Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

annoying nym1.ib.adnxs.com add - reopen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

annoying nym1.ib.adnxs.com add - reopen

Unread postby peralarep » January 21st, 2013, 12:03 pm

wannabeageek,

as instructed by elrond, i could create a new topic for my problem since i´ve request the shutdown of my topic for the same problem in other forum.

If you could (and want) to keep helping me, i would apreciate.

Your last request was to:
1) post de Extras log from OTL
2) Download, run and save logs generated by DDS (i could not download from the link tou suggested)

And you also asked me for what i use my computer.

1) Extras.log:

OTL Extras logfile created on: 13/01/2013 13:52:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pedro\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,89 Gb Total Physical Memory | 3,35 Gb Available Physical Memory | 42,47% Memory free
10,64 Gb Paging File | 5,97 Gb Available in Paging File | 56,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 904,77 Gb Total Space | 765,54 Gb Free Space | 84,61% Space Free | Partition Type: NTFS

Computer Name: PERAL | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4797DB3F-EE5B-409F-9826-D68B5DF14507}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DB0EF37-D48F-47F6-9408-687D9946605C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51D812A1-147A-4F26-A42B-D06A49CDE70A}" = lport=137 | protocol=17 | dir=in | app=system |
"{52B5FBBF-F341-452B-9DFA-1DE49AC69D5D}" = lport=138 | protocol=17 | dir=in | app=system |
"{660F0C10-3785-4681-93C8-A019C03C0328}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C4706B0-BE1E-43CE-890A-4AEA8BF48BF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{80A351C4-CFA8-418F-A26C-1C3AD5BE6DE0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8AE3282A-560A-433F-BE71-C24CBA5DA766}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E82314F-535D-478E-BB2C-86C41F4B11EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8ED184FE-8313-4AAD-AE7B-4C57DB9A8C63}" = rport=445 | protocol=6 | dir=out | app=system |
"{9D223721-0262-4A4E-94BF-147CD69EFB20}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1770673-7940-468C-9C47-F03444D00013}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A516EA27-2272-4461-8748-40BC69D0BCCE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B2181C49-4BDA-4B9D-802C-1D9870EDC111}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B4B6EA8E-E157-4EE6-B882-FEE69D87E3B3}" = rport=137 | protocol=17 | dir=out | app=system |
"{C09160AC-5CD5-473B-A5EE-435A4186C396}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CB069F64-EAEE-445A-B9E6-0ED7231737BF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D8D5C7D5-D4F4-4255-93D5-D2893394978B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDA3B34B-4909-4023-B8E7-2226B6632A8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DF4B1C39-69C7-4741-8082-0A90BB4DB9A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7447406-C7EB-4580-8A69-807980C3AD5E}" = rport=139 | protocol=6 | dir=out | app=system |
"{EBF0D580-4420-438F-AB03-79F669A2EF83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0836048-8214-4178-883E-7475B883E757}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0F96006-BEC1-494D-BA2F-76F35CB0B98B}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076D3E4A-D726-455F-82AE-5403EF2F9CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{0A8AE3BD-F258-42A2-B26C-6435249F8921}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{0AE41DD9-DAE5-45C9-B314-BFC9FBEBF507}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{0DC33A05-FBF6-4093-9C1A-63B68F3BD304}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E1B713F-EEF6-4CA8-84E9-30381798C6AC}" = dir=out | name=evernote |
"{1155BEA0-30F6-4DD5-B9F8-7B94ED7C6707}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{11CA10E5-5480-46AF-860A-6C4C8966C690}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1546866F-E765-4E83-8059-EF73A91A16BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{193D47CB-6BCE-40F4-900C-6F166BD7E77B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19BFB368-EDBB-44E2-ACA0-75D4ABBDBCA6}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{23088140-7BAE-4F94-9E60-76DADAEE18F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{245F1E4E-603A-47C1-BF9B-5F14C1E7D076}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{274F8569-128F-4681-8AF8-93A82067EA48}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{2A82AB6B-5984-4697-B091-DD8843727582}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{2ADF19D5-A0F7-4CB5-B83E-BBA13969C072}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{2F9480A0-DF82-4651-9171-BDC058AD6206}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32C88CC9-0049-4F9E-9B43-09BDA043C25E}" = dir=out | name=s gallery |
"{3531EC8D-F3F7-4B57-BDCE-A234A6ACDE24}" = dir=out | name=fresh paint |
"{3645A2FA-CD9C-4253-AC17-BBF4FF1EA685}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{369012E9-A412-43CA-B787-73038647C525}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{36C7B97E-55D9-4E8F-8D8E-64569DEE8B4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E5EE1F3-2B64-4BF8-A95E-5ED1B8FAF9C7}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{3EEC5B70-7B3D-4EE7-8709-A056003A193E}" = dir=out | name=@{microsoft.bingfinance_1.7.0.29_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{3F2E6FCA-AAAA-4E5C-BE85-A19B3C33A790}" = dir=out | name=windows_ie_ac_001 |
"{413A8C01-9E98-414E-BB77-904A03547CDD}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{43685445-EE85-4550-9D0C-E396246CB4ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{439B3DEC-92B5-4D46-A22D-D3C041A05F82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4ED5453D-9332-4A47-B984-C497C4961430}" = protocol=6 | dir=in | app=c:\program files\condusiv technologies\intellimemory\intellimem.exe |
"{51CD6711-541F-4767-9F7C-9902D328F59C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{51EB35A7-1357-41D8-8D3B-C5F0628069A9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53B62D0F-4503-4799-B936-20778EF7EE61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{56054E7F-42E0-4375-B21C-066A1E975F54}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5759912B-D28D-4F6B-993B-FE4299C30DA9}" = dir=out | name=music maker jam |
"{57F755EA-D2F9-4B74-B3BF-563C0D37AAE1}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{592093EB-577F-49B0-BDCB-E51FBE18BD1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BDC6968-C5C1-4AC2-95E8-9A0D8069F083}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5DCDA232-F6D1-4BF3-ADA7-992362BE502A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62541CE3-7278-4B36-A193-6892B0E0EC0E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{62C10216-8E57-46C3-94E0-C55148E79D67}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{655D4BD8-CD15-473F-9BE9-E3531B7D4AE3}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{675CB6E6-C4D3-4803-819B-1EB47B57269E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6D45C6A9-8C2A-43A0-8539-3068220632F8}" = protocol=6 | dir=out | app=system |
"{75F1006A-A29B-4955-9425-CFE78828774F}" = dir=out | name=s player |
"{7C2084B6-21CE-4D5A-8CA4-5948D9315EE9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7DA75263-DF0D-4CBD-83D2-A3979B424154}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8029AD3C-2892-4DC7-B63F-AB973EC5B286}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{845865C9-2479-4839-8FE6-DC7CCF24E353}" = dir=out | name=jamie's recipes |
"{885F6F52-3CCB-467E-8F82-8DBAA4F61782}" = dir=out | name=photoeditor |
"{8A55EE2A-824D-45AC-845C-44029C0FA7E4}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{8E7132EF-E858-43C8-9ED4-65EAD2E68392}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{92DD1C4F-CAD5-410D-B1A3-F470A7E2386F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98E1796D-C6D1-49C1-BD4A-4FACF9EF2EC6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{9D50D9EB-8A3C-4618-A268-2E897E50AA01}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{A147D73F-4F14-4DE3-B10A-6C03D5138408}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{A2BFF05F-AC85-46F3-A68C-BDCC2871839F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{AAC38516-A1A5-4FB7-802D-479B7F1E8D79}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB873034-8FD0-47BE-B621-9361526339A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AFAE7B8B-DD24-48B4-8D0F-7D89AACB0707}" = dir=out | name=merriam-webster dictionary |
"{B4014F44-F4A2-44DE-8101-8ECAED6CE516}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B5D3FBB4-8D59-49C8-9E48-B14C14C7A283}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{B61A2F02-E941-4E1E-B952-67DA1B92530C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BE628B60-A0C2-45A4-9CE3-4AAF766D51FD}" = dir=out | name=chaton |
"{C0D16544-76B6-4ED1-B77D-D1651FCC4999}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C4FE1A84-6042-4DE5-B0FA-C2EE05FF1400}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{C58CCBBB-3C75-4A82-8672-812E36742F22}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{C823BA58-D157-4706-9AC8-BDEDAB4D8D01}" = dir=out | name=s camera |
"{CACAEF15-F2D2-46E8-AC85-16FEE98A8573}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{CADE9972-B1D7-4BD2-AD53-561029AADC0D}" = dir=out | name=kindle |
"{CB9464BE-B1E9-4D82-BA86-9B67CB7898E8}" = protocol=6 | dir=in | app=c:\program files\condusiv technologies\intellimemory\intellimem.exe |
"{CCFDFFB0-B12E-4A08-86E4-F1EB5EF75522}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{CD3C67DC-DAF1-4BFA-83DE-E41FDE94CE4B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DA8DBDCC-65D8-4088-838B-80215267AD1F}" = protocol=17 | dir=in | app=c:\program files\condusiv technologies\intellimemory\intellimem.exe |
"{DB7C6C69-02CA-4952-9C67-059992120943}" = dir=in | name=evernote |
"{E1679B04-DFF1-467A-972D-20D720D8BB14}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E19E36B5-E393-42F3-AED7-0ED5845EF386}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E40EA11F-AE54-4491-8F67-C811A3FA7A55}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E441F959-7320-455C-962D-A771CB1E5E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E461AE70-CA32-4BBE-B8F0-F58F96EDFB7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5E07632-047C-4BCB-A164-CFC103CE64FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E85F0C2A-E876-4D79-A35A-3F0AFBFF53AE}" = protocol=17 | dir=in | app=c:\program files\condusiv technologies\intellimemory\intellimem.exe |
"{E9D1FF47-0EC9-40BC-B5D6-6D70992BD27F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EDE43C99-691E-44D6-8F36-596E64638BB4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{F336B975-9EDD-4106-ABB5-F0E958AEA447}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F60706BE-1385-4FB0-8496-79324A0DDA73}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{F8DD28FC-BA64-4F02-868C-4128AE6B05FD}" = dir=out | name=family story |
"{FFF59ED3-81DA-4052-85E3-F3FFF4E6F09F}" = dir=in | name=music maker jam |
"TCP Query User{4445F824-134D-4FC7-A1AF-0BD8F9E56847}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe |
"TCP Query User{CAB43F18-4BFE-4CB8-9369-E2AC13BC0A2F}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe |
"UDP Query User{63BF582D-87A3-4634-8123-417318FADF3C}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe |
"UDP Query User{E3BB7FF3-A517-4DFD-BF78-03F36DBE421C}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0728A184-F899-4356-B93D-8228674F0DEB}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Software Intel® PROSet/Wireless WiFi
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}" = Help Desk
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{860203FC-987D-4429-8A08-8332B21AD90E}" = S Agent
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0416-1000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0015-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0416-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0416-1000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010
"{90140000-0017-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{82490730-B462-4F96-8630-835B87844D13}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0416-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0416-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0416-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0416-1000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.OMUI.pt-br_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{5A876683-AEAB-45E2-BA33-A767B54DB7E2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.OMUI.pt-br_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0416-1000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-002C-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{0FDF2566-665E-4F8A-B1AD-A0FE52B4224E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0416-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
"{90140000-0043-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{0C40F8A4-7695-48F7-8CAE-634D3882009B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0416-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-0044-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0416-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{8F2AC896-0A49-4054-83BF-3B03E6FBE7CD}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0416-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0416-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BD-0416-1000-0000000FF1CE}" = Microsoft Office ScreenTip Language 2010 - Português
"{90140000-0100-0416-1000-0000000FF1CE}" = Microsoft Office O MUI (Portuguese (Brazil)) 2010
"{90140000-0100-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{4106C383-0766-4EAD-BF87-E433E178A27E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0416-1000-0000000FF1CE}" = Microsoft Office X MUI (Portuguese (Brazil)) 2010
"{90140000-0101-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{FA1E2A29-0FC4-4F72-9305-38965DB82061}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 307.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 307.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{E93403C5-8A91-4940-89DB-EED69DA6E82E}" = IntelliMemory
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FD334FD4-FABA-4991-8614-A718C15E45A5}" = Support Center
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"9F04C462DAB591BDCCE784F77E4D4F1736010B92" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735)
"Office14.OMUI.pt-br" = Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039EA659-E421-45C6-8913-BED5D69B5536}" = User Guide
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0B5FDC99-E373-4F0F-938D-42AD090BACC0}" = Windows Live UX Platform Language Pack
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{175B4B56-63F1-464E-8286-4309E0A52395}" = Foto-galerija
"{18FE3424-7C22-4EDE-A3FD-414760CC363B}" = Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2D598A54-750B-4120-B8AD-ED938F74932C}" = Windows Live Essentials
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{302933F3-E6AD-414D-AB96-A18DBB979B1D}" = Movie Maker
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35FA69FA-49DD-4BDF-8140-7DC2C4472C45}" = Fotoğraf Galerisi
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45B29A59-D180-4BFC-A93D-DDD7E65647C8}" = Photo Common
"{46AEE281-3436-46EF-A36D-163F7125A290}" = Galeria de Fotos
"{46B14AF1-EDFA-4088-AB2B-22A8128A1C54}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings
"{547C128A-691D-4D09-B195-AC5194C07403}" = Windows Live Temel Parçalar
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AEEF79F-4278-4510-AAD0-23AD14508217}" = Photo Common
"{803D4B7D-71CD-46B9-8F89-8BFD73920FAF}" = Windows Live UX Platform Language Pack
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{91786428-D4AA-476D-8AF9-A63FFAC2901F}" = Allshare Play Link
"{9478A3AA-4C2C-4104-97D7-32C7EEB32F59}" = Support Center FAQ
"{959BC6D1-38C8-441F-9466-9ECCD4E68413}" = Galería de fotos
"{97373E60-D071-418A-87F1-A969EEEEBDAC}" = Windows Live Essentials
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A15FF85A-065C-4138-A934-113FDF8691EA}" = Windows Live Essentials
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AEBE7912-AA50-42EB-BBDA-AB352C4D8FAA}" = Movie Maker
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Suporte para Aplicativos Apple
"{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DB5D7E49-A671-4FCD-9708-3B2BC93DA995}" = Windows Live UX Platform Language Pack
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}" = Movie Maker
"{E3B75D04-2C2B-4423-8800-BF8BF345E504}" = Photo Common
"{E5E19577-2ECC-4C8E-A342-79D160A06097}" = Windows Live UX Platform Language Pack
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5B5BA56-8FEB-494B-84E6-C8DA9C2BEE50}" = SW Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"addlyrics@addlyrics.net" = AddLyrics
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DAEMON Tools Lite" = DAEMON Tools Lite
"Decor8" = Decor8
"Google Chrome" = Google Chrome
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center
"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 8" = TeamViewer 8
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/01/2013 11:17:28 | Computer Name = Peral | Source = Application Hang | ID = 1002
Description = O programa chromeinstall-7u10.exe versão 7.0.100.18 parou de interagir
com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre
o problema, verifique o histórico de problemas no painel de controle da Central
de Ações. ID do Processo: 1980 Hora de Início: 01cdec1e7b468737 Hora de Término: 4294967295

Caminho
do Aplicativo: C:\Users\Pedro\Downloads\chromeinstall-7u10.exe ID do Relatório:
2e2f6272-5814-11e2-be9e-c485089f0ed3 Nome completo do pacote com falha: ID do aplicativo
relativo ao pacote com falha:

Error - 06/01/2013 18:41:58 | Computer Name = Peral | Source = Application Hang | ID = 1002
Description = O programa NexusClient.exe versão 0.34.0.0 parou de interagir com
o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
do Processo: 1ae0 Hora de Início: 01cdec561ce24d33 Hora de Término: 4294967295 Caminho
do Aplicativo: C:\Program Files\Nexus Mod Manager\NexusClient.exe ID do Relatório:
433c41ea-5852-11e2-bea0-c485089f0ed3 Nome completo do pacote com falha: ID do aplicativo
relativo ao pacote com falha:

Error - 06/01/2013 19:50:03 | Computer Name = Peral | Source = Application Error | ID = 1000
Description = Nome do aplicativo com falha: IntelliMem.exe, versão: 1.0.30.0, carimbo
de data/hora: 0x50931209 Nome do módulo com falha: IM.dll, versão: 1.0.30.0, carimbo
de data/hora: 0x50931201 Código de exceção: 0xc0000094 Deslocamento da falha: 0x0000000000003407
ID
do processo com falha: 0x120 Hora de início do aplicativo com falha: 0x01cdec4915efe918
Caminho
do aplicativo com falha: C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
Caminho
do módulo com falha: C:\Program Files\Condusiv Technologies\IntelliMemory\IM.dll
ID
do Relatório: c8f2c3a7-585b-11e2-bea0-c485089f0ed3 Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error - 06/01/2013 20:27:34 | Computer Name = Peral | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 06/01/2013 20:27:34 | Computer Name = Peral | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15594

Error - 06/01/2013 20:27:34 | Computer Name = Peral | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15594

Error - 06/01/2013 20:28:33 | Computer Name = Peral | Source = Desktop Window Manager | ID = 9020
Description = O Gerenciador de Janelas da Área de Trabalho encontrou um erro fatal
(0x8898008d)

Error - 10/01/2013 20:11:07 | Computer Name = Peral | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/01/2013 20:11:07 | Computer Name = Peral | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15594

Error - 10/01/2013 20:11:07 | Computer Name = Peral | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15594

[ System Events ]
Error - 15/12/2012 13:26:28 | Computer Name = Peral | Source = BTHUSB | ID = 327710
Description = O adaptador local não dá suporte a um estado importante de controlador
de Baixo Consumo. O valor mínimo necessário com suporte para a máscara de estado
é 0x1f7fffff. O valor 0x1f3fffff foi obtido. A funcionalidade de Baixo Consumo
será desabilitada.

Error - 15/12/2012 13:31:24 | Computer Name = Peral | Source = Service Control Manager | ID = 7043
Description = O serviço Windows Update não foi desligado corretamente após receber
um controle de pré-desligamento.

Error - 15/12/2012 15:42:21 | Computer Name = Peral | Source = BTHUSB | ID = 327696
Description = Falha na autenticação mútua entre o adaptador Bluetooth local e um
dispositivo com endereço de adaptador Bluetooth (00:1b:af:32:0b:64).

Error - 16/12/2012 08:41:57 | Computer Name = Peral | Source = DCOM | ID = 10010
Description =

Error - 20/12/2012 07:19:49 | Computer Name = Peral | Source = DCOM | ID = 10010
Description =

Error - 20/12/2012 16:12:08 | Computer Name = Peral | Source = DCOM | ID = 10010
Description =

Error - 20/12/2012 16:12:08 | Computer Name = Peral | Source = DCOM | ID = 10010
Description =

Error - 20/12/2012 16:12:08 | Computer Name = Peral | Source = DCOM | ID = 10010
Description =

Error - 20/12/2012 16:12:08 | Computer Name = Peral | Source = DCOM | ID = 10010
Description =

Error - 03/01/2013 17:47:20 | Computer Name = Peral | Source = Service Control Manager | ID = 7030
Description = O serviço SW Update Service está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos.
Esse serviço pode não funcionar corretamente.


< End of report >


2) i´m waiting for a new option to downlod. If you dont see any problem, i can search it in google

My usage of this computer is for web surfing, editing documents, and playing some games (usually in a LAN).

Any other requests, plese post.

>>> Other "symptom" i´ve noticed: my windows firewall dont work anymore. I use kaspersky protection, so i have an active firewall, but the windows' one is gone... Even after deactivating kasper's firewall i cant turn windows' on...
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm
Advertisement
Register to Remove

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby peralarep » January 21st, 2013, 12:27 pm

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.11.2
Run by Pedro at 14:20:45 on 2013-01-21
Microsoft Windows 8 Single Language 6.2.9200.0.1252.55.1046.18.8080.5572 [GMT -2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
C:\Windows\System32\WWAHost.exe
C:\windows\WinStore\WSHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
uDefault_Page_URL = hxxp://samsung13.msn.com
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
uProxyServer = 150.164.255.201:3128
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: AddLyrics: {B40720CF-4DDD-40DC-86EA-26404E77C1E8} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [addlyrics@addlyrics.net] C:\Program Files (x86)\AddLyrics\YTLUpdater.exe
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
IE: &Enviar para o OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xportar para o Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{6D5D5AF9-6AE7-457D-B869-5DA1DD24F636} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{6D5D5AF9-6AE7-457D-B869-5DA1DD24F636}\442555D4F4E444 : DHCPNameServer = 192.168.25.1
TCP: Interfaces\{CC0B4BA4-6CF4-4B4C-AF56-2095BE025026} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{E2417AF0-0979-45E6-9ABB-144D864B62A3} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\nim2mp9n.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.uptodate.com/
FF - prefs.js: network.proxy.http - 150.164.255.201
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-20 15:22; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2012-12-20 15:22; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-12-20 15:22; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2012-12-20 15:22; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-12-20 15:22; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-01-13 13:01; addlyrics@addlyrics.net; C:\Program Files (x86)\AddLyrics\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-9-10 645952]
R0 intmsd;IntelliMemory Storage Filter Driver;C:\windows\System32\Drivers\intmsd.sys [2012-12-6 104272]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-1-13 30056]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-9-10 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\Drivers\dtsoftbus01.sys [2012-11-9 283200]
R1 intmfs;IntelliMemory File System Filter Driver;C:\windows\System32\Drivers\intmfs.sys [2012-12-6 28496]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\Drivers\klim6.sys [2012-8-2 28504]
R1 klwfp;klwfp;C:\windows\System32\Drivers\klwfp.sys [2012-12-5 48472]
R1 kneps;kneps;C:\windows\System32\Drivers\kneps.sys [2012-8-13 178008]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]
R2 AVP;Serviço do Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-11-22 356376]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-9-5 1593976]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-9-10 128896]
R2 IntelliMemory;IntelliMemory;C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [2012-11-1 55120]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-10 165760]
R2 SWUpdateService;SW Update Service;C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-12-27 2879176]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-3 3467768]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-10 364416]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + Adaptador virtual de alta velocidade;C:\windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
R3 BthLEEnum;Driver de Baixa Energia do Bluetooth;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-27 121728]
R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
R3 IntcDAud;Áudio do vídeo Intel(R);C:\windows\System32\Drivers\IntcDAud.sys [2012-8-17 342528]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-10-9 25568]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\Drivers\klkbdflt.sys [2012-12-5 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\Drivers\klmouflt.sys [2012-10-25 29528]
R3 NETwNe64;@oem23.inf,___ %NIC_Service_DispName_WIN8_64%;___ Driver do adaptador Intel(R) Wireless WiFi Link Série 5000 para Windows 8 64 bits;C:\windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-8-4 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-9-10 683664]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-10-9 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-10-9 188896]
S0 klelam;klelam;C:\windows\System32\Drivers\klelam.sys [2012-7-27 29616]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/09/10 17:33:22;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-5-22 243728]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + Protocolo de alta velocidade;C:\windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2012-9-19 102368]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-10-9 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-01-21 15:12:32 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-16 23:19:54 184000 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10189.bin
2013-01-14 01:08:00 -------- d-----w- C:\windows\SysWow64\NV
2013-01-14 01:08:00 -------- d-----w- C:\windows\System32\NV
2013-01-13 22:32:23 891240 ----a-w- C:\windows\System32\nvvsvc.exe
2013-01-13 22:32:23 870760 ----a-w- C:\windows\System32\nv3dappshext.dll
2013-01-13 22:32:23 63336 ----a-w- C:\windows\System32\nvshext.dll
2013-01-13 22:32:23 55144 ----a-w- C:\windows\System32\nv3dappshextr.dll
2013-01-13 22:32:23 3547239 ----a-w- C:\windows\System32\nvcoproc.bin
2013-01-13 22:32:23 3298664 ----a-w- C:\windows\System32\nvsvc64.dll
2013-01-13 22:32:23 2557800 ----a-w- C:\windows\System32\nvsvcr.dll
2013-01-13 22:32:22 6206312 ----a-w- C:\windows\System32\nvcpl.dll
2013-01-13 22:32:22 118120 ----a-w- C:\windows\System32\nvmctray.dll
2013-01-13 22:30:44 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-01-13 18:37:26 -------- d-----w- C:\Program Files\Enigma Software Group
2013-01-13 18:36:52 -------- d-----w- C:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-13 18:36:50 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-01-13 18:32:40 -------- d-----w- C:\Users\Pedro\AppData\Roaming\SpeedyPC Software
2013-01-13 18:32:40 -------- d-----w- C:\Users\Pedro\AppData\Roaming\DriverCure
2013-01-13 18:32:29 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2013-01-13 18:32:27 -------- d-----w- C:\ProgramData\SpeedyPC Software
2013-01-13 15:01:13 -------- d-----w- C:\Program Files (x86)\AddLyrics
2013-01-13 15:00:21 -------- d-----w- C:\Users\Pedro\AppData\Local\SwvUpdater
2013-01-13 14:34:53 12872 ----a-w- C:\windows\System32\bootdelete.exe
2013-01-13 13:54:51 -------- d-----w- C:\ProgramData\HitmanPro
2013-01-13 13:11:02 -------- d-----w- C:\Program Files (x86)\Bandicam
2013-01-13 12:51:12 -------- d-----w- C:\Users\Pedro\AppData\Roaming\Malwarebytes
2013-01-13 12:50:59 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-13 12:50:37 -------- d-----w- C:\Users\Pedro\AppData\Local\Programs
2013-01-12 18:48:46 -------- d-----w- C:\Users\Pedro\AppData\Roaming\BANDISOFT
2013-01-12 18:47:27 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2013-01-12 11:35:38 -------- d-----w- C:\Fraps
2013-01-09 14:47:51 80728 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 14:47:50 695640 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 23:57:33 86016 ----a-w- C:\windows\System32\ncryptsslp.dll
2013-01-08 23:57:33 71168 ----a-w- C:\windows\SysWow64\ncryptsslp.dll
2013-01-08 23:57:15 2361344 ----a-w- C:\windows\System32\msxml6.dll
2013-01-08 23:57:15 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2013-01-08 23:57:15 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2013-01-08 23:57:15 2048 ----a-w- C:\windows\System32\msxml6r.dll
2013-01-08 23:57:15 2048 ----a-w- C:\windows\System32\msxml3r.dll
2013-01-08 23:57:15 1836032 ----a-w- C:\windows\System32\msxml3.dll
2013-01-08 23:57:15 1802240 ----a-w- C:\windows\SysWow64\msxml6.dll
2013-01-08 23:57:15 1438720 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-01-06 15:46:43 -------- d-----w- C:\Games
2013-01-06 15:44:42 -------- d-----w- C:\Users\Pedro\AppData\Local\Black_Tree_Gaming
2013-01-06 15:44:32 -------- d-----w- C:\Program Files\Nexus Mod Manager
2013-01-06 15:20:38 859072 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-01-06 15:20:38 779704 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-01-06 11:01:55 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2013-01-06 11:00:44 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-01-06 11:00:44 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-01-06 11:00:44 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-01-06 11:00:44 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-01-06 11:00:43 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-01-06 11:00:43 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-01-06 11:00:43 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-01-06 11:00:42 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-01-06 11:00:34 -------- d-----w- C:\Users\Pedro\AppData\Local\Oblivion
2013-01-03 22:32:45 -------- d-----w- C:\Program Files (x86)\TeamViewer
.
==================== Find3M ====================
.
2012-12-16 08:28:20 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\windows\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-06 04:23:00 170496 ----a-w- C:\windows\System32\TimeBrokerServer.dll
2012-12-06 04:22:59 178176 ----a-w- C:\windows\System32\SystemEventsBrokerServer.dll
2012-12-06 01:53:05 48472 ----a-w- C:\windows\System32\drivers\klwfp.sys
2012-12-06 01:53:05 29016 ----a-w- C:\windows\System32\drivers\klkbdflt.sys
2012-12-04 04:21:42 368640 ----a-w- C:\windows\System32\sppwinob.dll
2012-12-04 03:59:08 4055552 ----a-w- C:\windows\System32\win32k.sys
2012-11-29 05:05:57 707584 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll
2012-11-29 05:05:57 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll
2012-11-28 04:21:17 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\windows\System32\UXInit.dll
2012-11-27 07:00:32 194280 ----a-w- C:\windows\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\windows\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\windows\System32\Taskmgr.exe
2012-11-27 04:49:20 1027152 ----a-w- C:\windows\SysWow64\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\windows\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\windows\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\windows\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\windows\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\windows\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\windows\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\windows\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\windows\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\windows\System32\mstsc.exe
2012-11-27 04:18:59 888832 ----a-w- C:\windows\System32\nshwfp.dll
2012-11-27 04:18:39 5974528 ----a-w- C:\windows\System32\mstscax.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\windows\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2012-11-27 04:17:32 718848 ----a-w- C:\windows\System32\BFE.DLL
2012-11-27 04:17:31 2302464 ----a-w- C:\windows\System32\authui.dll
2012-11-27 03:57:32 18432 ----a-w- C:\windows\System32\drivers\BtaMPM.sys
2012-11-27 03:56:29 31104 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:44 29952 ----a-w- C:\windows\System32\drivers\BthhfHid.sys
2012-11-20 08:00:23 6971624 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-11-20 05:24:19 1164800 ----a-w- C:\windows\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\windows\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\windows\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\windows\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\windows\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\windows\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\windows\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\windows\System32\drivers\hidi2c.sys
2012-11-19 07:33:34 70264 ----a-w- C:\windows\System32\bdmpega64.acm
2012-11-19 07:33:34 69752 ----a-w- C:\windows\System32\bdmpegv64.dll
2012-11-19 07:33:34 65656 ----a-w- C:\windows\SysWow64\bdmpega.acm
2012-11-19 07:33:32 65656 ----a-w- C:\windows\SysWow64\bdmpegv.dll
2012-11-19 07:33:32 25200 ----a-w- C:\windows\System32\bdmjpeg64.dll
2012-11-19 07:33:30 22640 ----a-w- C:\windows\SysWow64\bdmjpeg.dll
2012-11-15 06:08:41 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-15 06:06:34 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-13 04:20:30 1120768 ----a-w- C:\windows\System32\msctf.dll
2012-11-13 04:19:23 890880 ----a-w- C:\windows\SysWow64\msctf.dll
2012-11-10 04:23:25 132608 ----a-w- C:\windows\SysWow64\poqexec.exe
2012-11-10 04:23:18 148480 ----a-w- C:\windows\System32\poqexec.exe
2012-11-10 04:22:40 122880 ----a-w- C:\windows\System32\VmHostAI.dll
2012-11-10 04:22:35 144384 ----a-w- C:\windows\System32\tssdisai.dll
2012-11-10 04:22:14 126976 ----a-w- C:\windows\System32\RDWebAI.dll
2012-11-10 04:20:20 135680 ----a-w- C:\windows\System32\appserverai.dll
2012-11-09 17:04:03 450360 ----a-w- C:\windows\System32\drivers\SynTP.sys
2012-11-09 17:04:03 228664 ----a-w- C:\windows\System32\SynTPAPI.dll
2012-11-09 17:04:03 177976 ----a-w- C:\windows\System32\SynTPCo13.dll
2012-11-09 17:04:03 113976 ----a-w- C:\windows\SysWow64\SynTPCOM.dll
2012-11-09 17:03:57 535864 ----a-w- C:\windows\SysWow64\SynCOM.dll
2012-11-09 17:03:57 1048576 ----a-w- C:\windows\System32\syndata.bin
2012-11-09 17:03:57 1046328 ----a-w- C:\windows\System32\SynCOM.dll
2012-11-09 13:55:13 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2012-11-09 04:49:51 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:03:48 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-08 04:25:36 523776 ----a-w- C:\windows\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\windows\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\windows\SysWow64\dciman32.dll
2012-11-08 04:22:21 641536 ----a-w- C:\windows\System32\WSShared.dll
2012-11-08 04:22:20 198656 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\windows\System32\wininet.dll
2012-11-08 04:22:12 907776 ----a-w- C:\windows\System32\uxtheme.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\windows\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\windows\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\windows\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\windows\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\windows\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\windows\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\windows\SysWow64\lpk.dll
2012-11-08 01:56:52 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2012-11-06 07:52:07 445160 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04 277736 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2012-11-06 07:36:23 69864 ----a-w- C:\windows\System32\drivers\pdc.sys
2012-11-06 07:33:46 522640 ----a-w- C:\windows\System32\AUDIOKSE.dll
.
============= FINISH: 14:21:14,50 ===============
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby wannabeageek » January 21st, 2013, 10:48 pm

Hello peralarep, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby peralarep » January 24th, 2013, 3:15 pm

wannabeageek,

hello! another "alteration" encountered was that the windows' firewall its not enabled and i can not turn it on. While doing so, it fails. Even if i turn off kaspersky firewall and try to enable window's one... I dont know if it is related, but its an alteration.

Another think: sometimes, kaspersky blocks (and also notifies me) those pop-ups and sometimes it doesnt... strange.

any other requests, please say so

thanks
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby wannabeageek » January 24th, 2013, 4:54 pm

Hello peralarep,


P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. If you are at the Start screen, then Right-click in the screen's bottom-right corner. A circle with three lines in it with the text All Appswill pop up at the bottom of the screen. Left Click it and choose the Control Panel from the list of apps that will pop up. You will probably find it all the way to the right. You will probably need to use the scroll bar at the bottom of the screen to get to it. Once at the Control Panel continue the same way as you would if you came from the Desktop
  2. If you are at the Desktop then pull the mouse quickly to the right lower corner of the screen. The panel with a number of choices opens up. Click on settings and a list of Settings is shown. Select Control Panel.
  3. When the Control Panel appears, choose Programs and Features.
  4. Locate the following program:
    µTorrent
  5. Click it to choose it and then give the permission to go ahead if the computer asks for it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  6. When the program(s) have been uninstalled... Close Control Panel.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby peralarep » January 24th, 2013, 6:16 pm

Hello WBG,

i've uninstalled the P2P software (utorrent) as required.

I'm standing by.

=)
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby wannabeageek » January 27th, 2013, 12:13 pm

Hi peralarep,


Step 1.
Run OTL Script
We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005&barid= {B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
    IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q= {searchTerms}&crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
    IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005&barid= {B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
    IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q= {searchTerms}&crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
    IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\..\SearchScopes\{95AA9102-91C1-4CBA-B59E-E2CA23A0AE8F}: "URL" = http://www.mysearchresults.com/search?&c=4001&t=10&q= {searchTerms}
    IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q= {searchTerms}&crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
    FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}"
    FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com :1.0
    FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}&q="
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
    [2013/01/13 13:03:38 | 000,003,998 | ---- | M] () -- C:\Users\Pedro\AppData\Roaming\mozilla\firefox\profiles\nim2mp9n.default\searchplugins\sweetim.xml
    
    :REG
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0AE41DD9-DAE5-45C9-B314-BFC9FBEBF507}"=-
    "{57F755EA-D2F9-4B74-B3BF-563C0D37AAE1}"=-
    "{62541CE3-7278-4B36-A193-6892B0E0EC0E}"=-
    "{E40EA11F-AE54-4491-8F67-C811A3FA7A55}"=-
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Any problem executing the instructions?
  3. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby peralarep » January 27th, 2013, 1:37 pm

Hello WBG,

Thank you again. I didn't have any problem with your instructions.

After executing those commands, my computer restarted and, when i entered in desktop mode, the log appeared.
The symptoms persists; while i was browsing to this page, the pop-up appeared once. I've also checked my windows' firewall and it still disabled and i cant turn it on (even while trying to do it through executing services.msc)

OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-652798106-1447119271-1349535322-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95AA9102-91C1-4CBA-B59E-E2CA23A0AE8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95AA9102-91C1-4CBA-B59E-E2CA23A0AE8F}\ not found.
Registry key HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "http://home.sweetim.com/?crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}" removed from browser.startup.homepage
Prefs.js: helperbar@helperbar.com :1.0 removed from extensions.enabledAddons
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "SweetIM Search" removed from browser.search.selectedEngine
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "http://search.sweetim.com/search.asp?src=2&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
File C:\Users\Pedro\AppData\Roaming\mozilla\firefox\profiles\nim2mp9n.default\searchplugins\sweetim.xml not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AE41DD9-DAE5-45C9-B314-BFC9FBEBF507} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AE41DD9-DAE5-45C9-B314-BFC9FBEBF507}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57F755EA-D2F9-4B74-B3BF-563C0D37AAE1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57F755EA-D2F9-4B74-B3BF-563C0D37AAE1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62541CE3-7278-4B36-A193-6892B0E0EC0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62541CE3-7278-4B36-A193-6892B0E0EC0E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E40EA11F-AE54-4491-8F67-C811A3FA7A55} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E40EA11F-AE54-4491-8F67-C811A3FA7A55}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: EasySurvey

User: Pedro
->Temp folder emptied: 1585958 bytes
->Temporary Internet Files folder emptied: 539844 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 42705450 bytes
->Flash cache emptied: 1914 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715774 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1134648 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01272013_152254

Files\Folders moved on Reboot...
C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\windows\temp\24.0.1312.56_24.0.1312.52_chrome_updater.exe284d1259 not found!
C:\windows\temp\chrome_installer.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


thanks again
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby wannabeageek » January 28th, 2013, 12:47 am

Hello peralarep,

Do you have this proxy address set on your browsers?
uProxyServer = 150.164.255.201:3128 - Internet Explorer

FF - prefs.js: network.proxy.http - 150.164.255.201 - FireFox
FF - prefs.js: network.proxy.http_port - 3128


Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Right-click SystemLook_x64.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Please include in your next reply:
  1. Reply to my question about the Proxy Address
  2. Contents of SystemLook.txt log
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby peralarep » January 28th, 2013, 12:22 pm

Hello wbg,

Again, no dificulties while executing your instructions.
That proxy is from my university. We are allowed to use it in order to get access to some institutional subscriptions of journals and other stuff.

The firewall remais unactive. After turning my computer on today, i've not experienced the pop-up. Some times, kaspersky blocks that url and notifies me, but it's just sometimes and it havent happened today either...

The log generated by SystemLook_x64:


SystemLook 30.07.11 by jpshortstuff
Log created at 13:56 on 28/01/2013 by Pedro
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2FED26BB-C12C-51A4-B140-785E119523D6}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.7.0.26_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Classes\ActivatableClasses\CLSID\{2FED26BB-C12C-51A4-B140-785E119523D6}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.7.0.26_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002_Classes\ActivatableClasses\CLSID\{2FED26BB-C12C-51A4-B140-785E119523D6}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002_Classes\ActivatableClasses\Package\Microsoft.BingSports_1.7.0.26_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech]
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-

thanks =)
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby wannabeageek » January 30th, 2013, 1:17 am

Greetings peralarep,

peralarep wrote:The firewall remais unactive.
This was taken from the DDS log you posted earlier.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
Please note that Kaspersky has a firewall and this is why the windows firewall is turned off. FW does mean Fire Wall.



Step1.
Run OTL Script
We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech]
    
    :Commands
    [EMPTYTEMP]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



Step 2.
SystemLook
Please run SystemLook. It should still be on your Desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *eoengine*
    *eobho*
    *eorezo*
    
    :Folderfind
    *Windows Update Add-On*
    *Timeline Remover*
    *HD Media Codec*
    *FBLIX-SOCIAL*
    *Facebook Lily System*
    *Aqori browser extension*
    *Ad-Killer Pro*
    *Noads Popup Blocker*
    *OApps*
    *VideoFileDownload*
    
    :Regfind
    AFBB7970-789A-4264-BA70-E8127DECE400
    18AF7201-4F14-4BCF-93FE-45617CF259FF
    DF76E9B7-35EC-46FC-AF56-5B79DED9D64F
    C10DC1F4-CCDF-4224-A24D-B23AFC3573C8
    3B002D6C-B678-4EC0-B2E0-1F7F36F065E8
    68DD98BF-9DE8-418C-89F0-E37AC61CC2D9
    625F420E-A4A9-4B40-BC23-716C1C43893A
    EoRezo
    eobho
    ieobho
    eoengine
    IgnoreFrameApprovalCheck
    bho_project
    Trolltech
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log
  2. Contents of SystemLook.txt log
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby peralarep » January 30th, 2013, 1:07 pm

Hello WBG,

About the firewall, thanks for the explanation. I´ve only told you because it was something that, if i'm not wrong, was working properly before i've got this malware. Even when kasper was with its FW enabled, in other words, before this malware i think i had 2 firewalls. I say that because i could update my windows store aplications, which requires windows´s firewall to be on. Without it, i cant update those aplications. And that problem of updating started after malware exposure...

Again, no problem with your instructions and no pop-up since my last post!! =)

logs:

OTL:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: EasySurvey

User: Pedro
->Temp folder emptied: 332091 bytes
->Temporary Internet Files folder emptied: 500566 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 84918218 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144616 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 232272 bytes

Total Files Cleaned = 82,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01302013_135111

Files\Folders moved on Reboot...
C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\winstore.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:44 on 30/01/2013 by Pedro
Administrator - Elevation successful

========== filefind ==========

Searching for "*eoengine*"
No files found.

Searching for "*eobho*"
No files found.

Searching for "*eorezo*"
No files found.

========== Folderfind ==========

Searching for "*Windows Update Add-On*"
No folders found.

Searching for "*Timeline Remover*"
No folders found.

Searching for "*HD Media Codec*"
No folders found.

Searching for "*FBLIX-SOCIAL*"
No folders found.

Searching for "*Facebook Lily System*"
No folders found.

Searching for "*Aqori browser extension*"
No folders found.

Searching for "*Ad-Killer Pro*"
No folders found.

Searching for "*Noads Popup Blocker*"
No folders found.

Searching for "*OApps*"
No folders found.

Searching for "*VideoFileDownload*"
No folders found.

========== Regfind ==========

Searching for "AFBB7970-789A-4264-BA70-E8127DECE400"
No data found.

Searching for "18AF7201-4F14-4BCF-93FE-45617CF259FF"
No data found.

Searching for "DF76E9B7-35EC-46FC-AF56-5B79DED9D64F"
No data found.

Searching for "C10DC1F4-CCDF-4224-A24D-B23AFC3573C8"
No data found.

Searching for "3B002D6C-B678-4EC0-B2E0-1F7F36F065E8"
No data found.

Searching for "68DD98BF-9DE8-418C-89F0-E37AC61CC2D9"
No data found.

Searching for "625F420E-A4A9-4B40-BC23-716C1C43893A"
No data found.

Searching for "EoRezo"
No data found.

Searching for "eobho"
No data found.

Searching for "ieobho"
No data found.

Searching for "eoengine"
No data found.

Searching for "IgnoreFrameApprovalCheck"
No data found.

Searching for "bho_project"
No data found.

Searching for "Trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech]
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-

One newbie question:

1) in my older systemlook log, it also found registry entries from this:Searchqu. Is it harmless? Because you havent asked to clean it

Thanks!!!
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby wannabeageek » January 31st, 2013, 6:22 pm

Greetings peralarep,

The "searchqu" entries you refer to fall into the search criteria, but those entries are not what we are looking for. Removing them could damage your computer.
Let me know if the computer freezes during the fix.

Step1.
Run OTL Script
We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech]
    
    :Commands
    [EMPTYTEMP]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
SystemLook
Please run SystemLook. It should still be on your Desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *Trolltech*
    
    :Folderfind
    Trolltech*
    
    :Regfind
    Trolltech
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Step 3.
RSIT (Random's System Information Tool)
Please download RSITx64 by random/random... save it to your desktop.
  1. RT Mouse click on RSIT.exe and run as Administrator... read the disclaimer... click on Continue.
  2. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  3. Please post both..."log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, you may need seperate posts.)


Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log
  2. Contents of log.txt log
  3. Contents of SystemLook.txt log
  4. Contents of info.txt log
  5. Any problem executing the instructions?
  6. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby wannabeageek » February 2nd, 2013, 9:52 pm

Hi peralarep.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: annoying nym1.ib.adnxs.com add - reopen

Unread postby peralarep » February 2nd, 2013, 11:23 pm

Hello WBG,

sorry for the delay... i´ve been quite occupied these days.

The pop-up never appeared again. No problems with your instructions again. But it seems that trolltech remains resistent to your attempts to clean its registries! rs

OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: EasySurvey

User: Pedro
->Temp folder emptied: 12925 bytes
->Temporary Internet Files folder emptied: 549 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 10418143 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62775958 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 70,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02032013_010558

Files\Folders moved on Reboot...
C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\CR_2B05C.tmp\setup.exe moved successfully.
File\Folder C:\windows\temp\24.0.1312.57_chrome_installer.exe4601b50 not found!
C:\windows\temp\chrome_installer.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


SystemLookx64 log:

SystemLook 30.07.11 by jpshortstuff
Log created at 01:11 on 03/02/2013 by Pedro
Administrator - Elevation successful

========== filefind ==========

Searching for "*Trolltech*"
No files found.

========== Folderfind ==========

Searching for "Trolltech*"
No folders found.

========== Regfind ==========

Searching for "Trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech]
[HKEY_USERS\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-

RSITx64 log - part I:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pedro at 2013-02-03 01:17:20
Microsoft Windows 8 Single Language
System drive C: has 788 GB (85%) free of 926 GB
Total RAM: 8080 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:17:32, on 03/02/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16453)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Pedro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 150.164.255.201:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: AddLyrics - {B40720CF-4DDD-40DC-86EA-26404E77C1E8} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [addlyrics@addlyrics.net] C:\Program Files (x86)\AddLyrics\YTLUpdater.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Enviar para o Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Enviar para o Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CyberLink Product - 2012/09/10 17:33:22 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: IntelliMemory - Condusiv Technologies - C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 14465 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
"C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe"
C:\windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 783293311424
\??\C:\windows\system32\conhost.exe 0x4
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" -r
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe"
dashost.exe {ecc52aa8-03d4-452f-a987bdb9730f4444}
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe" /SERVICE
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe"
taskhostex.exe
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Samsung\Settings\sSettings.exe" /s
C:\windows\system32\SearchIndexer.exe /Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
C:\windows\system32\igfxext.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Samsung\S Agent\CommonAgent.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6068.1.1744666379\2125772773" --supports-dual-gpus=false --skip-gpu-full-info-collection --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2857 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pt-BR --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/16/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="6068.2.916703477\874879067" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pt-BR --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/16/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="6068.3.294551698\5584441" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pt-BR --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/16/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="6068.4.1604852367\1862807252" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pt-BR --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/16/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="6068.5.1861433074\876861402" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pt-BR --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/16/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="6068.6.356117171\663702771" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pt-BR --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/16/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="6068.7.45628877\288407398" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pt-BR --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/16/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="6068.8.1183694914\1551427635" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll" --lang=pt-BR --channel="6068.9.1252189357\2011650953" /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll" --lang=pt-BR --channel="6068.10.1071979505\2094754474" /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll" --lang=pt-BR --channel="6068.11.471352251\1479035670" /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll" --lang=pt-BR --channel="6068.12.1023040633\2019876938" /prefetch:4
"C:\Program Files\Samsung\Recovery\WCScheduler.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="6068.13.786904115\522261195" --lang=pt-BR --ignored=" --type=renderer " /prefetch:13
"C:\Program Files\Samsung\Support Center\GuaranaAgent.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pt-BR --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/HttpPipeliningCompatibility/disable_test/InfiniteCache/No/NetworkConnectivity/disable_network_stats/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/16/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwnd16/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_97/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="6068.17.1979522986\1750650244" /prefetch:3
"C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store
C:\windows\WinStore\WSHost.exe -Embedding
C:\windows\system32\msiexec.exe /V
C:\windows\servicing\TrustedInstaller.exe
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16455_none_624a7aa150f57306\TiWorker.exe -Embedding
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 572 576 584 65536 580
"C:\Users\Pedro\Downloads\RSITx64.exe"
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 113 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware