entinta

For some reason it wont let me post the other one, well lets try again.. And heres the Extras.Txt: OTL Extras logfile created on: 29.12.2012 6:06:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy 4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,79% Memory free 8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 707,64 Gb Free Space | 75,97% Space Free | Partition Type: NTFS Computer Name: PIIA-PC | User Name: Piia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06E26413-3A78-4667-ADD4-B53AC355DC58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0BEBBD85-8ADC-4C8D-BEDE-A410FF959804}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{0D6C4BE1-AA41-4A81-BDD1-640F1AA8D417}" = lport=445 | protocol=6 | dir=in | app=system | "{16555654-09AF-4280-82A3-EC805A602632}" = lport=138 | protocol=17 | dir=in | app=system | "{1FB60D1D-15BF-4F29-A974-7E760A9729D9}" = rport=138 | protocol=17 | dir=out | app=system | "{20BB6DD7-7C88-4DC3-9E71-7CFF6119BE71}" = rport=139 | protocol=6 | dir=out | app=system | "{4EEAF64A-09DD-4534-8F17-EC136AE703D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{67A9195F-4BAD-48EA-A69E-74840B097AAA}" = lport=10243 | protocol=6 | dir=in | app=system | "{70187DDF-C8AE-4A2F-8B7B-8DBABCD9BCE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{71FDB968-4A7C-4F29-A03B-3179FEB4E712}" = rport=137 | protocol=17 | dir=out | app=system | "{841BFB71-FCE7-4C4B-9342-66C90A3264DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{93B3A048-98D3-48A2-9698-65527DE7CE82}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{96E16A5C-7734-4BA0-B2E0-D81CD4D6B9C8}" = lport=137 | protocol=17 | dir=in | app=system | "{A3AC247A-BA81-4C76-A7D7-6CCF15C0682C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8B43191-BEBA-4E7D-AC46-AA503401C9C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD6378AD-4D87-4425-B23A-D4C0F7C50F7F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{AF69B62E-4546-4C12-8DB7-BA9142039A95}" = lport=139 | protocol=6 | dir=in | app=system | "{AFC8B682-0B07-4B32-B8D2-360B857D5399}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B1AD9CA2-B1A2-4139-9BDF-5A0C0BB78E79}" = rport=10243 | protocol=6 | dir=out | app=system | "{CC527B20-D343-46DE-A9DF-5817A3FEADAF}" = rport=445 | protocol=6 | dir=out | app=system | "{CC8F23E3-40A4-44FC-BAFE-BD38257A68CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DDCA8AF4-396C-449C-8D40-93C17ECC79FB}" = lport=2869 | protocol=6 | dir=in | app=system | "{E34B7AB2-2B76-476A-BDF4-BF12F8B99D47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{EA82B3A4-796D-419D-85F5-48F7E4AD1394}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ECED6ED8-40D7-4D39-87AB-1627D5303B15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FED73572-2DDB-49B5-8205-71971E9FB9E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008B7CCF-D150-4D02-B9B5-8892DDA97C81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{022FE372-DB3C-4E0A-A7BA-49AFB85630F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{02EA2BCE-06CC-4A51-AD96-CF97FD205BD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0AE2BF74-CA9B-410B-B75E-AAFF5FD2B12F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{0B76C593-E155-41ED-8F5C-94BA5C34C2EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0FA01246-BE5E-4DF6-BA55-59E4A41CD4EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{111107C5-E0DD-4CBB-B9F5-A3E2ECB21B3E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{128DC98B-CA63-4A96-AEEF-1587B3201801}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{1C9A2442-A1B8-4F37-B84C-C796F924F2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1F65745D-8649-4167-84C4-612613155D86}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{245F48F9-6CB6-4693-B6A5-7C1F0A38A932}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{24B7C199-7B39-4810-A10F-D20E71BE6559}" = protocol=6 | dir=out | app=system | "{259E0D11-92D8-4981-B633-CF2D48E0B418}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{25C6DB04-A526-4DDB-8A7D-0FA26BAD375E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{2A694B37-DF5D-4EBB-B8BC-8FA1B16A1C12}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{34692709-C21D-49ED-992B-CB609F753AFC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3BADFF36-F8F9-494F-A163-613173C174BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3CFD216A-C7F5-4E23-9590-92FB966515D4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{3E7B3F1E-24FB-4F52-94EE-D2370C80AD6C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{41B8FFEC-7128-4CF0-B410-F6F263E4BA71}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | "{53B97AF6-5119-41C4-9484-1DEDFBF9577F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{5A0EB74C-CC10-4D56-8B55-B745A889D0C7}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | "{704F3DCC-46E0-4A1C-A169-6478DAEAB42C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7561993B-3C3B-42FE-8413-89DAFC5B647F}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{85718020-272B-4435-95ED-266CDF59E098}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B50151B-3946-4669-BCF5-0060A69159DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{90F95EC9-9A59-4100-8B98-A8874F0445FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9155D6BA-9A66-4B35-AFB4-29B2C6321FA1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{94876C07-E0C2-45D0-A168-1643D9F9F058}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{99130E83-2FDF-4C01-9928-77C78D5E31D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{AA6D8331-87E0-47A7-A78F-BBB25E9A5E5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC914311-224A-42FC-8A62-DFE5BC30F28E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{BCE2A2EF-749D-4CB6-8853-E272689E2AE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C2CC7911-A654-4959-B791-F1D80171AAEE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{C70461A7-836C-469E-9786-F50F14D340A1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{CA15DC7E-DD0C-4A64-8AFD-0C858E12CA7B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{CAFD3E1F-A66A-4310-A2D3-A0AA2579B709}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CC4C15DA-0E10-437E-A128-C96B3D8813E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CEC314D0-5B44-46A2-8A73-25653237981E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D5F3E2A9-344B-427A-BB25-C11BE3B6048A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{D8464C78-76C2-44BA-A2F7-09539C8DD27C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E028E63A-4841-4C23-8217-547BEC9CA839}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E3D761C7-F760-439C-8957-1AC436A198DB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{E491875E-21CA-49B8-A88C-8ACC2AEE8228}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{E4DE6364-6E79-4B77-AA04-97B9DEFC1985}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{E8E2EE6F-EE9E-4D4F-96AD-C01812C565D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E986B053-D744-454A-A598-0C148294E4F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F2E2F1ED-0653-40B5-A7D5-2FB50441329E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7901F8C-73ED-430D-A934-73CC64DC5FB9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F8B33346-F541-4534-BA54-3A9A31A6C3A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{04D73E52-310D-4799-A930-76AD2E59812C}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{0F41CDA9-82B0-4A0B-AFC1-486C94CCCD56}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{3D1F7A1D-2738-4E15-A933-DFBE420A31BD}C:\program files (x86)\steam\steamapps\anaalisaukko\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\anaalisaukko\team fortress 2\hl2.exe | "TCP Query User{5978F7D8-0E4A-42B3-9963-0BAA3D5052CD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "TCP Query User{69DC92E1-D608-4E73-9DAA-1C9417D37CCC}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "TCP Query User{AABC1BA2-2A01-4C6D-BDC5-2394985DEE96}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{E78870FE-261E-4B78-9259-34BD76E102A8}C:\program files (x86)\steam\steamapps\anaalisaukko\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\anaalisaukko\counter-strike source\hl2.exe | "TCP Query User{EEAC417E-0777-4C39-B69B-814A6FB17185}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe | "TCP Query User{FFD448F0-CECE-4617-8981-096A1A49F2A9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{1DD3E9AD-1AF0-4382-98B1-5B23C951CDE0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{614C9617-2D65-4F12-9F53-F7596D3B6CDA}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{9ACC13C9-0603-467E-8F23-D85910E50464}C:\program files (x86)\steam\steamapps\anaalisaukko\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\anaalisaukko\counter-strike source\hl2.exe | "UDP Query User{9D713B2B-A905-42FE-B80F-8A41CD571472}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{A6F0C33B-5297-4233-8D59-1A490E30EC4C}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe | "UDP Query User{B0D81C33-FB55-4F0F-A83D-2857C841AA50}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{CA6DF23C-E99F-4BAC-9AB6-BF2F1D50E261}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{D39C267A-B532-4D62-87C8-4CEB34917ECB}C:\program files (x86)\steam\steamapps\anaalisaukko\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\anaalisaukko\team fortress 2\hl2.exe | "UDP Query User{DAB1032C-AB7F-4400-8590-BEE50EAB141F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer "{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes "{3D4BCAF1-DDA5-3E92-9143-1133D125B071}" = Microsoft .NET Framework 4 Client Profile FIN Language Pack "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager "{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64 "{BBA7005D-8C56-FFD3-81AE-D0481829BC70}" = AMD Fuel "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D80C85CD-B007-4B8E-9C35-1EF837C555ED}" = Microsoft Antimalware Service FI-FI Language Pack "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FI-FI Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON PX650 Series" = EPSON PX650 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FIN Language Pack" = Microsoft .NET Framework 4 Client Profilen suomen kielipaketti "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0682ecbd-72eb-4164-a6f4-71c77729f742}" = Nero MediaHome 4 Essentials "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Pihaparatiisi Kamasetti "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 29 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Superstara "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback "{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 Luksuslukaali Kamasetti "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = Mobiililaajakaista "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 Maailmanmatkaaja "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Lemmikit "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Audio Pack 1 "{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Applen ohjelmatuki "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Täyttä Elämää "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "DivXG400" = DivXG400 "Epson Printer Software Downloader" = Epson Printer Software Downloader "EPSON Scanner" = EPSON Scan "Epson Stylus Photo PX650_TX650 Käyttöopas" = Epson Stylus Photo PX650_TX650 Ohjekirja "Fallout2" = Fallout2 "Huawei Modems" = Huawei modem "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Ohjelmistoalustan laitehallinta "LastFM_is1" = Last.fm 1.5.4.27091 "Mozilla Firefox 17.0.1 (x86 fi)" = Mozilla Firefox 17.0.1 (x86 fi) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "OpenAL" = OpenAL "Origin" = Origin "Steam App 22380" = Fallout: New Vegas "Steam App 240" = Counter-Strike: Source "WinLiveSuite" = Windows Liven asennustyökalu "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "PhotoFiltre" = PhotoFiltre ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.12.2012 22:52:11 | Computer Name = Piia-PC | Source = Application Error | ID = 1000 Description = Viallisen sovelluksen nimi: Wow-64.exe, versio: 5.1.0.16357, aikaleima: 0x50bd644f Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.17725, aikaleima: 0x4ec4aa8e Poikkeuskoodi: 0xc0000374 Virhepoikkeama: 0x00000000000c40f2 Viallisen prosessin tunnus: 0x758 Viallisen sovelluksen käynnistysaika: 0x01cdde5c77478de0 Viallisen sovelluksen polku: C:\Program Files (x86)\World of Warcraft\Wow-64.exe Viallisen moduulin polku: C:\Windows\SYSTEM32\ntdll.dll Raportin tunnus: 40336f80-4a50-11e2-a894-bcaec5ac6a60 Error - 20.12.2012 18:31:11 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815 Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä 3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR) ei kelpaa elementissä assemblyIdentity. Error - 21.12.2012 12:19:04 | Computer Name = Piia-PC | Source = Application Hang | ID = 1002 Description = Ohjelman Wow-64.exe versio 5.1.0.16357, lakkasi olemasta yhteydessä Windowsiin, joten se suljettiin. Voit tarkistaa, onko ongelmasta saatavilla lisätietoja, ohjauspaneelin Toimintokeskus-kohdasta. Prosessin tunnus: 924 Alkamisaika: 01cddf96b46477c0 Päättymisaika: 382 Sovelluksen polku: C:\Program Files (x86)\World of Warcraft\Wow-64.exe Raportin tunnus: 204e3ac1-4b8a-11e2-bdff-bcaec5ac6a60 Error - 21.12.2012 18:31:15 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815 Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä 3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR) ei kelpaa elementissä assemblyIdentity. Error - 22.12.2012 2:25:48 | Computer Name = Piia-PC | Source = Application Error | ID = 1000 Description = Viallisen sovelluksen nimi: Wow-64.exe, versio: 5.1.0.16357, aikaleima: 0x50bd644f Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.17725, aikaleima: 0x4ec4aa8e Poikkeuskoodi: 0xc0000374 Virhepoikkeama: 0x00000000000c40f2 Viallisen prosessin tunnus: 0x158c Viallisen sovelluksen käynnistysaika: 0x01cde00876a334e0 Viallisen sovelluksen polku: C:\Program Files (x86)\World of Warcraft\Wow-64.exe Viallisen moduulin polku: C:\Windows\SYSTEM32\ntdll.dll Raportin tunnus: 6c24fad0-4c00-11e2-8988-bcaec5ac6a60 Error - 22.12.2012 18:31:29 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815 Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä 3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR) ei kelpaa elementissä assemblyIdentity. Error - 26.12.2012 10:17:58 | Computer Name = Piia-PC | Source = Application Error | ID = 1000 Description = Viallisen sovelluksen nimi: TS3W.exe, versio: 0.1.0.27, aikaleima: 0x4f2b35b6 Viallisen moduulin nimi: TS3W.exe, versio: 0.1.0.27, aikaleima: 0x4f2b35b6 Poikkeuskoodi: 0xc0000005 Virhepoikkeama: 0x000e54c9 Viallisen prosessin tunnus: 0x2ffc Viallisen sovelluksen käynnistysaika: 0x01cde373c84a2920 Viallisen sovelluksen polku: C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Viallisen moduulin polku: C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Raportin tunnus: 0bb9d4d0-4f67-11e2-8988-bcaec5ac6a60 Error - 26.12.2012 10:18:53 | Computer Name = Piia-PC | Source = Application Error | ID = 1000 Description = Viallisen sovelluksen nimi: TS3W.exe, versio: 0.1.0.27, aikaleima: 0x4f2b35b6 Viallisen moduulin nimi: TS3W.exe, versio: 0.1.0.27, aikaleima: 0x4f2b35b6 Poikkeuskoodi: 0xc0000005 Virhepoikkeama: 0x000e6146 Viallisen prosessin tunnus: 0x3240 Viallisen sovelluksen käynnistysaika: 0x01cde373ed6054f0 Viallisen sovelluksen polku: C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Viallisen moduulin polku: C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Raportin tunnus: 2c8f49b0-4f67-11e2-8988-bcaec5ac6a60 Error - 26.12.2012 13:08:55 | Computer Name = Piia-PC | Source = Application Error | ID = 1000 Description = Viallisen sovelluksen nimi: TS3W.exe, versio: 0.2.0.165, aikaleima: 0x50171e18 Viallisen moduulin nimi: TS3W.exe, versio: 0.2.0.165, aikaleima: 0x50171e18 Poikkeuskoodi: 0xc0000005 Virhepoikkeama: 0x000e5cdc Viallisen prosessin tunnus: 0x3244 Viallisen sovelluksen käynnistysaika: 0x01cde38babccd6e0 Viallisen sovelluksen polku: C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Viallisen moduulin polku: C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Raportin tunnus: edb7b750-4f7e-11e2-8988-bcaec5ac6a60 Error - 27.12.2012 1:45:55 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815 Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä 3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR) ei kelpaa elementissä assemblyIdentity. Error - 27.12.2012 23:35:18 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815 Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä 3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR) ei kelpaa elementissä assemblyIdentity. [ System Events ] Error - 20.12.2012 23:19:19 | Computer Name = Piia-PC | Source = Service Control Manager | ID = 7000 Description = Palvelua Steam Client Service ei voi käynnistää. Virhekoodi on %%1053 Error - 25.12.2012 3:34:55 | Computer Name = Piia-PC | Source = Disk | ID = 262155 Description = Ohjain havaitsi korttivirheen laitteella \Device\Harddisk1\DR10. Error - 25.12.2012 3:34:55 | Computer Name = Piia-PC | Source = Disk | ID = 262155 Description = Ohjain havaitsi korttivirheen laitteella \Device\Harddisk1\DR10. Error - 25.12.2012 3:34:56 | Computer Name = Piia-PC | Source = Disk | ID = 262155 Description = Ohjain havaitsi korttivirheen laitteella \Device\Harddisk1\DR10. Error - 25.12.2012 3:34:57 | Computer Name = Piia-PC | Source = Disk | ID = 262155 Description = Ohjain havaitsi korttivirheen laitteella \Device\Harddisk1\DR10. Error - 26.12.2012 13:24:06 | Computer Name = Piia-PC | Source = Microsoft Antimalware | ID = 1119 Description = %%860 on kohdannut ei-kriittisen virheen ryhtyessään toimiin haittaohjelman tai muun mahdollisesti ei-halutun ohjelman kohdalla. Katso lisätietoja seuraavasta: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Fynloski.A&threatid=2147640184 Nimi: Backdoor:Win32/Fynloski.A Tunnus: 2147640184 Vakavuus: Vakava Luokka: Takaoviohjelma Polku: file:_C:\Users\Piia\Downloads\asd\Drivers\Drivers.exe Tunnistuksen alkuperä: %%845 Tunnistustyyppi: %%822 Tunnistuksen lähde: %%818 Käyttäjä: NT-HALLINTA\SYSTEM Prosessin nimi: C:\Windows\System32\SearchProtocolHost.exe Toiminto: %%809 Toiminnon tila: No additional actions required Virhekoodi: 0x80070490 Virheen kuvaus: Elementtiä ei löydy. Allekirjoitusversio: AV: 1.141.2573.0, AS: 1.141.2573.0, NIS: 18.36.0.0 Moottoriversio: AM: 1.1.9002.0, NIS: 2.1.8904.0 Error - 27.12.2012 11:19:37 | Computer Name = Piia-PC | Source = Service Control Manager | ID = 7022 Description = Palvelu Windows Update lukkiutui käynnistyksessä. Error - 27.12.2012 16:17:15 | Computer Name = Piia-PC | Source = Service Control Manager | ID = 7030 Description = Palvelu PEVSystemStart on määritetty vuorovaikutteiseksi palveluksi. Järjestelmän kokoonpanoa ei kuitenkaan ole määritetty sallimaan vuorovaikutteisia palveluja. Palvelun toiminta saattaa olla epätäydellistä. Error - 27.12.2012 16:21:18 | Computer Name = Piia-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys ei voi latautua, koska se ei ole yhteensopiva tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta. Error - 27.12.2012 16:28:01 | Computer Name = Piia-PC | Source = Service Control Manager | ID = 7030 Description = Palvelu PEVSystemStart on määritetty vuorovaikutteiseksi palveluksi. Järjestelmän kokoonpanoa ei kuitenkaan ole määritetty sallimaan vuorovaikutteisia palveluja. Palvelun toiminta saattaa olla epätäydellistä. < End of report >

Heres the OTL.Txt: OTL logfile created on: 29.12.2012 6:06:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy 4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,79% Memory free 8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 707,64 Gb Free Space | 75,97% Space Free | Partition Type: NTFS Computer Name: PIIA-PC | User Name: Piia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Piia\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe () PRC - C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\LoggerServer.exe () PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\sdl.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\mssvoice.asi () MOD - C:\Program Files (x86)\Steam\bin\mssmp3.asi () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\Steam\bin\audio.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BecHelperService) -- C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 56 2F A7 0A 1B CC 01 [binary data] IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.facebook.com" FF - prefs.js..extensions.enabledAddons: %7B2458abc0-f443-11dd-87af-0800200c9a66%7D:16.0.26.10.12 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 05:11:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 05:11:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.30 15:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia\AppData\Roaming\mozilla\Extensions [2012.12.02 17:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia\AppData\Roaming\mozilla\Firefox\Profiles\k1xcre4k.default\extensions [2012.12.01 18:22:40 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Piia\AppData\Roaming\mozilla\Firefox\Profiles\k1xcre4k.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2012.12.02 17:44:33 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Piia\AppData\Roaming\mozilla\Firefox\Profiles\k1xcre4k.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2012.12.01 17:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.01 17:50:30 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.31 15:08:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.01 17:50:01 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bookplus-fi.xml [2012.12.01 17:50:01 | 000,001,185 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-fi.xml [2012.12.01 17:50:01 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fi.xml [2012.12.01 17:50:01 | 000,001,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-fi.xml O1 HOSTS File: ([2012.12.27 22:27:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-107849261-2250990614-1379679070-1007..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-107849261-2250990614-1379679070-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8809B2D-3988-416F-B189-6E0C6FBD6BA0}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.29 06:03:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Piia\Desktop\OTL.exe [2012.12.28 04:44:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.27 22:48:06 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.27 22:11:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.27 22:11:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.27 22:11:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.27 22:11:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.27 22:10:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.27 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Piia\AppData\Roaming\Malwarebytes [2012.12.27 16:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.12 05:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.12 05:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.12 05:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.12 05:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.12 05:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.12 05:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.12.12 05:08:40 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.12.05 11:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.12.01 17:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.12.29 06:03:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piia\Desktop\OTL.exe [2012.12.29 05:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.28 17:01:01 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job [2012.12.28 04:54:01 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 04:54:01 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 04:44:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 04:43:42 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys [2012.12.27 22:27:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.27 20:03:49 | 001,240,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.27 20:03:49 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.27 20:03:49 | 000,442,004 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat [2012.12.27 20:03:49 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.27 20:03:49 | 000,082,516 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat [2012.12.22 03:17:20 | 000,276,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.12 05:21:15 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.12 05:11:32 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk ========== Files Created - No Company Name ========== [2012.12.27 22:11:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.27 22:11:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.27 22:11:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.27 22:11:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.27 22:11:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.12 05:21:15 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.12 05:11:32 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.06.10 16:25:53 | 000,000,660 | RHS- | C] () -- C:\Users\Piia\ntuser.pol [2012.05.02 17:50:11 | 000,262,865 | ---- | C] () -- C:\Windows\IPUI_DivXG400.exe [2012.04.02 21:06:24 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe [2011.12.30 16:57:34 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.12.30 16:57:33 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.12.30 16:57:33 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.12.30 16:57:33 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.12.30 16:57:33 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.12.30 16:57:33 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.12.30 16:57:33 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.12.30 16:57:33 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.12.30 16:57:33 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.12.30 16:57:33 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.12.30 16:57:33 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.12.30 16:57:33 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.12.30 16:57:33 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.12.30 16:57:33 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.12.30 16:57:33 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.12.30 16:57:33 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.12.30 16:57:33 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.12.30 16:57:33 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.12.30 16:57:33 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.03.25 14:01:00 | 001,266,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.25 13:49:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.25 13:19:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.03.25 13:19:21 | 000,023,381 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.28 15:05:16 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\.minecraft [2012.04.02 21:07:40 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\Birdstep Technology [2012.07.21 17:35:50 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\DAEMON Tools Lite [2012.03.10 21:51:01 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\LolClient [2012.07.21 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\Origin [2011.11.05 14:51:11 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\PhotoFiltre [2012.10.26 18:12:53 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\SoftGrid Client [2012.01.09 14:22:59 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\TP [2012.05.12 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\TS3Client [2012.12.27 17:34:24 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\uTorrent [2012.06.10 17:09:01 | 000,000,000 | ---D | M] -- C:\Users\Tissit\AppData\Roaming\PhotoFiltre [2011.11.27 08:53:14 | 000,000,000 | ---D | M] -- C:\Users\Vieras\AppData\Roaming\.minecraft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:63238B95 < End of report >

SystemLook 30.07.11 by jpshortstuff Log created at 15:20 on 28/12/2012 by Piia Administrator - Elevation successful ========== filefind ========== Searching for "Drivers.exe" No files found. -= EOF =-

containerfile:C:\$Recycle.Bin\S-1-5-21-107849261-2250990614-1379679070-1000\$RE3R4F8.zip file:C:\$Recycle.Bin\S-1-5-21-107849261-2250990614-1379679070-1000\$RE3R4F8.zip->Drivers/Drivers.exe System is running pretty slow, but the mouse seems to be acting normal after the third time MSE deleted it. Sounds like it is actually sounding good, I hope?

Finished, and heres the report (altough it seems to be in finnish)_ ComboFix 12-12-27.03 - Piia 27.12.2012 22:14:00.1.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4095.2060 [GMT 2:00] Sijainti: c:\users\Piia\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Piia\Music\Music\Insomnium\Since The Day it all came down\Desktop_.ini . . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-11-27 to 2012-12-27 ))))))))))))))))) . . 2012-12-27 20:27 . 2012-12-27 20:30 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp 2012-12-27 20:27 . 2012-12-27 20:27 -------- d-----w- c:\users\Vieras\AppData\Local\temp 2012-12-27 20:27 . 2012-12-27 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-27 20:27 . 2012-12-27 20:27 -------- d-----w- c:\users\Tissit\AppData\Local\temp 2012-12-27 14:02 . 2012-12-27 14:02 -------- d-----w- c:\users\Piia\AppData\Roaming\Malwarebytes 2012-12-27 14:01 . 2012-12-27 14:01 -------- d-----w- c:\programdata\Malwarebytes 2012-12-27 14:01 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-27 14:01 . 2012-12-27 14:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-27 02:32 . 2012-12-27 18:05 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCF9A293-1ED6-4A6D-82F7-1D22D4FE846A}\offreg.dll 2012-12-27 01:27 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCF9A293-1ED6-4A6D-82F7-1D22D4FE846A}\mpengine.dll 2012-12-26 01:27 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-23 07:40 . 2012-12-23 07:41 -------- d-----w- c:\users\Piia\Mors Principium Est - ...And Death Said Live (2012)[320] 2012-12-22 01:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 01:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 01:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 01:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-12 07:40 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-12-12 03:19 . 2012-12-12 03:21 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-12 03:19 . 2012-12-12 03:21 -------- d-----w- c:\program files\iTunes 2012-12-12 03:19 . 2012-12-12 03:19 -------- d-----w- c:\program files\iPod 2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-12-12 03:11 . 2012-12-12 03:11 -------- d-----w- c:\program files (x86)\QuickTime 2012-12-05 09:56 . 2012-12-05 09:56 -------- d-----w- c:\programdata\EA Core 2012-11-29 01:30 . 2012-11-29 01:30 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9BFFC77-BC81-4C48-93E8-8BC64D0522BA}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-13 01:01 . 2011-03-25 12:58 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 14:51 . 2012-05-02 15:16 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 14:51 . 2011-05-17 11:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-25 01:12 . 2012-10-25 01:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 01:12 . 2012-10-25 01:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-27 21:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 21:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 21:57 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-14 03:32 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 18:17 . 2012-11-14 03:32 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 03:32 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 03:32 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 07:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-14 03:32 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-14 03:32 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-14 03:32 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-14 03:32 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-14 03:32 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-14 03:32 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-14 03:32 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-14 03:32 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 03:32 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-14 03:32 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-14 03:32 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-02 00:19 . 2011-03-25 12:15 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll . . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-11 1354736] "Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-06-25 2441840] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-09 117248] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-03-09 256000] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys [2011-03-09 121600] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-25 1255736] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-21 283200] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 BecHelperService;BecHelperService;c:\program files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe [2011-03-09 1958272] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 NAUpdate;Nero-päivitys;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-09 86016] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Muut muistissa olevat ajurit/palvelut --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . 'Ajoitetut tehtävät'-kansion sisältö . 2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 14:52] . 2012-12-27 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 13:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] . ------- Täydentävä tarkistus ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Piia\AppData\Roaming\Mozilla\Firefox\Profiles\k1xcre4k.default\ FF - prefs.js: browser.startup.homepage - www.facebook.com . - - - - POISTETUT JÄMÄRIVIT - - - - . URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) . . . --------------------- LUKITUT REKISTERIAVAIMET --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Valmistumisajankohta: 2012-12-27 22:47:42 ComboFix-quarantined-files.txt 2012-12-27 20:47 . Ennen ajoa: 717 217 546 240 tavua vapaana Ajon jälkeen: 718 130 937 856 tavua vapaana . - - End Of File - - D057D0FDE52E51AA4901950CE7055EA7

Scan finished succesfully: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-27 18:13:27 ----------------------------- 18:13:27.537 OS Version: Windows x64 6.1.7601 Service Pack 1 18:13:27.537 Number of processors: 3 586 0x503 18:13:27.537 ComputerName: PIIA-PC UserName: Piia 18:13:35.550 Initialize success 18:14:14.970 AVAST engine defs: 12122701 18:14:20.417 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e 18:14:20.422 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3 18:14:20.431 Disk 0 MBR read successfully 18:14:20.434 Disk 0 MBR scan 18:14:20.506 Disk 0 Windows 7 default MBR code 18:14:20.519 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:14:20.553 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 18:14:20.702 Disk 0 scanning C:\Windows\system32\drivers 18:14:55.028 Service scanning 18:15:42.619 Modules scanning 18:15:42.645 Disk 0 trace - called modules: 18:15:42.662 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 18:15:42.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfd060] 18:15:43.005 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800475cd30] 18:15:43.017 5 ACPI.sys[fffff88000f817a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8004759060] 18:15:50.534 AVAST engine scan C:\Windows 18:16:11.264 AVAST engine scan C:\Windows\system32 18:23:44.635 AVAST engine scan C:\Windows\system32\drivers 18:26:04.459 AVAST engine scan C:\Users\Piia 19:05:35.197 AVAST engine scan C:\ProgramData 19:09:00.442 Scan finished successfully 19:12:02.836 Disk 0 MBR has been saved successfully to "C:\Users\Piia\Desktop\MBR.dat" 19:12:02.903 The log file has been saved successfully to "C:\Users\Piia\Desktop\aswMBR.txt"

So heres the dds DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by Piia at 17:46:50 on 2012-12-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4095.2080 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\LoggerServer.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskmgr.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Steam\Steam.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIFME.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\notepad.exe C:\Users\Piia\AppData\Local\Temp\nsqC12E.tmp\PEV.DAT C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe C:\Windows\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID -kirjautumisapuohjelma: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [EPSON PX650 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFME.EXE /FU "C:\Windows\TEMP\E_S57D0.tmp" /EF "HKCU" uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{A8809B2D-3988-416F-B189-6E0C6FBD6BA0} : DHCPNameServer = 192.168.1.1 SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Piia\AppData\Roaming\Mozilla\Firefox\Profiles\k1xcre4k.default\ FF - prefs.js: browser.startup.homepage - www.facebook.com FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-21 283200] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 203776] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304] R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496] R2 BecHelperService;BecHelperService;C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe [2012-4-2 1958272] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-27 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-27 676936] R2 NAUpdate;Nero-päivitys;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-25 46136] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216] R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-4-2 86016] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-27 25928] R3 NisSrv;Microsoftin verkon tarkastus;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-3-25 1327520] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-4-2 117248] S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-4-2 256000] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\Windows\System32\drivers\ewusbmdm.sys [2012-4-2 121600] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-25 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-25 1255736] . =============== Created Last 30 ================ . 2012-12-27 14:02:04 -------- d-----w- C:\Users\Piia\AppData\Roaming\Malwarebytes 2012-12-27 14:01:44 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-27 14:01:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-27 14:01:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-27 02:32:23 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCF9A293-1ED6-4A6D-82F7-1D22D4FE846A}\offreg.dll 2012-12-27 01:27:47 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCF9A293-1ED6-4A6D-82F7-1D22D4FE846A}\mpengine.dll 2012-12-26 01:27:42 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-23 07:40:12 -------- d-----w- C:\Users\Piia\Mors Principium Est - ...And Death Said Live (2012)[320] 2012-12-22 01:00:31 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-22 01:00:31 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-22 01:00:30 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-22 01:00:30 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-12 07:40:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-12-12 03:19:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-12 03:19:53 -------- d-----w- C:\Program Files\iTunes 2012-12-12 03:19:53 -------- d-----w- C:\Program Files\iPod 2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-12-05 09:56:09 -------- d-----w- C:\ProgramData\EA Core 2012-11-29 01:30:21 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9BFFC77-BC81-4C48-93E8-8BC64D0522BA}\gapaengine.dll . ==================== Find3M ==================== . 2012-12-12 14:51:59 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 14:51:59 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-10-25 01:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 01:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys . ============= FINISH: 17:56:22,67 =============== And heres attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 25.3.2011 13:11:50 System Uptime: 27.12.2012 17:13:14 (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4N68T V2 Processor: AMD Athlon II X3 455 Processor | AM3 | 792/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 668,521 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP251: 13.12.2012 3:00:15 - Windows Update RP252: 16.12.2012 16:58:26 - Windows Update RP253: 20.12.2012 16:58:27 - Windows Update RP254: 22.12.2012 3:00:12 - Windows Update RP255: 25.12.2012 3:28:24 - Windows Update RP256: 26.12.2012 19:02:52 - Asennettu TheSims3EP7 RP257: 27.12.2012 17:35:39 - Poistettu The Sims 3 Ambitions . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 Advertising Center AMD Drag and Drop Transcoding AMD Fuel Apple Mobile Device Support Apple Software Update Applen ohjelmatuki ATI Catalyst Install Manager ATI Catalyst Registration ATI Stream SDK v2 Developer Bonjour Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy ccc-core-static ccc-utility64 CCC Help English Counter-Strike: Source D3DX10 DAEMON Tools Lite DivXG400 Epson Easy Photo Print 2 Epson Print CD Epson Printer Software Downloader EPSON PX650 Series Printer Uninstall EPSON Scan Epson Stylus Photo PX650_TX650 Ohjekirja Fallout: New Vegas Fallout2 High-Definition Video Playback Huawei modem iTunes Java Auto Updater Java 6 Update 29 Last.fm 1.5.4.27091 Malwarebytes Anti-Malware versio 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile FIN Language Pack Microsoft .NET Framework 4 Client Profilen suomen kielipaketti Microsoft Antimalware Service FI-FI Language Pack Microsoft Application Error Reporting Microsoft Office Click-to-Run 2010 Microsoft Office Home and Student 2010 - English Microsoft Security Client Microsoft Security Client FI-FI Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Mobiililaajakaista Mozilla Firefox 17.0.1 (x86 fi) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Nero 10 Movie ThemePack Basic Nero Audio Pack 1 Nero ControlCenter Nero Core Components 10 Nero Installer Nero Kwik Media Nero MediaHome 4 Nero MediaHome 4 Essentials Nero MediaHome 4 Help Nero Online Upgrade Nero Update NeroKwikMedia Help (CHM) NVIDIA Drivers OpenAL Origin Pando Media Booster PhotoFiltre Platform QuickTime Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2518870) Steam TeamSpeak 3 Client The Sims™ 3 The Sims™ 3 Baana auki Kamasetti The Sims™ 3 Iltahuvit The Sims™ 3 Keskustan kuhinaa Kamasetti The Sims™ 3 Lemmikit The Sims™ 3 Luksuslukaali Kamasetti The Sims™ 3 Maailmanmatkaaja The Sims™ 3 Pihaparatiisi Kamasetti The Sims™ 3 Supernatural The Sims™ 3 Superstara The Sims™ 3 Täyttä Elämää Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VIA Ohjelmistoalustan laitehallinta Windows Live Communications Platform Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Liven asennustyökalu WinRAR 4.00 (64-bit) WMV9/VC-1 Video Playback World of Warcraft . ==== End Of File ===========================

Hey! I found this virus yesterday when scanning with microsoft security essentials: Backdoor:Win32/Fynloski.A which it cant delete. I would like to manually try to remove it, but lack the skills. Could you give me a helping hand? Malwarebytes antimalware doesnt seem to find it with quick scan, but it definitely is still there. Ive got DDS running, but it doesnt seem to do anything, "DDS is running in silent mode" it says.

Hey! Yesterday I found this virus on microsoft security essentials, and it can not remove it: Backdoor:Win32/Fynloski.A I would like to try to delete it manually, and definitely require help with it. What should I do?