Jump to content

Backdoor:Win32/Fynloski.A found, wont get removed


entinta

Recommended Posts

Hey! I found this virus yesterday when scanning with microsoft security essentials: Backdoor:Win32/Fynloski.A which it cant delete.

I would like to manually try to remove it, but lack the skills. Could you give me a helping hand? Malwarebytes antimalware doesnt seem to find it with quick scan, but it definitely is still there. Ive got DDS running, but it doesnt seem

to do anything, "DDS is running in silent mode" it says.

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Link to post
Share on other sites

Backdoor:Win32/Fynloski.A which it cant delete.
**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

If you would like to format and reinstall your Operating System please let me know and I can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)

----------

DDS is just running without you having to see anything....shortly there should be two logs that are created. Please post those. :)

-------------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Link to post
Share on other sites

So heres the dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Piia at 17:46:50 on 2012-12-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4095.2080 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\LoggerServer.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIFME.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\notepad.exe

C:\Users\Piia\AppData\Local\Temp\nsqC12E.tmp\PEV.DAT

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

C:\Windows\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID -kirjautumisapuohjelma: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [EPSON PX650 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFME.EXE /FU "C:\Windows\TEMP\E_S57D0.tmp" /EF "HKCU"

uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{A8809B2D-3988-416F-B189-6E0C6FBD6BA0} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Piia\AppData\Roaming\Mozilla\Firefox\Profiles\k1xcre4k.default\

FF - prefs.js: browser.startup.homepage - www.facebook.com

FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-21 283200]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 203776]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 BecHelperService;BecHelperService;C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe [2012-4-2 1958272]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-27 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-27 676936]

R2 NAUpdate;Nero-päivitys;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-25 46136]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-4-2 86016]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-27 25928]

R3 NisSrv;Microsoftin verkon tarkastus;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-3-25 1327520]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-4-2 117248]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-4-2 256000]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\Windows\System32\drivers\ewusbmdm.sys [2012-4-2 121600]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-25 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-25 1255736]

.

=============== Created Last 30 ================

.

2012-12-27 14:02:04 -------- d-----w- C:\Users\Piia\AppData\Roaming\Malwarebytes

2012-12-27 14:01:44 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-27 14:01:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-27 14:01:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-27 02:32:23 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCF9A293-1ED6-4A6D-82F7-1D22D4FE846A}\offreg.dll

2012-12-27 01:27:47 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCF9A293-1ED6-4A6D-82F7-1D22D4FE846A}\mpengine.dll

2012-12-26 01:27:42 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-23 07:40:12 -------- d-----w- C:\Users\Piia\Mors Principium Est - ...And Death Said Live (2012)[320]

2012-12-22 01:00:31 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 01:00:31 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 01:00:30 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 01:00:30 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-12 07:40:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-12-12 03:19:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-12 03:19:53 -------- d-----w- C:\Program Files\iTunes

2012-12-12 03:19:53 -------- d-----w- C:\Program Files\iPod

2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-12-12 03:11:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-12-05 09:56:09 -------- d-----w- C:\ProgramData\EA Core

2012-11-29 01:30:21 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9BFFC77-BC81-4C48-93E8-8BC64D0522BA}\gapaengine.dll

.

==================== Find3M ====================

.

2012-12-12 14:51:59 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 14:51:59 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-10-25 01:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 01:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

.

============= FINISH: 17:56:22,67 ===============

And heres attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 25.3.2011 13:11:50

System Uptime: 27.12.2012 17:13:14 (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M4N68T V2

Processor: AMD Athlon II X3 455 Processor | AM3 | 792/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 668,521 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP251: 13.12.2012 3:00:15 - Windows Update

RP252: 16.12.2012 16:58:26 - Windows Update

RP253: 20.12.2012 16:58:27 - Windows Update

RP254: 22.12.2012 3:00:12 - Windows Update

RP255: 25.12.2012 3:28:24 - Windows Update

RP256: 26.12.2012 19:02:52 - Asennettu TheSims3EP7

RP257: 27.12.2012 17:35:39 - Poistettu The Sims 3 Ambitions

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Advertising Center

AMD Drag and Drop Transcoding

AMD Fuel

Apple Mobile Device Support

Apple Software Update

Applen ohjelmatuki

ATI Catalyst Install Manager

ATI Catalyst Registration

ATI Stream SDK v2 Developer

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

ccc-core-static

ccc-utility64

CCC Help English

Counter-Strike: Source

D3DX10

DAEMON Tools Lite

DivXG400

Epson Easy Photo Print 2

Epson Print CD

Epson Printer Software Downloader

EPSON PX650 Series Printer Uninstall

EPSON Scan

Epson Stylus Photo PX650_TX650 Ohjekirja

Fallout: New Vegas

Fallout2

High-Definition Video Playback

Huawei modem

iTunes

Java Auto Updater

Java 6 Update 29

Last.fm 1.5.4.27091

Malwarebytes Anti-Malware versio 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile FIN Language Pack

Microsoft .NET Framework 4 Client Profilen suomen kielipaketti

Microsoft Antimalware Service FI-FI Language Pack

Microsoft Application Error Reporting

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Student 2010 - English

Microsoft Security Client

Microsoft Security Client FI-FI Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Mobiililaajakaista

Mozilla Firefox 17.0.1 (x86 fi)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Nero 10 Movie ThemePack Basic

Nero Audio Pack 1

Nero ControlCenter

Nero Core Components 10

Nero Installer

Nero Kwik Media

Nero MediaHome 4

Nero MediaHome 4 Essentials

Nero MediaHome 4 Help

Nero Online Upgrade

Nero Update

NeroKwikMedia Help (CHM)

NVIDIA Drivers

OpenAL

Origin

Pando Media Booster

PhotoFiltre

Platform

QuickTime

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2518870)

Steam

TeamSpeak 3 Client

The Sims™ 3

The Sims™ 3 Baana auki Kamasetti

The Sims™ 3 Iltahuvit

The Sims™ 3 Keskustan kuhinaa Kamasetti

The Sims™ 3 Lemmikit

The Sims™ 3 Luksuslukaali Kamasetti

The Sims™ 3 Maailmanmatkaaja

The Sims™ 3 Pihaparatiisi Kamasetti

The Sims™ 3 Supernatural

The Sims™ 3 Superstara

The Sims™ 3 Täyttä Elämää

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VIA Ohjelmistoalustan laitehallinta

Windows Live Communications Platform

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Liven asennustyökalu

WinRAR 4.00 (64-bit)

WMV9/VC-1 Video Playback

World of Warcraft

.

==== End Of File ===========================

Link to post
Share on other sites

Scan finished succesfully:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-27 18:13:27

-----------------------------

18:13:27.537 OS Version: Windows x64 6.1.7601 Service Pack 1

18:13:27.537 Number of processors: 3 586 0x503

18:13:27.537 ComputerName: PIIA-PC UserName: Piia

18:13:35.550 Initialize success

18:14:14.970 AVAST engine defs: 12122701

18:14:20.417 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e

18:14:20.422 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3

18:14:20.431 Disk 0 MBR read successfully

18:14:20.434 Disk 0 MBR scan

18:14:20.506 Disk 0 Windows 7 default MBR code

18:14:20.519 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

18:14:20.553 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848

18:14:20.702 Disk 0 scanning C:\Windows\system32\drivers

18:14:55.028 Service scanning

18:15:42.619 Modules scanning

18:15:42.645 Disk 0 trace - called modules:

18:15:42.662 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys

18:15:42.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfd060]

18:15:43.005 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800475cd30]

18:15:43.017 5 ACPI.sys[fffff88000f817a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8004759060]

18:15:50.534 AVAST engine scan C:\Windows

18:16:11.264 AVAST engine scan C:\Windows\system32

18:23:44.635 AVAST engine scan C:\Windows\system32\drivers

18:26:04.459 AVAST engine scan C:\Users\Piia

19:05:35.197 AVAST engine scan C:\ProgramData

19:09:00.442 Scan finished successfully

19:12:02.836 Disk 0 MBR has been saved successfully to "C:\Users\Piia\Desktop\MBR.dat"

19:12:02.903 The log file has been saved successfully to "C:\Users\Piia\Desktop\aswMBR.txt"

Link to post
Share on other sites

Hi,

Good job.

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

Finished, and heres the report (altough it seems to be in finnish)_

ComboFix 12-12-27.03 - Piia 27.12.2012 22:14:00.1.3 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4095.2060 [GMT 2:00]

Sijainti: c:\users\Piia\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Piia\Music\Music\Insomnium\Since The Day it all came down\Desktop_.ini

.

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-11-27 to 2012-12-27 )))))))))))))))))

.

.

2012-12-27 20:27 . 2012-12-27 20:30 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp

2012-12-27 20:27 . 2012-12-27 20:27 -------- d-----w- c:\users\Vieras\AppData\Local\temp

2012-12-27 20:27 . 2012-12-27 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-27 20:27 . 2012-12-27 20:27 -------- d-----w- c:\users\Tissit\AppData\Local\temp

2012-12-27 14:02 . 2012-12-27 14:02 -------- d-----w- c:\users\Piia\AppData\Roaming\Malwarebytes

2012-12-27 14:01 . 2012-12-27 14:01 -------- d-----w- c:\programdata\Malwarebytes

2012-12-27 14:01 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-27 14:01 . 2012-12-27 14:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-27 02:32 . 2012-12-27 18:05 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCF9A293-1ED6-4A6D-82F7-1D22D4FE846A}\offreg.dll

2012-12-27 01:27 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCF9A293-1ED6-4A6D-82F7-1D22D4FE846A}\mpengine.dll

2012-12-26 01:27 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-23 07:40 . 2012-12-23 07:41 -------- d-----w- c:\users\Piia\Mors Principium Est - ...And Death Said Live (2012)[320]

2012-12-22 01:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 01:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-22 01:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 01:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-12 07:40 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-12-12 03:19 . 2012-12-12 03:21 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-12 03:19 . 2012-12-12 03:21 -------- d-----w- c:\program files\iTunes

2012-12-12 03:19 . 2012-12-12 03:19 -------- d-----w- c:\program files\iPod

2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-12-12 03:11 . 2012-12-12 03:11 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-12-12 03:11 . 2012-12-12 03:11 -------- d-----w- c:\program files (x86)\QuickTime

2012-12-05 09:56 . 2012-12-05 09:56 -------- d-----w- c:\programdata\EA Core

2012-11-29 01:30 . 2012-11-29 01:30 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9BFFC77-BC81-4C48-93E8-8BC64D0522BA}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-13 01:01 . 2011-03-25 12:58 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-12 14:51 . 2012-05-02 15:16 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 14:51 . 2011-05-17 11:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-25 01:12 . 2012-10-25 01:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 01:12 . 2012-10-25 01:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-16 08:38 . 2012-11-27 21:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 21:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 21:57 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-14 03:32 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 18:17 . 2012-11-14 03:32 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-14 03:32 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-14 03:32 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 07:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-14 03:32 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-14 03:32 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-14 03:32 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-14 03:32 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-14 03:32 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-14 03:32 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-14 03:32 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-14 03:32 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-14 03:32 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-14 03:32 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-14 03:32 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-02 00:19 . 2011-03-25 12:15 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-11 1354736]

"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-06-25 2441840]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-09 117248]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-03-09 256000]

R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys [2011-03-09 121600]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-25 1255736]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-21 283200]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 BecHelperService;BecHelperService;c:\program files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe [2011-03-09 1958272]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 NAUpdate;Nero-päivitys;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-09 86016]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Muut muistissa olevat ajurit/palvelut ---

.

*NewlyCreated* - ASWMBR

*Deregistered* - aswMBR

.

'Ajoitetut tehtävät'-kansion sisältö

.

2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 14:52]

.

2012-12-27 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 13:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

.

------- Täydentävä tarkistus -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Piia\AppData\Roaming\Mozilla\Firefox\Profiles\k1xcre4k.default\

FF - prefs.js: browser.startup.homepage - www.facebook.com

.

- - - - POISTETUT JÄMÄRIVIT - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

.

.

.

--------------------- LUKITUT REKISTERIAVAIMET ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Valmistumisajankohta: 2012-12-27 22:47:42

ComboFix-quarantined-files.txt 2012-12-27 20:47

.

Ennen ajoa: 717 217 546 240 tavua vapaana

Ajon jälkeen: 718 130 937 856 tavua vapaana

.

- - End Of File - - D057D0FDE52E51AA4901950CE7055EA7

Link to post
Share on other sites

containerfile:C:\$Recycle.Bin\S-1-5-21-107849261-2250990614-1379679070-1000\$RE3R4F8.zip

file:C:\$Recycle.Bin\S-1-5-21-107849261-2250990614-1379679070-1000\$RE3R4F8.zip->Drivers/Drivers.exe

System is running pretty slow, but the mouse seems to be acting normal after the third time MSE deleted it. Sounds like it is actually sounding good, I hope?

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1

Link 2

  • Right-click and Run as Administrator SystemLook.exe to run it.
  • Copy the content within the following codebox into the main textfield:

    :filefind
    Drivers.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Let's give this a different look...

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

Heres the OTL.Txt:

OTL logfile created on: 29.12.2012 6:06:23 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piia\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,79% Memory free

8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931,41 Gb Total Space | 707,64 Gb Free Space | 75,97% Space Free | Partition Type: NTFS

Computer Name: PIIA-PC | User Name: Piia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Piia\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe ()

PRC - C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\LoggerServer.exe ()

PRC - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\sdl.dll ()

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\mssvoice.asi ()

MOD - C:\Program Files (x86)\Steam\bin\mssmp3.asi ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()

MOD - C:\Program Files (x86)\Steam\bin\audio.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (BecHelperService) -- C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NeroMediaHomeService.4) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)

SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi

IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 56 2F A7 0A 1B CC 01 [binary data]

IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392

IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "www.facebook.com"

FF - prefs.js..extensions.enabledAddons: %7B2458abc0-f443-11dd-87af-0800200c9a66%7D:16.0.26.10.12

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 05:11:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 05:11:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.03.30 15:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia\AppData\Roaming\mozilla\Extensions

[2012.12.02 17:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piia\AppData\Roaming\mozilla\Firefox\Profiles\k1xcre4k.default\extensions

[2012.12.01 18:22:40 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Piia\AppData\Roaming\mozilla\Firefox\Profiles\k1xcre4k.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}

[2012.12.02 17:44:33 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Piia\AppData\Roaming\mozilla\Firefox\Profiles\k1xcre4k.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

[2012.12.01 17:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012.12.01 17:50:30 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.08.31 15:08:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.12.01 17:50:01 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bookplus-fi.xml

[2012.12.01 17:50:01 | 000,001,185 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-fi.xml

[2012.12.01 17:50:01 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fi.xml

[2012.12.01 17:50:01 | 000,001,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-fi.xml

O1 HOSTS File: ([2012.12.27 22:27:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)

O4 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-107849261-2250990614-1379679070-1007..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-107849261-2250990614-1379679070-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O7 - HKU\S-1-5-21-107849261-2250990614-1379679070-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8809B2D-3988-416F-B189-6E0C6FBD6BA0}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.29 06:03:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Piia\Desktop\OTL.exe

[2012.12.28 04:44:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.12.27 22:48:06 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012.12.27 22:11:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.12.27 22:11:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.12.27 22:11:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.12.27 22:11:19 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.12.27 22:10:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.12.27 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Piia\AppData\Roaming\Malwarebytes

[2012.12.27 16:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.12.12 05:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.12.12 05:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012.12.12 05:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.12.12 05:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012.12.12 05:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.12.12 05:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2012.12.12 05:08:40 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012.12.05 11:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2012.12.01 17:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012.12.29 06:03:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piia\Desktop\OTL.exe

[2012.12.29 05:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.12.28 17:01:01 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job

[2012.12.28 04:54:01 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.28 04:54:01 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.28 04:44:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.28 04:43:42 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.27 22:27:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012.12.27 20:03:49 | 001,240,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.27 20:03:49 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.27 20:03:49 | 000,442,004 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat

[2012.12.27 20:03:49 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.27 20:03:49 | 000,082,516 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat

[2012.12.22 03:17:20 | 000,276,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.12.12 05:21:15 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.12.12 05:11:32 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012.12.27 22:11:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.12.27 22:11:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.12.27 22:11:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.12.27 22:11:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.12.27 22:11:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.12.12 05:21:15 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.12.12 05:11:32 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012.06.10 16:25:53 | 000,000,660 | RHS- | C] () -- C:\Users\Piia\ntuser.pol

[2012.05.02 17:50:11 | 000,262,865 | ---- | C] () -- C:\Windows\IPUI_DivXG400.exe

[2012.04.02 21:06:24 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe

[2011.12.30 16:57:34 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011.12.30 16:57:33 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011.12.30 16:57:33 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011.12.30 16:57:33 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011.12.30 16:57:33 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011.12.30 16:57:33 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011.12.30 16:57:33 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011.12.30 16:57:33 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011.12.30 16:57:33 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011.12.30 16:57:33 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011.12.30 16:57:33 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2011.12.30 16:57:33 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011.12.30 16:57:33 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011.12.30 16:57:33 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011.12.30 16:57:33 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011.12.30 16:57:33 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011.12.30 16:57:33 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2011.12.30 16:57:33 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2011.12.30 16:57:33 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011.03.25 14:01:00 | 001,266,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.03.25 13:49:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.03.25 13:19:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011.03.25 13:19:21 | 000,023,381 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.07.28 15:05:16 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\.minecraft

[2012.04.02 21:07:40 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\Birdstep Technology

[2012.07.21 17:35:50 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\DAEMON Tools Lite

[2012.03.10 21:51:01 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\LolClient

[2012.07.21 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\Origin

[2011.11.05 14:51:11 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\PhotoFiltre

[2012.10.26 18:12:53 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\SoftGrid Client

[2012.01.09 14:22:59 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\TP

[2012.05.12 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\TS3Client

[2012.12.27 17:34:24 | 000,000,000 | ---D | M] -- C:\Users\Piia\AppData\Roaming\uTorrent

[2012.06.10 17:09:01 | 000,000,000 | ---D | M] -- C:\Users\Tissit\AppData\Roaming\PhotoFiltre

[2011.11.27 08:53:14 | 000,000,000 | ---D | M] -- C:\Users\Vieras\AppData\Roaming\.minecraft

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >

Link to post
Share on other sites

For some reason it wont let me post the other one, well lets try again..

And heres the Extras.Txt:

OTL Extras logfile created on: 29.12.2012 6:06:23 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piia\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,79% Memory free

8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931,41 Gb Total Space | 707,64 Gb Free Space | 75,97% Space Free | Partition Type: NTFS

Computer Name: PIIA-PC | User Name: Piia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06E26413-3A78-4667-ADD4-B53AC355DC58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{0BEBBD85-8ADC-4C8D-BEDE-A410FF959804}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{0D6C4BE1-AA41-4A81-BDD1-640F1AA8D417}" = lport=445 | protocol=6 | dir=in | app=system |

"{16555654-09AF-4280-82A3-EC805A602632}" = lport=138 | protocol=17 | dir=in | app=system |

"{1FB60D1D-15BF-4F29-A974-7E760A9729D9}" = rport=138 | protocol=17 | dir=out | app=system |

"{20BB6DD7-7C88-4DC3-9E71-7CFF6119BE71}" = rport=139 | protocol=6 | dir=out | app=system |

"{4EEAF64A-09DD-4534-8F17-EC136AE703D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{67A9195F-4BAD-48EA-A69E-74840B097AAA}" = lport=10243 | protocol=6 | dir=in | app=system |

"{70187DDF-C8AE-4A2F-8B7B-8DBABCD9BCE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{71FDB968-4A7C-4F29-A03B-3179FEB4E712}" = rport=137 | protocol=17 | dir=out | app=system |

"{841BFB71-FCE7-4C4B-9342-66C90A3264DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{93B3A048-98D3-48A2-9698-65527DE7CE82}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{96E16A5C-7734-4BA0-B2E0-D81CD4D6B9C8}" = lport=137 | protocol=17 | dir=in | app=system |

"{A3AC247A-BA81-4C76-A7D7-6CCF15C0682C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A8B43191-BEBA-4E7D-AC46-AA503401C9C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AD6378AD-4D87-4425-B23A-D4C0F7C50F7F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

"{AF69B62E-4546-4C12-8DB7-BA9142039A95}" = lport=139 | protocol=6 | dir=in | app=system |

"{AFC8B682-0B07-4B32-B8D2-360B857D5399}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B1AD9CA2-B1A2-4139-9BDF-5A0C0BB78E79}" = rport=10243 | protocol=6 | dir=out | app=system |

"{CC527B20-D343-46DE-A9DF-5817A3FEADAF}" = rport=445 | protocol=6 | dir=out | app=system |

"{CC8F23E3-40A4-44FC-BAFE-BD38257A68CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DDCA8AF4-396C-449C-8D40-93C17ECC79FB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E34B7AB2-2B76-476A-BDF4-BF12F8B99D47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{EA82B3A4-796D-419D-85F5-48F7E4AD1394}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ECED6ED8-40D7-4D39-87AB-1627D5303B15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FED73572-2DDB-49B5-8205-71971E9FB9E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{008B7CCF-D150-4D02-B9B5-8892DDA97C81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{022FE372-DB3C-4E0A-A7BA-49AFB85630F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |

"{02EA2BCE-06CC-4A51-AD96-CF97FD205BD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{0AE2BF74-CA9B-410B-B75E-AAFF5FD2B12F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{0B76C593-E155-41ED-8F5C-94BA5C34C2EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0FA01246-BE5E-4DF6-BA55-59E4A41CD4EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{111107C5-E0DD-4CBB-B9F5-A3E2ECB21B3E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{128DC98B-CA63-4A96-AEEF-1587B3201801}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{1C9A2442-A1B8-4F37-B84C-C796F924F2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{1F65745D-8649-4167-84C4-612613155D86}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{245F48F9-6CB6-4693-B6A5-7C1F0A38A932}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{24B7C199-7B39-4810-A10F-D20E71BE6559}" = protocol=6 | dir=out | app=system |

"{259E0D11-92D8-4981-B633-CF2D48E0B418}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{25C6DB04-A526-4DDB-8A7D-0FA26BAD375E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |

"{2A694B37-DF5D-4EBB-B8BC-8FA1B16A1C12}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{34692709-C21D-49ED-992B-CB609F753AFC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3BADFF36-F8F9-494F-A163-613173C174BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3CFD216A-C7F5-4E23-9590-92FB966515D4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{3E7B3F1E-24FB-4F52-94EE-D2370C80AD6C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{41B8FFEC-7128-4CF0-B410-F6F263E4BA71}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |

"{53B97AF6-5119-41C4-9484-1DEDFBF9577F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{5A0EB74C-CC10-4D56-8B55-B745A889D0C7}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |

"{704F3DCC-46E0-4A1C-A169-6478DAEAB42C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7561993B-3C3B-42FE-8413-89DAFC5B647F}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{85718020-272B-4435-95ED-266CDF59E098}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8B50151B-3946-4669-BCF5-0060A69159DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{90F95EC9-9A59-4100-8B98-A8874F0445FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{9155D6BA-9A66-4B35-AFB4-29B2C6321FA1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{94876C07-E0C2-45D0-A168-1643D9F9F058}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{99130E83-2FDF-4C01-9928-77C78D5E31D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{AA6D8331-87E0-47A7-A78F-BBB25E9A5E5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BC914311-224A-42FC-8A62-DFE5BC30F28E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{BCE2A2EF-749D-4CB6-8853-E272689E2AE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{C2CC7911-A654-4959-B791-F1D80171AAEE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{C70461A7-836C-469E-9786-F50F14D340A1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{CA15DC7E-DD0C-4A64-8AFD-0C858E12CA7B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{CAFD3E1F-A66A-4310-A2D3-A0AA2579B709}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{CC4C15DA-0E10-437E-A128-C96B3D8813E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CEC314D0-5B44-46A2-8A73-25653237981E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{D5F3E2A9-344B-427A-BB25-C11BE3B6048A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{D8464C78-76C2-44BA-A2F7-09539C8DD27C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{E028E63A-4841-4C23-8217-547BEC9CA839}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{E3D761C7-F760-439C-8957-1AC436A198DB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{E491875E-21CA-49B8-A88C-8ACC2AEE8228}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{E4DE6364-6E79-4B77-AA04-97B9DEFC1985}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{E8E2EE6F-EE9E-4D4F-96AD-C01812C565D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E986B053-D744-454A-A598-0C148294E4F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F2E2F1ED-0653-40B5-A7D5-2FB50441329E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7901F8C-73ED-430D-A934-73CC64DC5FB9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F8B33346-F541-4534-BA54-3A9A31A6C3A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{04D73E52-310D-4799-A930-76AD2E59812C}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"TCP Query User{0F41CDA9-82B0-4A0B-AFC1-486C94CCCD56}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"TCP Query User{3D1F7A1D-2738-4E15-A933-DFBE420A31BD}C:\program files (x86)\steam\steamapps\anaalisaukko\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\anaalisaukko\team fortress 2\hl2.exe |

"TCP Query User{5978F7D8-0E4A-42B3-9963-0BAA3D5052CD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"TCP Query User{69DC92E1-D608-4E73-9DAA-1C9417D37CCC}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"TCP Query User{AABC1BA2-2A01-4C6D-BDC5-2394985DEE96}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"TCP Query User{E78870FE-261E-4B78-9259-34BD76E102A8}C:\program files (x86)\steam\steamapps\anaalisaukko\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\anaalisaukko\counter-strike source\hl2.exe |

"TCP Query User{EEAC417E-0777-4C39-B69B-814A6FB17185}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |

"TCP Query User{FFD448F0-CECE-4617-8981-096A1A49F2A9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"UDP Query User{1DD3E9AD-1AF0-4382-98B1-5B23C951CDE0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"UDP Query User{614C9617-2D65-4F12-9F53-F7596D3B6CDA}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"UDP Query User{9ACC13C9-0603-467E-8F23-D85910E50464}C:\program files (x86)\steam\steamapps\anaalisaukko\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\anaalisaukko\counter-strike source\hl2.exe |

"UDP Query User{9D713B2B-A905-42FE-B80F-8A41CD571472}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"UDP Query User{A6F0C33B-5297-4233-8D59-1A490E30EC4C}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |

"UDP Query User{B0D81C33-FB55-4F0F-A83D-2857C841AA50}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"UDP Query User{CA6DF23C-E99F-4BAC-9AB6-BF2F1D50E261}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"UDP Query User{D39C267A-B532-4D62-87C8-4CEB34917ECB}C:\program files (x86)\steam\steamapps\anaalisaukko\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\anaalisaukko\team fortress 2\hl2.exe |

"UDP Query User{DAB1032C-AB7F-4400-8590-BEE50EAB141F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer

"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes

"{3D4BCAF1-DDA5-3E92-9143-1133D125B071}" = Microsoft .NET Framework 4 Client Profile FIN Language Pack

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager

"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64

"{BBA7005D-8C56-FFD3-81AE-D0481829BC70}" = AMD Fuel

"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{D80C85CD-B007-4B8E-9C35-1EF837C555ED}" = Microsoft Antimalware Service FI-FI Language Pack

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FI-FI Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"EPSON PX650 Series" = EPSON PX650 Series Printer Uninstall

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FIN Language Pack" = Microsoft .NET Framework 4 Client Profilen suomen kielipaketti

"Microsoft Security Client" = Microsoft Security Essentials

"NVIDIA Drivers" = NVIDIA Drivers

"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0682ecbd-72eb-4164-a6f4-71c77729f742}" = Nero MediaHome 4 Essentials

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Pihaparatiisi Kamasetti

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 29

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Superstara

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback

"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 Luksuslukaali Kamasetti

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2

"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = Mobiililaajakaista

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader

"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 Maailmanmatkaaja

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger

"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Lemmikit

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Audio Pack 1

"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Applen ohjelmatuki

"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Täyttä Elämää

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"DivXG400" = DivXG400

"Epson Printer Software Downloader" = Epson Printer Software Downloader

"EPSON Scanner" = EPSON Scan

"Epson Stylus Photo PX650_TX650 Käyttöopas" = Epson Stylus Photo PX650_TX650 Ohjekirja

"Fallout2" = Fallout2

"Huawei Modems" = Huawei modem

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Ohjelmistoalustan laitehallinta

"LastFM_is1" = Last.fm 1.5.4.27091

"Mozilla Firefox 17.0.1 (x86 fi)" = Mozilla Firefox 17.0.1 (x86 fi)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"OpenAL" = OpenAL

"Origin" = Origin

"Steam App 22380" = Fallout: New Vegas

"Steam App 240" = Counter-Strike: Source

"WinLiveSuite" = Windows Liven asennustyökalu

"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"PhotoFiltre" = PhotoFiltre

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 19.12.2012 22:52:11 | Computer Name = Piia-PC | Source = Application Error | ID = 1000

Description = Viallisen sovelluksen nimi: Wow-64.exe, versio: 5.1.0.16357, aikaleima:

0x50bd644f Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.17725, aikaleima:

0x4ec4aa8e Poikkeuskoodi: 0xc0000374 Virhepoikkeama: 0x00000000000c40f2 Viallisen

prosessin tunnus: 0x758 Viallisen sovelluksen käynnistysaika: 0x01cdde5c77478de0 Viallisen

sovelluksen polku: C:\Program Files (x86)\World of Warcraft\Wow-64.exe Viallisen

moduulin polku: C:\Windows\SYSTEM32\ntdll.dll Raportin tunnus: 40336f80-4a50-11e2-a894-bcaec5ac6a60

Error - 20.12.2012 18:31:11 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815

Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston

c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä

3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR)

ei kelpaa elementissä assemblyIdentity.

Error - 21.12.2012 12:19:04 | Computer Name = Piia-PC | Source = Application Hang | ID = 1002

Description = Ohjelman Wow-64.exe versio 5.1.0.16357, lakkasi olemasta yhteydessä

Windowsiin, joten se suljettiin. Voit tarkistaa, onko ongelmasta saatavilla lisätietoja,

ohjauspaneelin Toimintokeskus-kohdasta. Prosessin tunnus: 924 Alkamisaika: 01cddf96b46477c0

Päättymisaika:

382 Sovelluksen polku: C:\Program Files (x86)\World of Warcraft\Wow-64.exe Raportin

tunnus: 204e3ac1-4b8a-11e2-bdff-bcaec5ac6a60

Error - 21.12.2012 18:31:15 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815

Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston

c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä

3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR)

ei kelpaa elementissä assemblyIdentity.

Error - 22.12.2012 2:25:48 | Computer Name = Piia-PC | Source = Application Error | ID = 1000

Description = Viallisen sovelluksen nimi: Wow-64.exe, versio: 5.1.0.16357, aikaleima:

0x50bd644f Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.17725, aikaleima:

0x4ec4aa8e Poikkeuskoodi: 0xc0000374 Virhepoikkeama: 0x00000000000c40f2 Viallisen

prosessin tunnus: 0x158c Viallisen sovelluksen käynnistysaika: 0x01cde00876a334e0

Viallisen

sovelluksen polku: C:\Program Files (x86)\World of Warcraft\Wow-64.exe Viallisen

moduulin polku: C:\Windows\SYSTEM32\ntdll.dll Raportin tunnus: 6c24fad0-4c00-11e2-8988-bcaec5ac6a60

Error - 22.12.2012 18:31:29 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815

Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston

c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä

3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR)

ei kelpaa elementissä assemblyIdentity.

Error - 26.12.2012 10:17:58 | Computer Name = Piia-PC | Source = Application Error | ID = 1000

Description = Viallisen sovelluksen nimi: TS3W.exe, versio: 0.1.0.27, aikaleima:

0x4f2b35b6 Viallisen moduulin nimi: TS3W.exe, versio: 0.1.0.27, aikaleima: 0x4f2b35b6

Poikkeuskoodi:

0xc0000005 Virhepoikkeama: 0x000e54c9 Viallisen prosessin tunnus: 0x2ffc Viallisen

sovelluksen käynnistysaika: 0x01cde373c84a2920 Viallisen sovelluksen polku: C:\Program

Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Viallisen moduulin polku:

C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Raportin tunnus:

0bb9d4d0-4f67-11e2-8988-bcaec5ac6a60

Error - 26.12.2012 10:18:53 | Computer Name = Piia-PC | Source = Application Error | ID = 1000

Description = Viallisen sovelluksen nimi: TS3W.exe, versio: 0.1.0.27, aikaleima:

0x4f2b35b6 Viallisen moduulin nimi: TS3W.exe, versio: 0.1.0.27, aikaleima: 0x4f2b35b6

Poikkeuskoodi:

0xc0000005 Virhepoikkeama: 0x000e6146 Viallisen prosessin tunnus: 0x3240 Viallisen

sovelluksen käynnistysaika: 0x01cde373ed6054f0 Viallisen sovelluksen polku: C:\Program

Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Viallisen moduulin polku:

C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Raportin tunnus:

2c8f49b0-4f67-11e2-8988-bcaec5ac6a60

Error - 26.12.2012 13:08:55 | Computer Name = Piia-PC | Source = Application Error | ID = 1000

Description = Viallisen sovelluksen nimi: TS3W.exe, versio: 0.2.0.165, aikaleima:

0x50171e18 Viallisen moduulin nimi: TS3W.exe, versio: 0.2.0.165, aikaleima: 0x50171e18

Poikkeuskoodi:

0xc0000005 Virhepoikkeama: 0x000e5cdc Viallisen prosessin tunnus: 0x3244 Viallisen

sovelluksen käynnistysaika: 0x01cde38babccd6e0 Viallisen sovelluksen polku: C:\Program

Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Viallisen moduulin polku:

C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe Raportin tunnus:

edb7b750-4f7e-11e2-8988-bcaec5ac6a60

Error - 27.12.2012 1:45:55 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815

Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston

c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä

3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR)

ei kelpaa elementissä assemblyIdentity.

Error - 27.12.2012 23:35:18 | Computer Name = Piia-PC | Source = SideBySide | ID = 16842815

Description = Aktivointikontekstin luonti epäonnistui (c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll). Virhe luettelo- tai käytäntötiedoston

c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll rivillä

3. Määritteen version arvo (MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR)

ei kelpaa elementissä assemblyIdentity.

[ System Events ]

Error - 20.12.2012 23:19:19 | Computer Name = Piia-PC | Source = Service Control Manager | ID = 7000

Description = Palvelua Steam Client Service ei voi käynnistää. Virhekoodi on %%1053

Error - 25.12.2012 3:34:55 | Computer Name = Piia-PC | Source = Disk | ID = 262155

Description = Ohjain havaitsi korttivirheen laitteella \Device\Harddisk1\DR10.

Error - 25.12.2012 3:34:55 | Computer Name = Piia-PC | Source = Disk | ID = 262155

Description = Ohjain havaitsi korttivirheen laitteella \Device\Harddisk1\DR10.

Error - 25.12.2012 3:34:56 | Computer Name = Piia-PC | Source = Disk | ID = 262155

Description = Ohjain havaitsi korttivirheen laitteella \Device\Harddisk1\DR10.

Error - 25.12.2012 3:34:57 | Computer Name = Piia-PC | Source = Disk | ID = 262155

Description = Ohjain havaitsi korttivirheen laitteella \Device\Harddisk1\DR10.

Error - 26.12.2012 13:24:06 | Computer Name = Piia-PC | Source = Microsoft Antimalware | ID = 1119

Description = %%860 on kohdannut ei-kriittisen virheen ryhtyessään toimiin haittaohjelman

tai muun mahdollisesti ei-halutun ohjelman kohdalla. Katso lisätietoja seuraavasta:

http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Fynloski.A&threatid=2147640184

Nimi:

Backdoor:Win32/Fynloski.A Tunnus: 2147640184 Vakavuus: Vakava Luokka: Takaoviohjelma

Polku:

file:_C:\Users\Piia\Downloads\asd\Drivers\Drivers.exe Tunnistuksen alkuperä: %%845

Tunnistustyyppi:

%%822 Tunnistuksen lähde: %%818 Käyttäjä: NT-HALLINTA\SYSTEM Prosessin nimi: C:\Windows\System32\SearchProtocolHost.exe

Toiminto:

%%809 Toiminnon tila: No additional actions required Virhekoodi: 0x80070490 Virheen

kuvaus: Elementtiä ei löydy. Allekirjoitusversio: AV: 1.141.2573.0, AS: 1.141.2573.0,

NIS: 18.36.0.0 Moottoriversio: AM: 1.1.9002.0, NIS: 2.1.8904.0

Error - 27.12.2012 11:19:37 | Computer Name = Piia-PC | Source = Service Control Manager | ID = 7022

Description = Palvelu Windows Update lukkiutui käynnistyksessä.

Error - 27.12.2012 16:17:15 | Computer Name = Piia-PC | Source = Service Control Manager | ID = 7030

Description = Palvelu PEVSystemStart on määritetty vuorovaikutteiseksi palveluksi.

Järjestelmän kokoonpanoa ei kuitenkaan ole määritetty sallimaan vuorovaikutteisia

palveluja. Palvelun toiminta saattaa olla epätäydellistä.

Error - 27.12.2012 16:21:18 | Computer Name = Piia-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys ei voi latautua, koska se ei ole yhteensopiva

tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta.

Error - 27.12.2012 16:28:01 | Computer Name = Piia-PC | Source = Service Control Manager | ID = 7030

Description = Palvelu PEVSystemStart on määritetty vuorovaikutteiseksi palveluksi.

Järjestelmän kokoonpanoa ei kuitenkaan ole määritetty sallimaan vuorovaikutteisia

palveluja. Palvelun toiminta saattaa olla epätäydellistä.

< End of report >

Link to post
Share on other sites

Hi,

Run OTL.exe

  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
    IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 56 2F A7 0A 1B CC 01 [binary data]
    IE - HKU\S-1-5-21-107849261-2250990614-1379679070-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
    [2012.12.02 17:44:33 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Piia\AppData\Roaming\mozilla\Firefox\Profiles\k1xcre4k.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    :Files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Post the new OTL log and let me know how your system is running.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.