Trojan horse Generic27.BTAL

View previous topic View next topic Go down

Trojan horse Generic27.BTAL

Post by Pitegrillarn on Wed 02 May 2012, 6:59 am

My computer started to get slow and it open different webbsites when i klick on a link.

AVG say i got ( Trojan horse Generic27.BTAL )

It hides in memory and Explorer.exe and i cant remove it with .

This is my otl file.

OTL logfile created on: 2012-05-01 21:25:34 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Tony\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1,75 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 33,42% Memory free
3,49 Gb Paging File | 2,41 Gb Available in Paging File | 69,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 9,07 Gb Free Space | 6,10% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 142,04 Gb Free Space | 95,41% Space Free | Partition Type: NTFS
Drive E: | 152,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: TONY-TOSH | User Name: Tony | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-05-01 21:24:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Downloads\OTL.com


========== Modules (No Company Name) ==========

MOD - [2012-04-29 18:05:35 | 008,743,584 | ---- | M] () -- C:\Users\Tony\AppData\Local\Google\Chrome\USERDA~1\NPAPIF~1\gcswf32.dll
MOD - [2012-04-29 18:05:35 | 008,743,584 | ---- | M] () -- C:\Users\Tony\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
MOD - [2012-04-12 09:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Tony\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
MOD - [2012-04-12 09:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Tony\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012-04-12 09:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Tony\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012-04-12 09:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Tony\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012-04-12 09:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Tony\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-03-15 10:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012-04-15 21:46:58 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-03-28 06:16:31 | 003,417,376 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-03-28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011-01-19 07:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-11 03:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010-02-05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010-01-28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010-01-15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-11-05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009-10-06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011-09-13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-08-08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-07-11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011-07-11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011-07-11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011-07-11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-08-31 12:29:34 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010-08-12 03:00:00 | 000,393,952 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0690Vid.sys -- (V0690Vid)
DRV:64bit: - [2010-03-15 11:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-03-15 10:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-03-10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010-03-04 18:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010-02-01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010-01-18 18:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009-11-06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-07-30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009-07-14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007-12-27 10:42:46 | 001,120,768 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cm11264.sys -- (ASUSU1)
DRV:64bit: - [2007-08-16 15:56:42 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005-01-04 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{522BE102-B8C2-4E33-B27A-F7702EA5B20E}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{234B7AB0-B6D9-47AE-9881-3090A704F2A7}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {D22800EC-A981-42C1-9A08-2CB1133CD37B}
IE - HKCU\..\SearchScopes\{0B012860-889A-4893-A96D-B6B0DD4BA71B}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{D22800EC-A981-42C1-9A08-2CB1133CD37B}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010-10-26 23:20:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010-10-26 23:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\firefox\extensions [2011-07-30 11:11:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012-02-01 20:45:28 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Tony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Click to call with Skype = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
CHR - Extension: Gmail = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Cm112GX] C:\Windows\system\CMGxMon.exe ()
O4:64bit: - HKLM..\Run: [Cm112Sound] C:\Windows\Syswow64\cm112.cpl (C-Media Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Live! Central 3] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [V0690Mon.exe] C:\Windows\V0690Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - [You must be registered and logged in to see this link.] File not found
O8 - Extra context menu item: E&xportera till Microsoft Excel - [You must be registered and logged in to see this link.] File not found
O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} [You must be registered and logged in to see this link.] (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.216.65.11 81.216.65.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A168E7C-8E53-4878-8EF1-758C469402B4}: DhcpNameServer = 81.216.65.11 81.216.65.12
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-30 08:47:56 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2007-05-10 06:36:22 | 000,000,074 | R--- | M] () - E:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{03668818-5ac0-11df-9bb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03668818-5ac0-11df-9bb3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun\demo32.exe Demo.dbd
O33 - MountPoints2\{044f8c59-8d26-11df-b942-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{044f8c59-8d26-11df-b942-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1beb59f2-8e79-11df-bdea-00266c60b2c0}\Shell - "" = AutoRun
O33 - MountPoints2\{1beb59f2-8e79-11df-bdea-00266c60b2c0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2b3d53fe-89f0-11df-ac34-00266c60b2c0}\Shell - "" = AutoRun
O33 - MountPoints2\{2b3d53fe-89f0-11df-ac34-00266c60b2c0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2b3d5408-89f0-11df-ac34-00266c60b2c0}\Shell - "" = AutoRun
O33 - MountPoints2\{2b3d5408-89f0-11df-ac34-00266c60b2c0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{84c6cfcd-9888-11df-abc0-00266c60b2c0}\Shell - "" = AutoRun
O33 - MountPoints2\{84c6cfcd-9888-11df-abc0-00266c60b2c0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bef6d5f7-2e94-11e0-b7b2-00266c60b2c0}\Shell - "" = AutoRun
O33 - MountPoints2\{bef6d5f7-2e94-11e0-b7b2-00266c60b2c0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices


Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Wed 02 May 2012, 7:00 am


ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{CAB8AC7D-61EC-4B81-B033-3F458D402EEF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012-05-01 21:27:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tony\Desktop\aswMBR.exe
[2012-05-01 21:27:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.com
[2012-05-01 20:30:14 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\tdsskiller.exe
[2012-05-01 17:25:30 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{D5883972-DAF3-4B23-9A5A-AF0E03BFE664}
[2012-05-01 17:25:15 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{59BD4400-2419-40EF-8084-C0BE78FCE744}
[2012-04-30 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{BEA77411-7157-4477-8A98-99BE9BE71C40}
[2012-04-30 05:41:14 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{C84CA009-E831-485C-90AB-771AE3A5382D}
[2012-04-29 17:40:13 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{742091D6-FEA3-44D9-8665-DEAFB16E9C2A}
[2012-04-29 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{29B7075B-CB84-40D0-A82F-02C69A692860}
[2012-04-28 16:16:46 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{03442BA3-D9DA-4CEF-88B0-9589D574D978}
[2012-04-28 16:16:20 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{017EF448-53BF-4E08-AE38-DDFBA3A9BA32}
[2012-04-27 23:40:24 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{C9F9A315-40C5-4F49-910E-49A6813DE194}
[2012-04-27 23:39:54 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{395B732D-1A65-4D3E-A993-E9D91C7D479C}
[2012-04-27 11:39:15 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{6FE86E4A-0838-4304-9F73-C0DCEFB6DE1C}
[2012-04-27 11:38:50 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{128D88B0-9B84-465B-B0D4-3F142E82EAFC}
[2012-04-26 23:38:16 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{F6AA773D-187C-4F70-B3EC-02C5E8E0ED8E}
[2012-04-26 23:37:52 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{0B8E81DF-4761-4B4F-9013-83330D5BC48E}
[2012-04-26 11:37:22 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{01283C20-70D1-4D68-AD90-597951640D4D}
[2012-04-26 11:36:56 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{D93CC24C-CDB4-4369-A505-23B2F7723257}
[2012-04-25 23:36:24 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{EF74C1CD-D7BE-491B-94C8-CC8519E07BFA}
[2012-04-25 23:35:58 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{C6B10618-C50E-4926-829D-F3AD615033B3}
[2012-04-25 22:05:17 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012-04-25 11:35:27 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{A65A8696-A9B4-4F64-AD85-D86ACDCB2B95}
[2012-04-25 11:35:03 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{2E5495EC-C565-45C1-99BF-244A8FAF6CDA}
[2012-04-24 23:34:27 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{A7EC7D75-2BB9-4777-AEC8-59B6BF878D22}
[2012-04-24 23:34:03 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{841DED7D-B62C-4B4C-BFB9-8C98413D11F1}
[2012-04-24 11:33:02 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{E44280CB-677A-4C23-B8E3-2B3A4419DF72}
[2012-04-24 11:32:48 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{C141183B-1740-4DD5-985B-4E12DE59F4FF}
[2012-04-23 11:25:48 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{601AD6CE-13E0-4EF6-9677-AEA927FBFE77}
[2012-04-23 11:25:24 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{B2125CF5-8C71-43D9-955F-77B2987DF662}
[2012-04-22 11:58:19 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{95BADF72-DD6C-43BD-BE06-BAAF41E38906}
[2012-04-22 11:57:49 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{33BAE2BD-B47F-4E4F-900E-93457D9A4376}
[2012-04-21 21:37:42 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{FCCE901D-A8B7-4511-A961-D55959401965}
[2012-04-21 21:37:18 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{0E377C39-C050-4146-BA3B-BDA93FB402B8}
[2012-04-21 09:36:34 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{0D0284D8-0ED2-4182-99C1-0D184FC7F0E0}
[2012-04-21 09:36:21 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{D202B246-5612-4A1A-A6F5-66C9F5F7EC46}
[2012-04-20 18:30:31 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{6353A9FA-2EE9-4067-9AA2-CD0BA0E8C9C9}
[2012-04-20 18:30:07 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{4C3BAAD9-4BB2-4FF4-AD29-DCCBA74B30E9}
[2012-04-20 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\ASUS
[2012-04-20 17:38:47 | 000,192,512 | R--- | C] (C-Media Electronics Inc.) -- C:\Windows\System\CMGxSrv2.dll
[2012-04-20 17:38:47 | 000,192,512 | R--- | C] (C-Media Electronics Inc.) -- C:\Windows\System\CMGxSrv.dll
[2012-04-20 17:38:47 | 000,122,880 | R--- | C] (CMedia Electronics Inc.) -- C:\Windows\System\Cm_Oal.dll
[2012-04-20 17:38:42 | 000,098,304 | R--- | C] (HID Dll) -- C:\Windows\System\cm_hid.dll
[2012-04-20 17:38:41 | 000,712,704 | R--- | C] (Sensaura Ltd) -- C:\Windows\System\a3d112pu.dll
[2012-04-20 17:38:41 | 000,712,704 | R--- | C] (Sensaura Ltd) -- C:\Windows\System\a3d.dll
[2012-04-20 17:38:37 | 006,475,776 | R--- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM112.cpl
[2012-04-20 17:38:34 | 000,200,704 | R--- | C] (C-Media) -- C:\Windows\SysWow64\cmpa112.dll
[2012-04-20 17:38:34 | 000,032,768 | R--- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\c112prop.dll
[2012-04-20 17:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS Xonar U1 Audio
[2012-04-20 17:37:48 | 001,120,768 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\cm11264.sys
[2012-04-20 17:37:48 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltr112.dll
[2012-04-20 17:37:28 | 000,524,768 | R--- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2012-04-20 06:29:28 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{F1CBA1C6-C938-4394-9089-07B003796F86}
[2012-04-20 06:28:47 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{27C541BF-ADDB-4362-8F19-BA521B3F71ED}
[2012-04-19 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{B3A3FFC6-4BD8-4F6E-99E6-5E899E31DBB2}
[2012-04-19 18:26:30 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{D3C986F8-E175-4B26-9D91-1E25DB641677}
[2012-04-18 11:28:29 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{91D55749-E7C8-4E83-9909-198D04C3A88B}
[2012-04-18 11:28:15 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{A17F72B8-D18A-4CFE-B5FF-E562F5539D5C}
[2012-04-16 11:22:41 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{8889F3CB-F0B3-48C6-B4C3-3CBE63C35AD0}
[2012-04-16 11:22:27 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{B15DC78E-1C11-4823-AE6D-66959F9F7E90}
[2012-04-16 07:00:53 | 000,000,000 | ---D | C] -- C:\Windows\sv
[2012-04-16 06:54:05 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012-04-16 06:43:58 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{7FF2A47F-CAF0-4873-9F34-048E232C6E99}
[2012-04-16 06:43:30 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{247568FB-3E90-49DE-88EE-7B5F7D7870B4}
[2012-04-15 22:35:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-04-15 22:35:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-04-15 22:35:35 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-04-15 22:35:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-04-15 22:35:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-04-15 22:35:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-04-15 22:35:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-04-15 22:35:33 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-04-15 22:35:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-04-15 22:35:32 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-04-15 22:35:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-04-15 22:34:47 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-04-15 22:34:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-04-15 22:34:45 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-04-15 22:31:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012-04-15 22:31:15 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012-04-15 22:31:14 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012-04-15 21:48:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-04-15 21:46:32 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{B6DB0E45-3CC0-48FB-BB00-17A6CE5EB85D}
[2012-04-15 21:46:19 | 008,766,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-04-03 21:00:33 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\{E1443F2B-1247-4DDD-9865-D42C3043F6F8}
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-01 21:26:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tony\Desktop\aswMBR.exe
[2012-05-01 21:24:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.com
[2012-05-01 20:47:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-05-01 20:47:22 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2012-05-01 20:45:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-01 20:19:11 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\tdsskiller.exe
[2012-05-01 20:17:00 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1004UA.job
[2012-05-01 20:16:00 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1003UA.job
[2012-05-01 20:14:01 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-01 20:08:01 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1000UA.job
[2012-05-01 17:31:24 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-01 17:31:24 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-05-01 17:30:13 | 001,466,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-05-01 17:30:13 | 000,625,772 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012-05-01 17:30:13 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-05-01 17:30:13 | 000,123,894 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012-05-01 17:30:13 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-05-01 17:28:22 | 096,800,245 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-05-01 17:24:37 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-04-30 22:08:10 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1000Core.job
[2012-04-30 21:15:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1003Core.job
[2012-04-30 06:16:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1004Core.job
[2012-04-25 22:05:27 | 000,002,316 | ---- | M] () -- C:\Users\Tony\Desktop\Google Chrome.lnk
[2012-04-21 18:41:58 | 000,378,482 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-04-20 17:41:36 | 000,343,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-04-20 17:39:08 | 000,000,833 | ---- | M] () -- C:\Windows\System\Cm112.ini
[2012-04-20 17:38:48 | 000,039,668 | ---- | M] () -- C:\Windows\Cm112.ini.cfl
[2012-04-20 17:38:32 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2012-04-20 17:38:30 | 000,000,843 | ---- | M] () -- C:\Windows\Cm112.ini.imi
[2012-04-15 21:48:38 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012-04-15 21:46:57 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-04-15 21:46:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-04-15 21:46:19 | 008,766,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-25 22:05:27 | 000,002,316 | ---- | C] () -- C:\Users\Tony\Desktop\Google Chrome.lnk
[2012-04-25 22:03:50 | 000,001,000 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1000UA.job
[2012-04-25 22:03:49 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1000Core.job
[2012-04-20 17:38:46 | 000,139,264 | R--- | C] () -- C:\Windows\VMix112.dll
[2012-04-20 17:38:46 | 000,020,480 | R--- | C] () -- C:\Windows\System\CMGxMon.exe
[2012-04-20 17:38:46 | 000,000,157 | R--- | C] () -- C:\Windows\System\cm112eye.ini
[2012-04-20 17:38:45 | 002,146,374 | R--- | C] () -- C:\Windows\System\Cm112Eye.exe
[2012-04-20 17:38:42 | 000,491,520 | R--- | C] () -- C:\Windows\System\cmaudiol.dll
[2012-04-20 17:38:33 | 000,501,114 | R--- | C] () -- C:\Windows\KB942732x64.msu
[2012-04-20 17:38:32 | 001,144,983 | R--- | C] () -- C:\Windows\KB936225x64.msu
[2012-04-20 17:38:20 | 000,039,668 | ---- | C] () -- C:\Windows\Cm112.ini.cfl
[2012-04-20 17:38:18 | 000,718,848 | R--- | C] () -- C:\Windows\SysNative\Cmeau112.exe
[2012-04-20 17:38:18 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2012-04-20 17:37:36 | 000,300,544 | R--- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2012-04-20 17:37:36 | 000,006,748 | R--- | C] () -- C:\Windows\Cm112.ini.cfg
[2012-04-20 17:37:36 | 000,000,843 | ---- | C] () -- C:\Windows\Cm112.ini.imi
[2012-04-15 21:48:38 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012-01-26 17:33:52 | 000,000,039 | ---- | C] () -- C:\Windows\WinInit.ini
[2011-02-12 18:28:03 | 000,000,080 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011-01-16 17:59:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-05-08 18:44:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012-05-01 21:26:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tony\Desktop\aswMBR.exe
[2010-09-25 02:22:07 | 041,334,456 | ---- | M] (Logitech Inc. ) -- C:\Users\Tony\Desktop\is730enu.exe
[2011-02-12 01:22:31 | 039,681,416 | ---- | M] () -- C:\Users\Tony\Desktop\Miro_Installer.exe
[2012-05-01 20:19:11 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010-09-03 21:45:11 | 000,065,024 | ---- | M] (Igor Pavlov) -- C:\Users\Tony\7z.exe
[2010-09-03 21:45:15 | 000,726,528 | ---- | M] () -- C:\Users\Tony\Arc.exe
[2010-09-03 21:45:07 | 000,569,344 | ---- | M] () -- C:\Users\Tony\arc_convert.exe
[2010-09-03 21:45:16 | 000,126,059 | ---- | M] () -- C:\Users\Tony\arj.exe
[2010-09-03 21:45:17 | 000,270,848 | ---- | M] (Northwestern University) -- C:\Users\Tony\bh32.exe
[2010-09-03 21:45:16 | 000,008,704 | ---- | M] () -- C:\Users\Tony\blzpack.exe
[2010-09-03 21:45:13 | 000,035,328 | ---- | M] (Alexander Cherenkov) -- C:\Users\Tony\bma.exe
[2010-09-03 21:45:12 | 000,004,096 | ---- | M] () -- C:\Users\Tony\cmdTotal.exe
[2010-09-03 21:45:11 | 000,100,864 | ---- | M] () -- C:\Users\Tony\innounp.exe
[2010-09-03 21:45:13 | 000,056,320 | ---- | M] (http://www.oberhumer.com) -- C:\Users\Tony\lzop.exe
[2010-09-03 21:45:14 | 000,340,992 | ---- | M] () -- C:\Users\Tony\nz.exe
[2010-09-03 21:45:18 | 000,040,448 | ---- | M] (Arc ) -- C:\Users\Tony\openarc.exe
[2010-09-03 21:45:10 | 000,034,816 | ---- | M] () -- C:\Users\Tony\paq7.exe
[2010-09-03 21:45:11 | 000,039,424 | ---- | M] () -- C:\Users\Tony\paq8.exe
[2010-09-03 21:45:17 | 000,018,432 | ---- | M] () -- C:\Users\Tony\paq9.exe
[2010-09-03 21:45:11 | 000,015,360 | ---- | M] () -- C:\Users\Tony\uda.exe
[2010-09-03 21:45:09 | 000,075,264 | ---- | M] () -- C:\Users\Tony\UHARC.EXE
[2010-09-03 21:45:18 | 000,076,288 | ---- | M] () -- C:\Users\Tony\unalz.exe
[2010-09-03 21:45:17 | 000,129,536 | ---- | M] () -- C:\Users\Tony\unhki.exe
[2010-09-03 21:45:17 | 000,016,384 | ---- | M] () -- C:\Users\Tony\unzoo.exe
[2010-09-03 21:45:18 | 000,023,040 | ---- | M] () -- C:\Users\Tony\unzpaq1.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msscript.ocx
[2009-07-14 01:43:53 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2.tlb
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010-09-03 21:02:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
[2012-01-21 13:20:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010-05-08 18:41:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atheros
[2010-04-09 08:43:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2012-01-30 14:43:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010-09-04 06:51:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTornado
[2011-07-11 23:29:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CFWebAdvancedU
[2011-07-30 11:11:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ClickPotatoLite
[2011-08-21 15:12:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011-02-12 18:31:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2010-09-25 14:22:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Driver Whiz
[2011-07-04 20:45:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA SPORTS
[2010-04-09 09:10:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eBay
[2012-01-26 17:33:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Edmark
[2011-02-12 01:33:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GetMiro Toolbar
[2011-10-30 21:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP 2
[2011-10-30 21:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0
[2011-11-20 09:21:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010-07-07 19:55:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Huawei technologies
[2011-05-08 10:48:17 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012-04-16 06:39:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010-04-09 08:38:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010-09-25 02:00:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
[2012-04-26 07:25:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011-07-03 13:22:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010-05-08 18:53:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2012-02-17 22:54:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010-04-09 09:13:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010-12-18 15:05:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010-11-25 18:51:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010-10-26 23:20:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2010-07-09 01:13:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010-04-09 09:07:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2010-12-21 19:19:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nexon
[2010-12-01 21:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2010-09-03 20:18:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Participatory Culture Foundation
[2010-04-09 09:10:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Photo-Service
[2010-04-09 08:51:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012-01-25 19:29:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Seterra
[2011-07-30 11:11:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ShoppingReport2
[2011-08-21 15:13:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012-01-26 17:33:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spotify
[2010-05-08 18:43:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Toshiba
[2010-04-09 09:11:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Toshiba TEMPRO
[2009-07-14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009-07-14 09:43:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012-04-16 06:54:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011-07-03 15:51:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011-07-03 15:51:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011-07-03 15:51:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011-07-03 15:51:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011-07-03 15:51:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010-09-04 00:23:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR

< MD5 for: AGP440.SYS >
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009-07-14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009-07-14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009-07-14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: NETLOGON.DLL >
[2009-07-14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010-11-20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010-11-20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010-11-20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010-11-20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011-03-11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011-03-11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011-03-11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011-03-11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011-03-11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011-03-11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010-11-20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010-11-20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\1337\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012-02-15 07:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\1337\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012-02-15 07:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\1337\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012-02-15 07:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\1337\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-02-15 07:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Tony\InstallInfo\\ShowIconsCommand: "C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012-04-12 09:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Tony\InstallInfo\\HideIconsCommand: "C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012-04-12 09:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Tony\InstallInfo\\ReinstallCommand: "C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012-04-12 09:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Tony\shell\open\command\\: "C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-12 09:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011-05-07 11:09:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011-05-07 11:09:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011-05-07 11:09:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011-05-07 11:09:31 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011-05-07 11:09:31 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\1337\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012-02-15 07:03:37 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\1337\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012-02-15 07:03:37 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\1337\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012-02-15 07:03:37 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\1337\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012-02-15 07:03:37 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Tony\InstallInfo\\ShowIconsCommand: "C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012-04-12 09:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Tony\InstallInfo\\HideIconsCommand: "C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012-04-12 09:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Tony\InstallInfo\\ReinstallCommand: "C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012-04-12 09:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Tony\shell\open\command\\: "C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012-04-12 09:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011-05-07 11:09:24 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011-05-07 11:09:24 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011-05-07 11:09:24 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011-05-07 11:09:31 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011-05-07 11:09:31 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2010-11-12 17:30:04 | 000,000,000 | ---D | M](C:\Users\Tony\Documents\?? ???) -- C:\Users\Tony\Documents\넥슨 플러그
[2010-11-12 17:30:04 | 000,000,000 | ---D | C](C:\Users\Tony\Documents\?? ???) -- C:\Users\Tony\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

I really am thankfull for all and any help i can get from u here.

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Wed 02 May 2012, 7:20 am

OTL Extras logfile created on: 2012-05-01 21:25:34 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Tony\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1,75 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 33,42% Memory free
3,49 Gb Paging File | 2,41 Gb Available in Paging File | 69,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 9,07 Gb Free Space | 6,10% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 142,04 Gb Free Space | 95,41% Space Free | Partition Type: NTFS
Drive E: | 152,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: TONY-TOSH | User Name: Tony | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D2F973-194E-42E9-BCC6-67121421E4CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0484C9B3-33D1-4F91-8902-05AB6BE73D4B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07E4AF1D-BBBF-4359-A7C5-BF41252D1B60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A2F9394-69E3-49D3-97B1-0988FBD9A7ED}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |
"{117F5DDF-AE55-43DD-92D0-A7C25CE1C050}" = rport=137 | protocol=17 | dir=out | app=system |
"{1B6D18C7-9B7B-4824-A569-67C456A6D85D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C3C08BC-8D10-4CF5-BA65-5FCC10A4F844}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher |
"{29D07C1C-3B95-4ED8-8DF0-3DD9EB288978}" = lport=137 | protocol=17 | dir=in | app=system |
"{2AD44A91-14C2-45C4-B75A-D267376FE53D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B4B290E-D1D5-4F80-B385-AA77749B8A29}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2D6B4EA4-7184-414E-AFEB-7315E2102832}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33F0B472-A0AF-4798-A5FF-9ADE44FEDEDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{370ECBE4-C50F-43BC-9488-675DE255F768}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher |
"{38CF08F6-CA1A-4247-AC73-96D6C1C2CAD7}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{38F692C0-D246-4667-8053-D7CB23F54C4A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{399E03D0-FB4E-4F9C-BA98-BE4610ECB99A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C415BDA-79D3-4DBC-A376-E440DEF67522}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |
"{4E96D403-2C7B-4720-819C-76432D13A426}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{4E993EF8-5C09-4E5C-AA78-7721C9EB18EF}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher |
"{4F495CD2-80AD-469B-9A38-971D70C50D56}" = rport=139 | protocol=6 | dir=out | app=system |
"{4F9C210A-32B9-440A-8D0A-3EC16E229921}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher |
"{4FB3E0C4-B6EA-4971-926A-C6B0A452D0AC}" = lport=6954 | protocol=17 | dir=in | name=league of legends launcher |
"{5033B333-230D-4A0E-AC78-D39B5B07B5AB}" = lport=6932 | protocol=17 | dir=in | name=league of legends launcher |
"{554EDECA-C5F4-4532-BC8C-139EAD540514}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B97B029-6BB0-41AA-9319-D29A61CFC1C9}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher |
"{5D17B48D-A051-478E-BDF1-1D33CA7F363E}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{60D38B59-B473-4B1C-AC7E-36D92ADED90A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{62C0A293-6C20-47B3-8EAC-E8A3B41DAD48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75C1CFCE-4975-49AA-AA75-25F6FBA5055C}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher |
"{783D50B3-FC39-428F-9CD7-3434BE3873FF}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher |
"{7C6D9729-BCD2-4E56-B478-21FCC4417A29}" = lport=6940 | protocol=17 | dir=in | name=league of legends launcher |
"{7C8A2A91-4096-4EC8-A747-740E10440C47}" = rport=445 | protocol=6 | dir=out | app=system |
"{7D2DF584-7E28-439C-B72B-C95F33F35322}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DAEBC2F-5201-426F-9748-79ED47042006}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{949CDB1B-47DF-4149-9DE3-5D033E6A9975}" = lport=139 | protocol=6 | dir=in | app=system |
"{978304B7-55C7-4D6D-8089-6CDF68B063EA}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher |
"{9A69D0EC-04F8-48A4-9B09-2589976C73A9}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |
"{9B242706-8F32-4A8D-9CA8-3D401CA21739}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{ABA2E281-447C-4928-90F8-1481B45AAF1B}" = lport=6940 | protocol=6 | dir=in | name=league of legends launcher |
"{B0EFF822-A2CD-43EC-A940-14EC7318E2BE}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher |
"{B56B2A2E-02D9-4460-8F0D-F9F2330C1EA5}" = rport=138 | protocol=17 | dir=out | app=system |
"{B8FFAF94-B006-43B1-8144-824F0B99B302}" = lport=445 | protocol=6 | dir=in | app=system |
"{BD3137F5-9A57-4655-B6B8-83702ADFAF75}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher |
"{CE50B472-6013-4C35-BC61-8C127C7EE8BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFC44842-F103-4E7A-8A93-295CE143B6D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D63D9C40-BAE7-4F2A-86E9-1480536DC3E6}" = lport=6932 | protocol=6 | dir=in | name=league of legends launcher |
"{E44641C8-3914-460B-AD1D-17E7B8E6D3AF}" = lport=138 | protocol=17 | dir=in | app=system |
"{F047019E-3B2E-44E4-AE80-5198A7DFB364}" = lport=6954 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0075989E-221A-40DF-8B31-73B8BEE0431A}" = protocol=6 | dir=in | app=c:\program files (x86)\nexon\counter-strike online\bin\cstrike-online.exe |
"{03E1FCE1-8247-4E25-9D1E-1F00A4F7458A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{04CCC3C6-7283-4C15-90F3-98E4E0CF676B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{07A61687-C982-4457-976C-AB9F44CB9056}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A67419A-6CA4-45F4-96F0-0F2D9C9422AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{147DB7F6-717A-4A08-B7CB-125BAA638484}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16F580A6-B6FC-41FB-9C8B-6AE05E875781}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2478EB11-087F-46E2-82F8-ABD9B8F1CE02}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2F9E95E2-A035-4719-A517-BB77756BBB87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{317CF266-D326-4422-B6BD-F99882E755BE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{318B06C9-E5E0-4AA9-8281-3B105BAC0C12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C5D824F-FE02-4C6C-8032-EE2AE9A87087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{409999E3-952A-4DFD-B732-5810434611C2}" = protocol=17 | dir=in | app=c:\program files (x86)\nexon\counter-strike online\bin\nmservice.exe |
"{4276F383-9399-4491-833F-A97E4467900E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{48FC1650-F509-495B-815B-F43FD3B92495}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CC02866-0C75-4FFD-8107-F1D39FD68866}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4D9FA0FC-6F38-41F3-BBCC-CE4935FEACD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gunsmoke1232\counter-strike source\hl2.exe |
"{4F570866-AC77-45DA-BD4B-48D464653FC7}" = protocol=6 | dir=in | app=c:\program files (x86)\nexon\counter-strike online\bin\nmservice.exe |
"{581D3458-5D5B-42B9-8A17-2A29A8BF4DD4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{61C40E0E-9BED-4C08-B60C-85D920C35967}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{62042F5D-9814-4D96-8501-C80DC59B5887}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6DCBDE1A-5AB0-4368-B770-ED3039A4262B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{6EB6CF57-5648-47D2-952E-E5F4A87F08AC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{70EFCA40-0EB7-4231-9CEC-7497E2806940}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe |
"{74841D33-905B-4B1C-86EA-12A5DB3BD8AF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7708DD83-B183-4CB0-84F7-C7107A70F601}" = protocol=6 | dir=in | app=c:\program files (x86)\nexon\counter-strike online\bin\cstrike-online.exe |
"{7772A069-72C4-4689-97DD-C7E64CAD7DF5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7B53D9C1-E316-4CB8-914A-D3F023EC8964}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81E084FF-EBE5-4173-ACE0-70DD44C40F90}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{89D2A58F-EE4D-4D4F-9ECF-C50BF8F8E2E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B07958D-3AEF-4684-9603-2CAD76E61C18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92C380F0-0AB9-4F5D-A846-FD5EFC768715}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{96991A14-83CF-4EA1-B966-F52BB2844CCE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{98A9906C-8B78-42D6-835F-74823828BA6D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{9CC16019-94EB-44F5-9000-588F33D19846}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A4260521-D83F-4AC1-9765-BB9D528BCA5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8FBA626-C9DE-4F55-9821-31DB788D236F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{AF64F822-B1F9-4C48-95B5-166A3B35EE2A}" = protocol=17 | dir=in | app=c:\program files (x86)\nexon\counter-strike online\bin\cstrike-online.exe |
"{B71F1CD8-8072-4091-973A-57E27DA3C2CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B7B1612B-E762-4A24-AF40-02594B37A039}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gunsmoke1232\counter-strike source\hl2.exe |
"{BD6037CC-CA18-4D9E-843A-6D1F7ADEFBD8}" = protocol=6 | dir=out | app=system |
"{C76554B1-7207-4443-AEAF-C5B1A343A618}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{CDFA4ABC-CA15-4613-A692-82FF81EBC4CB}" = protocol=6 | dir=in | app=c:\users\tony\appdata\local\akamai\netsession_win.exe |
"{D1254BC6-ACE1-4899-A7C8-7970314AC46C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{D3C18FE2-CD10-4233-8A49-C827AD0E59B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D5F82E59-BB92-4B44-ACD2-E645B9C29ACA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D68CAAAC-3E68-419C-A20B-3D56BC9EF85C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D7EFFCAA-92D6-4A4E-8B00-3F1447C80CC9}" = protocol=17 | dir=in | app=c:\program files (x86)\nexon\counter-strike online\bin\cstrike-online.exe |
"{DA974D2A-20D5-4C73-B401-262EE5A6AE0A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{DB4240B6-E061-4F5F-AF80-E873777DA2E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{DD747955-9972-455F-A930-A1F8CF9EC5D2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DD817083-1415-4C33-8F50-446FE3BA6FCE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E5309474-12A7-4578-A345-D048C4C8F6E2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E5FA416A-8C23-4852-A9F5-2C9DCE013999}" = protocol=17 | dir=in | app=c:\users\tony\appdata\local\akamai\netsession_win.exe |
"{E7236CD4-9C44-419F-B145-31CF099A8805}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{E8E39A6E-91C0-462E-9318-AF690683565F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe |
"{F0C6B5DE-8FA6-4CB5-8C37-3A8B86B358AD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F170AFD3-C491-48D3-878F-E5647B5D87A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F28D9D87-53A5-4572-AECB-73AA30DECB38}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F52D99BD-50CA-44F5-8BAF-0F835FF6AD13}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{1E4A48E2-26C8-4EA7-929A-C2DC7501D049}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{227E1145-EA81-4C50-95D5-913CEC9C2C55}C:\users\1337\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\1337\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4593B815-01C0-48FC-BF81-335910985CAB}C:\users\1337\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\1337\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"TCP Query User{5020D3BA-8909-4DC8-A1CB-151DEC400FB7}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{9F1DC5C2-EB74-4E7B-9D37-3797F71FFA90}C:\program files (x86)\steam\steamapps\gunsmoke1232\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gunsmoke1232\counter-strike source\hl2.exe |
"TCP Query User{B0191F72-8CF9-49C0-A254-0933D0EEB07B}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe |
"TCP Query User{E6C56684-9210-4824-8CF5-F44EE3FF260C}C:\users\tony\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tony\appdata\local\akamai\netsession_win.exe |
"UDP Query User{10DE4DD8-2D4F-45ED-979E-C659CA87A16B}C:\users\1337\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\1337\appdata\roaming\spotify\spotify.exe |
"UDP Query User{23F25F1C-E4BB-4EB6-9EDD-633254C42DAA}C:\users\tony\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tony\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3F21479B-6489-45FF-A778-2C4201BC8AD6}C:\users\1337\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\1337\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"UDP Query User{63F44E82-5DBD-4106-94A1-E4F8D292E9EA}C:\program files (x86)\steam\steamapps\gunsmoke1232\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gunsmoke1232\counter-strike source\hl2.exe |
"UDP Query User{8EDFCCD8-8AFD-4D63-B1B5-6D81BC4859D7}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{B9CC0DA6-D865-4B4D-8084-E1CD7D660838}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe |
"UDP Query User{CD2A38EE-95E0-42C8-B4EC-DBBB10D0964E}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{3F2A8756-C008-43D7-8E1D-7300AA394549}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"C-Media CM112 Like Sound Driver" = ASUS Xonar U1 Audio
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Creative VF0690" = Creative Live! Cam Socialize HD AF (VF0690) (1.00.05.00)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{082E37F5-3924-4168-A69A-1B6B1FEA587C}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{12CEE8C7-8983-4FEC-A046-3FB4AE3A691C}" = Windows Live Sync
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO
"{2C1B58D5-6549-472C-86B7-17BE57186628}" = Microsoft Works
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{49c71ef0-302d-431c-9acf-d2e82f2da34c}" = Nero 9 Essentials
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C7C274C-DBC8-47FE-923F-9AAD59A4F9F4}}_is1" = Seterra 4.02
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007
"{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007
"{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007
"{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{C3B4672B-3FE7-4D6F-AFF3-80D290C1131E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{4A960AFC-E28F-4233-953F-1903BE859B79}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-041D-0000-0000000FF1CE}" = Compatibility Pack för Office 2007-systemet
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041D-1000-0000000FF1CE}_HOMESTUDENTR_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007
"{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007
"{90120000-006E-041D-0000-0000000FF1CE}_HOMESTUDENTR_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007
"{90120000-00A1-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Swedish)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1053-7B44-A95000000001}" = Adobe Reader 9.5.1 - Svenska
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D1D03459-D6D5-4BDA-0082-6C86E591EE18}" = NHL07
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Akamai" = Akamai NetSession Interface Service
"BitTornado" = BitTornado 0.3.17
"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)
"Creative Live! Central 2" = Creative Live! Central 3
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"Miro" = Miro
"ShoppingReport2" = ShopperReports
"SysInfo" = Creative System Information
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2012-04-28 18:58:54 | Computer Name = Tony-TOSH | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-04-28 19:13:30 | Computer Name = Tony-TOSH | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-04-29 11:38:41 | Computer Name = Tony-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: .
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 2012-04-29 12:15:14 | Computer Name = Tony-TOSH | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet med namn: chrome.exe, version 18.0.1025.162,
tidsstämpel 0x4f86748b , felet uppstod i modulen med namn: unknown, version 0.0.0.0,
tidsstämpel 0x00000000 Undantagskod: 0xc0000409 Felförskjutning: 0x0035901d Process-ID:
0x14f4 Programmets starttid: 0x01cd26210933d86b Sökväg till program: C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
Sökväg
till modul: unknown Rapport-ID: 80010db9-9216-11e1-bfe3-00266c60b2c0

Error - 2012-04-29 13:12:39 | Computer Name = Tony-TOSH | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-04-29 14:43:16 | Computer Name = Tony-TOSH | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012-04-29 18:31:42 | Computer Name = Tony-TOSH | Source = SideBySide | ID = 16842815
Description = Det gick inte att skapa aktiveringskontext för c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll. Det finns ett fel i manifest- eller
principfilen c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
på rad 3. Värdet MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
i attributet version i elementet assemblyIdentity är felaktigt.

Error - 2012-04-30 09:20:15 | Computer Name = Tony-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: .
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 2012-05-01 11:24:16 | Computer Name = Tony-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: .
Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 2012-05-01 12:33:36 | Computer Name = Tony-TOSH | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 2012-05-01 15:33:56 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-05-01 15:36:04 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-05-01 15:36:04 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-05-01 15:36:04 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-05-01 15:37:00 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-05-01 15:37:00 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-05-01 15:37:00 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-05-01 15:39:04 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-05-01 15:39:04 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-05-01 15:39:04 | Computer Name = Tony-TOSH | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068


< End of report >

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Wed 02 May 2012, 7:20 am

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 17
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pancake on Thu 03 May 2012, 10:45 am


Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Alternate link:
[You must be registered and logged in to see this link.]

(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.
If Malwarebytes fails to download please use the following link:

[You must be registered and logged in to see this link.]



=============================================


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.


  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:




Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:





As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.





Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.











Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Fri 04 May 2012, 6:23 am

Scan 1


Malwarebytes Anti-Malware (Testversion) 1.61.0.1400
[You must be registered and logged in to see this link.]

Databasversion: v2012.05.02.06

Windows 7 Service Pack 1 x64 NTFS (Felsäkert läge med nätverk)
Internet Explorer 9.0.8112.16421
Tony :: TONY-TOSH [administratör]

Skydd: Inaktiverad

2012-05-02 21:54:54
mbam-log-2012-05-02 (21-54-54).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 241209
Förfluten tid: 5 minut(er), 23 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 27
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Sattes i karantän och togs bort.
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Sattes i karantän och togs bort.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Sattes i karantän och togs bort.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Sattes i karantän och togs bort.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Sattes i karantän och togs bort.

Upptäckta registervärden: 2
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\firefox\extensions -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Data: C:\Program Files (x86)\QuestScan\questscan.dll -> Sattes i karantän och togs bort.

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 12
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Sattes i karantän och togs bort.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0 (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\firefox (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\firefox\extensions (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\firefox\extensions\plugins (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ShoppingReport2 (Adware.ShoppingReport2) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37 (Adware.ShoppingReport2) -> Sattes i karantän och togs bort.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Sattes i karantän och togs bort.

Upptäckta filer: 15
C:\Users\1337\AppData\Local\Temp\clickpotatolitesa.exe (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Users\1337\AppData\Local\Temp\nsz5319.tmp\Install.dll (Adware.Seekmo) -> Sattes i karantän och togs bort.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\ClickPotatoLiteSACB.exe (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\copyright.txt (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.701.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\Program Files (x86)\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Sattes i karantän och togs bort.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Sattes i karantän och togs bort.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Sattes i karantän och togs bort.

(klar)

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Fri 04 May 2012, 6:25 am

Scan 2


Malwarebytes Anti-Malware (Testversion) 1.61.0.1400
[You must be registered and logged in to see this link.]

Databasversion: v2012.05.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tony :: TONY-TOSH [administratör]

Skydd: Inaktiverad

2012-05-02 22:06:39
mbam-log-2012-05-02 (22-06-39).txt

Skanningstyp: Fullständig skanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 85484
Förfluten tid: 27 minut(er), 18 sekund(er) [avbruten]

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Fri 04 May 2012, 6:26 am

Scan 3

Did miss update on first scan.


Malwarebytes Anti-Malware (Testversion) 1.61.0.1400
[You must be registered and logged in to see this link.]

Databasversion: v2012.05.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tony :: TONY-TOSH [administratör]

Skydd: Inaktiverad

2012-05-03 06:43:54
mbam-log-2012-05-03 (06-43-54).txt

Skanningstyp: Fullständig skanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 460846
Förfluten tid: 1 timme(ar), 46 minut(er), 52 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 1
C:\Users\1337\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TS1752PK\AudacitySetup.exe (Adware.Hotbar) -> Sattes i karantän och togs bort.

(klar)

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pancake on Fri 04 May 2012, 9:08 am

And the Combofix ??






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Fri 04 May 2012, 4:45 pm

Sorry missed that last night, here is the combofix file.


ComboFix 12-05-03.01 - Tony 2012-05-03 11:43:36.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.1787.802 [GMT 2:00]
Körs från: c:\users\Tony\Desktop\PCHelpForum.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tony\7z.dll
c:\users\Tony\7z.exe
c:\users\Tony\Arc.exe
c:\users\Tony\arc_convert.exe
c:\users\Tony\arj.exe
c:\users\Tony\blzpack.exe
c:\users\Tony\cmdTotal.exe
c:\users\Tony\dpinfo95.dll
c:\users\Tony\InstExpl.dll
c:\users\Tony\lfb.dll
c:\users\Tony\nz.exe
c:\users\Tony\paq7.exe
c:\users\Tony\paq8.exe
c:\users\Tony\paq9.exe
c:\users\Tony\uda.exe
c:\users\Tony\UHARC.EXE
c:\users\Tony\unalz.exe
c:\users\Tony\unhki.exe
c:\users\Tony\unzoo.exe
c:\users\Tony\unzpaq1.exe
c:\windows\SysWow64\tmp452A.tmp
c:\windows\SysWow64\tmp94EE.tmp
c:\windows\SysWow64\tmp950F.tmp
.
.
(((((((((((((((((((((((( Filer skapade från 2012-04-03 till 2012-05-03 ))))))))))))))))))))))))))))))
.
.
2012-05-03 10:37 . 2012-05-03 10:37 -------- d-----w- c:\users\Spel\AppData\Local\temp
2012-05-03 10:37 . 2012-05-03 10:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-03 10:37 . 2012-05-03 10:37 -------- d-----w- c:\users\1337\AppData\Local\temp
2012-05-02 19:52 . 2012-05-02 19:52 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2012-05-02 19:52 . 2012-05-03 09:18 -------- d-----w- c:\programdata\Malwarebytes
2012-05-02 19:52 . 2012-05-02 19:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-28 14:13 . 2012-04-28 14:13 -------- d-----w- c:\users\Spel\AppData\Local\Adobe
2012-04-20 15:39 . 2012-04-20 15:39 -------- d-----w- c:\users\Tony\AppData\Roaming\ASUS
2012-04-20 15:37 . 2007-12-27 08:42 1120768 ----a-w- c:\windows\system32\drivers\cm11264.sys
2012-04-20 15:37 . 2004-04-14 03:28 315392 ----a-w- c:\windows\system\fltr112.dll
2012-04-20 15:37 . 2008-01-25 08:26 300544 ----a-r- c:\windows\system32\CmiInstallResAll64.dll
2012-04-20 15:37 . 2006-10-05 21:45 524768 ----a-r- c:\windows\difxapi.dll
2012-04-16 05:00 . 2012-04-16 05:00 -------- d-----w- c:\windows\sv
2012-04-16 04:54 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-16 04:45 . 2012-04-16 04:45 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d0e8914c1cd1b8b02\MeshBetaRemover.exe
2012-04-16 04:45 . 2012-04-16 04:45 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d008cff31cd1b8b01\DSETUP.dll
2012-04-16 04:45 . 2012-04-16 04:45 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d008cff31cd1b8b01\DXSETUP.exe
2012-04-16 04:45 . 2012-04-16 04:45 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d008cff31cd1b8b01\dsetup32.dll
2012-04-15 20:34 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-15 20:34 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-15 20:34 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-15 20:31 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-15 20:31 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-15 20:31 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-15 20:31 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-15 20:31 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-15 20:31 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-15 20:31 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-15 19:46 . 2012-04-15 19:46 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 19:46 . 2012-04-01 18:21 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-15 19:46 . 2011-05-20 21:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 07:25 . 2012-03-01 07:25 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 06:38 . 2012-03-14 05:48 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:48 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:48 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 05:49 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:49 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-09 39408]
"Akamai NetSession Interface"="c:\users\Tony\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Live! Central 3"="c:\program files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" [2010-09-13 499859]
"V0690Mon.exe"="c:\windows\V0690Mon.exe" [2010-08-18 28672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 ASUSU1;ASUS Xonar U1 Audio Interface;c:\windows\system32\drivers\cm11264.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 V0690Vid;Creative Live! Cam Socialize HD AF Driver;c:\windows\system32\DRIVERS\V0690Vid.sys [x]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\1337\AppData\Local\Temp\0055971.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:46]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 18:25]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 18:25]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1000Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-25 14:09]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1000UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-25 14:09]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1003Core.job
- c:\users\Spel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-12 15:01]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1003UA.job
- c:\users\Spel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-12 15:01]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1004Core.job
- c:\users\1337\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-16 06:43]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2199915753-1486862275-994581514-1004UA.job
- c:\users\1337\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-16 06:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-02-12 136136]
"Cm112Sound"="c:\windows\Syswow64\cm112.cpl" [2007-11-02 6475776]
"Cm112GX"="c:\windows\system\CMGxMon.exe" [2007-12-19 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;
IE: E&xportera till Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 81.216.65.11 81.216.65.12
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files (x86)\Bing Bar Installer\InstallManager.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\1337\AppData\Local\Temp\0055971.tmp"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-2199915753-1486862275-994581514-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2199915753-1486862275-994581514-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andra processer som körs ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Conexant\SAII\SmartAudio.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Sluttid: 2012-05-03 19:24:40 - datorn startades om.
ComboFix-quarantined-files.txt 2012-05-03 17:24
.
Före genomsökningen: 15 964 086 272 byte ledigt
Efter genomsökningen: 16 756 482 048 byte ledigt
.
- - End Of File - - 70253CAE78B0C69CAD11003F93061E2E

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pancake on Fri 04 May 2012, 5:58 pm

Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


You can now uninstall ComboFix



  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall





(Note: Make sure there's a space between the word ComboFix and the forward-slash.)



  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.



Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================








Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Sun 06 May 2012, 2:45 am

The programs found and removed several programs

But the main problem is still there, same virus.

Just completed a full AVG virus scan, here is the result.



AVG Scan

Scan "Whole computer scan" completed.
Infections;"2";"1";"1"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"den 5 maj 2012, 16:57:21"
Scan finished:;"den 5 maj 2012, 17:26:10 (28 minute(s) 49 second(s))"
Total object scanned:;"1584524"
User who launched the scan:;"Tony"

Infections
;"File";"Infection";"Result"
;"C:\Windows\explorer.exe (1136)";"Trojan horse Generic27.BTAL";"Deleted"
;"C:\Windows\explorer.exe (1136):\memory_00e60000";"Trojan horse Generic27.BTAL";"Infected"


It hides in the memory and wont go away....


Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pancake on Sun 06 May 2012, 9:36 am

Please download [You must be registered and logged in to see this link.] TDSSKiller and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Choose Change Parameters and make sure all the options are checked
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.







Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Sun 06 May 2012, 10:08 am

I got TDSkiller, klick start and it asks me iff i want to allow it to change settings in the pc, i say yes and klick to continue but nothing happens, i tryed to disable avg antivirus but no change, the program dont open or run what i can se.

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pancake on Sun 06 May 2012, 10:23 am

Try it in safe mode.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Sun 06 May 2012, 10:32 am

Same result in safe mode :-(

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pancake on Sun 06 May 2012, 11:01 am

OK.Lets try this.

Download and run RKill.from any of these links:


Link 1 Link 2 Link 3
Link 4


Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
Once the tool has run, do NOT reboot the machine, and then try to run TDDSkiller again






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pitegrillarn on Sun 06 May 2012, 11:18 am

Rkill stops a process but tdskiller still dont work.

rkill log:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 2012-05-06 at 2:14:07.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 2012-05-06 at 2:15:21.

Pitegrillarn

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2012-05-02
Operating System : Windows 7 Home Premium 64 bit

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Pancake on Sun 06 May 2012, 11:30 am

Try this suggestion by AVG.

[You must be registered and logged in to see this link.]






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Trojan horse Generic27.BTAL

Post by Sponsored content Today at 1:04 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum