-10-22 16:39:54 399392 ----a-w- C:\Windows\System32\hkcmd.exe
2012-10-22 16:39:54 173568 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-10-22 16:39:54 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-10-22 16:39:50 185376 ----a-w- C:\Windows\System32\difx64.exe
2012-10-20 00:36:20 3544134 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-20 00:35:55 6222696 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-20 00:35:52 3310440 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-20 00:35:10 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-20 00:35:09 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-20 00:35:09 877416 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-10-20 00:35:09 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-20 00:35:09 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-10-20 00:35:09 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
.
============= FINISH: 10:13:44.87 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2012 9:40:37 AM
System Uptime: 1/9/2013 10:02:17 AM (0 hours ago)
.
Motherboard: Acer | | JE50_HR
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU1 | 2300/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 33.538 GiB free.
D: is FIXED (NTFS) - 230 GiB total, 198.758 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_16B5&SUBSYS_05041025&REV_10\4&2B4E00C3&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_16B5&SUBSYS_05041025&REV_10\4&2B4E00C3&0&00E0
Service: k57nd60a
.
==== System Restore Points ===================
.
RP29: 12/28/2012 8:55:32 PM - Scheduled Checkpoint
RP30: 1/7/2013 5:19:16 PM - Installed GPL MPEG-1/2 DirectShow Decoder Filter
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Acer 3G Connection Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Atheros Driver Installation Program
avast! Free Antivirus
CCleaner
Cheat Engine 6.2
Definition update for Microsoft Office 2010 (KB982726)
DivX Setup
Dolby Advanced Audio v2
DriverEasy 4.2.0
DriverMax 6
Facebook Video Calling 1.2.0.287
GIF Viewer 3.2 (v2)
Google Chrome
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
Hi-Rez Studios Authenticate and Update Service
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel® Trusted Connect Service Client
Java 7 Update 9
Java Auto Updater
League of Legends
Microsoft .NET Framework 4.5
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NetWorx 5.2.5
NVIDIA Control Panel 310.33
NVIDIA Graphics Driver 306.23
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Update 1.10.8
NVIDIA Update Components
Picasa 3
qBittorrent 3.0.6
Ragnarok Online2
Realtek High Definition Audio Driver
Skype™ 6.0
Smite
Telenor Internet
VC80CRTRedist - 8.0.50727.6195
.
==== Event Viewer Messages From Past Week ========
.
1/9/2013 12:51:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
1/8/2013 12:16:32 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{B7446F02-7257-44FC-AD4D-EF22CED22830} because another computer on the network has the same name. The server could not start.
1/8/2013 12:16:32 AM, Error: NetBT [4321] - The name "DIJANA-PC :20" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
1/8/2013 1:27:35 AM, Error: NetBT [4321] - The name "DIJANA-PC :0" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
Amaia
Active Member
 
Posts: 2
Joined: January 9th, 2013, 5:12 am
Advertisement
Register to Remove

Re: Regedit's weird file asking for permission

Unread postby Gary R » January 9th, 2013, 9:39 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Regedit's weird file asking for permission

Unread postby Gary R » January 9th, 2013, 9:42 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Amaia

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please download SystemLook from one of the links below and save it to your Desktop.

For 64 bit Systems
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:filefind
PorTiAleMiAmor3813479005862333144.reg
PorTiAleMiAmor*.reg 

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Regedit's weird file asking for permission

Unread postby Amaia » January 9th, 2013, 2:13 pm

Thank you very much for the answer! I've managed to fix it myself (somehow) by finding an automatic system restore point that was safe. The file is not there, and hopefully won't show up ever again. I really appreciate the work you do around here and I have to thank you again for the time that you've spent on answering me :)
Amaia
Active Member
 
Posts: 2
Joined: January 9th, 2013, 5:12 am

Re: Regedit's weird file asking for permission

Unread postby Gary R » January 9th, 2013, 6:33 pm

You're welcome, glad you were able to find a solution to your problem.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 413 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware