Author Topic: Trojan Horse in my Windows directory, read only so I cannot move to chest  (Read 47972 times)

0 Members and 1 Guest are viewing this topic.

Drejer

  • Guest
< MD5 for: SERVICES.MSC  >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.XCONFIG  >
[2012/11/24 16:33:42 | 000,001,975 | ---- | M] () MD5=4D241741FC3993E3EF9142ADF2D4D995 -- C:\Program Files (x86)\64bit\services.xconfig
[2012/12/30 15:40:58 | 000,001,979 | ---- | M] () MD5=63592800A8620B56AB51826CFFEB5A44 -- C:\Program Files (x86)\OBS\64bit\services.xconfig
[2013/05/08 11:54:13 | 000,002,066 | ---- | M] () MD5=A8A9F4E4EE6AA3CF543BB71FF9FF55DE -- C:\Program Files (x86)\OBS\services.xconfig
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/05/10 01:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/05/10 01:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< dir C:\ /S /A:L /C  >
 Volume in drive C is OS
 Volume Serial Number is 08BC-16E4
 Directory of C:\
07/14/2009  01:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\Program Files\Windows Defender
07/14/2009  01:37 AM    <SYMLINKD>     en-US [c:\windows\system32\config]
07/13/2009  09:41 PM    <SYMLINK>      MpAsDesc.dll [c:\windows\system32\config]
07/13/2009  09:41 PM    <SYMLINK>      MpClient.dll [c:\windows\system32\config]
07/13/2009  09:39 PM    <SYMLINK>      MpCmdRun.exe [c:\windows\system32\config]
07/13/2009  09:41 PM    <SYMLINK>      MpCommu.dll [c:\windows\system32\config]
07/13/2009  09:29 PM    <SYMLINK>      MpEvMsg.dll [c:\windows\system32\config]
07/13/2009  09:41 PM    <SYMLINK>      MpOAV.dll [c:\windows\system32\config]
07/13/2009  09:41 PM    <SYMLINK>      MpRTP.dll [c:\windows\system32\config]
07/13/2009  09:41 PM    <SYMLINK>      MpSvc.dll [c:\windows\system32\config]
07/13/2009  09:39 PM    <SYMLINK>      MSASCui.exe [c:\windows\system32\config]
11/20/2010  09:27 AM    <SYMLINK>      MsMpCom.dll [c:\windows\system32\config]
07/13/2009  09:29 PM    <SYMLINK>      MsMpLics.dll [c:\windows\system32\config]
07/13/2009  09:41 PM    <SYMLINK>      MsMpRes.dll [c:\windows\system32\config]
              12 File(s)      3,919,360 bytes

Drejer

  • Guest
Directory of C:\ProgramData
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  01:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  01:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009  01:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  01:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  01:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  01:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  01:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  01:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  01:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  01:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  01:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  01:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  01:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Dondreius
05/16/2011  12:57 PM    <JUNCTION>     Application Data [C:\Users\Dondreius\AppData\Roaming]
05/16/2011  12:57 PM    <JUNCTION>     Cookies [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Cookies]
05/16/2011  12:57 PM    <JUNCTION>     Local Settings [C:\Users\Dondreius\AppData\Local]
05/16/2011  12:57 PM    <JUNCTION>     My Documents [C:\Users\Dondreius\Documents]
05/16/2011  12:57 PM    <JUNCTION>     NetHood [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/16/2011  12:57 PM    <JUNCTION>     PrintHood [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/16/2011  12:57 PM    <JUNCTION>     Recent [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Recent]
05/16/2011  12:57 PM    <JUNCTION>     SendTo [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\SendTo]
05/16/2011  12:57 PM    <JUNCTION>     Start Menu [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Start Menu]
05/16/2011  12:57 PM    <JUNCTION>     Templates [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

Drejer

  • Guest
Directory of C:\Users\Dondreius\AppData\Local
05/16/2011  12:57 PM    <JUNCTION>     Application Data [C:\Users\Dondreius\AppData\Local]
05/16/2011  12:57 PM    <JUNCTION>     History [C:\Users\Dondreius\AppData\Local\Microsoft\Windows\History]
05/16/2011  12:57 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Dondreius\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Dondreius\Documents
05/16/2011  12:57 PM    <JUNCTION>     My Music [C:\Users\Dondreius\Music]
05/16/2011  12:57 PM    <JUNCTION>     My Pictures [C:\Users\Dondreius\Pictures]
05/16/2011  12:57 PM    <JUNCTION>     My Videos [C:\Users\Dondreius\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest
05/16/2011  06:02 PM    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Roaming]
05/16/2011  06:02 PM    <JUNCTION>     Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
05/16/2011  06:02 PM    <JUNCTION>     Local Settings [C:\Users\Guest\AppData\Local]
05/16/2011  06:02 PM    <JUNCTION>     My Documents [C:\Users\Guest\Documents]
05/16/2011  06:02 PM    <JUNCTION>     NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/16/2011  06:02 PM    <JUNCTION>     PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/16/2011  06:02 PM    <JUNCTION>     Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
05/16/2011  06:02 PM    <JUNCTION>     SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
05/16/2011  06:02 PM    <JUNCTION>     Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
05/16/2011  06:02 PM    <JUNCTION>     Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest\AppData\Local
05/16/2011  06:02 PM    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Local]
05/16/2011  06:02 PM    <JUNCTION>     History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
05/16/2011  06:02 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest\Documents
05/16/2011  06:02 PM    <JUNCTION>     My Music [C:\Users\Guest\Music]
05/16/2011  06:02 PM    <JUNCTION>     My Pictures [C:\Users\Guest\Pictures]
05/16/2011  06:02 PM    <JUNCTION>     My Videos [C:\Users\Guest\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  01:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  01:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  01:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
              12 File(s)      3,919,360 bytes
              67 Dir(s)  381,714,014,208 bytes free

< End of report >

Drejer

  • Guest
OTL Extras logfile created on: 5/27/2013 10:46:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dondreius\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 50.02% Memory free
12.00 Gb Paging File | 8.56 Gb Available in Paging File | 71.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 355.57 Gb Free Space | 38.75% Space Free | Partition Type: NTFS
 
Computer Name: DONDREIUS-PC | User Name: Dondreius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 

Drejer

  • Guest
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========

Drejer

  • Guest
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders
"{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software
"{B457D49F-00E2-0FF2-4234-C20FC0702E2E}" = AMD Fuel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{E33AC780-456C-6295-E0F3-10A8D39A09FB}" = AMD Drag and Drop Transcoding
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 5.00 beta 4 (64-bit)
 

Drejer

  • Guest
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}" = System Requirements Lab
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23B8178A-5389-4E11-AA42-5136D91EE6FA}" = Warframe
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
"{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy
"{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
"{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = AMD VISION Engine Control Center
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43430FA5-AF68-4A2D-A7D4-891000008200}" = Street Fighter X Tekken
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
"{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{57520FA0-DF38-46A1-8046-3B1000008500}" = Batman: Arkham City™ GOTY
"{5A336D74-E680-4986-96F4-E9CEBC784F56}" = Naga Firmware Updater 1.13
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
"{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
"{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
"{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A071F478-73E0-4143-AE55-4DD6BABD74F5}" = Far Cry 3 Blood Dragon
"{A3C76924-B911-4766-A1FD-367D13277CB3}_is1" = GrooveWalrus 0.370
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B556929F-79D5-E843-27D4-60B1586C4773}" = Grooveshark
"{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C276D408-F88A-4E69-9CE3-B785CFA276BD}_is1" = "Tropico 4"
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D68006E1-F774-4504-9ECF-03B67793C475}" = XSplit
"{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
"{D81F39D4-FDA9-4356-92B1-16081D8BF71A}" = Pokémon Trading Card Game Online
"{DAD5AC93-8518-4F46-A5FE-E63FEE791B6F}" = AMD OverDrive
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F017778C-11C7-4E57-8124-F10C5AD74B1E}_is1" = Open Broadcaster Software version 0.452a
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All

Drejer

  • Guest
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Cyphers" = Cyphers
"Diablo III" = Diablo III
"Dishonored_is1" = Dishonored
"F5 Networks Client Components" = BIG-IP Edge Client Components (All Users)
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}" = Batman: Arkham City™ GOTY
"GoToAssist" = GoToAssist 8.0.0.514
"GroovesharkDesktop.7F9BF17D6D9CB2159C78A6A6AB076EA0B1E0497C.1" = Grooveshark
"InfiniteCrisis" = InfiniteCrisis
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MMDoC-PDCLive" = Duel of Champions
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Peggle Nights 1.0" = Peggle Nights 1.0
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"ShiftWindow_is1" = ShiftWindow 1.02
"Sleeping Dogs_is1" = Sleeping Dogs
"Snes9x" = Snes9x
"Sonic And All Stars Racing Transformed_is1" = Sonic And All Stars Racing Transformed
"Steam App 110400" = inMomentum
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 206500" = AirMech
"Steam App 215470" = Primal Carnage
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 240" = Counter-Strike: Source
"Steam App 24240" = PAYDAY: The Heist
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 7670" = BioShock
"Steam App 8850" = BioShock 2
"Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
"Super Hexagon_is1" = Super Hexagon
"Uplay" = Uplay
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0b0d45f34cb2f7e6" = WinGrooves
"Google Chrome" = Google Chrome
"HappyCloud" = Happy Cloud Client
"Hawken" = Hawken
"SOE-C:/Users/Dondreius/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"teraenmasse" = TERA
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/8/2013 7:30:20 PM | Computer Name = Dondreius-PC | Source = .NET Runtime | ID = 1026
Description =

Drejer

  • Guest
Error - 4/8/2013 7:30:22 PM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Launcher.exe_unknown, version: 0.0.0.0,
 time stamp: 0x511b7fbb  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
 time stamp: 0x50b83c8a  Exception code: 0xe0434352  Fault offset: 0x0000c41f  Faulting
 process id: 0x1ab8  Faulting application start time: 0x01ce34b1087c9a3a  Faulting application
 path: C:\Users\Dondreius\Desktop\Sonic and All Stars Racing Transformed\Launcher.exe
Faulting
 module path: C:\Windows\syswow64\KERNELBASE.dll  Report Id: 47fd384e-a0a4-11e2-85c2-f04da2ea25f9
 
Error - 4/9/2013 1:46:01 PM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: fc3_blooddragon.exe, version: 0.1.0.1,
time stamp: 0x515ca139  Faulting module name: FC3.dll, version: 0.1.0.1, time stamp:
 0x515ca109  Exception code: 0xc0000005  Fault offset: 0x000ca3bc  Faulting process id:
 0xd18  Faulting application start time: 0x01ce354a1626de06  Faulting application path:
 C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe  Faulting
 module path: C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\FC3.dll  Report
 Id: 571a2457-a13d-11e2-8b7a-f04da2ea25f9
 
Error - 4/9/2013 1:46:08 PM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: fc3_blooddragon_d3d11.exe, version: 0.1.0.1,
 time stamp: 0x515ca1e7  Faulting module name: FC3_d3d11.dll, version: 0.1.0.1, time
 stamp: 0x515ca1a8  Exception code: 0xc0000005  Fault offset: 0x000c9ec5  Faulting process
 id: 0x16d8  Faulting application start time: 0x01ce354a1c3343e2  Faulting application
 path: C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
Faulting
 module path: C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\FC3_d3d11.dll
Report
 Id: 5bb0ad99-a13d-11e2-8b7a-f04da2ea25f9
 
Error - 4/9/2013 1:50:02 PM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: fc3_blooddragon.exe, version: 0.1.0.1,
time stamp: 0x515ca139  Faulting module name: FC3.dll, version: 0.1.0.1, time stamp:
 0x515ca109  Exception code: 0xc0000005  Fault offset: 0x000ca3bc  Faulting process id:
 0x1494  Faulting application start time: 0x01ce354aa6f59f24  Faulting application path:
 C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe  Faulting
 module path: C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\FC3.dll  Report
 Id: e724cf45-a13d-11e2-8b7a-f04da2ea25f9
 
Error - 4/9/2013 2:03:19 PM | Computer Name = Dondreius-PC | Source = Application Hang | ID = 1002
Description = The program fc3_blooddragon.exe version 0.1.0.1 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1634    Start
 Time: 01ce354c475ab232    Termination Time: 0    Application Path: C:\Program Files (x86)\Ubisoft\Far
 Cry 3 Blood Dragon\bin\fc3_blooddragon.exe    Report Id:   
 
Error - 4/10/2013 10:48:44 AM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912  Faulting module name: msxml3.dll, version: 8.110.7601.17988,
 time stamp: 0x5091ff27  Exception code: 0xc0000005  Fault offset: 0x0002e64f  Faulting
 process id: 0x858  Faulting application start time: 0x01ce35fa7bafddbb  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path:
 C:\Windows\System32\msxml3.dll  Report Id: bdca915f-a1ed-11e2-8118-f04da2ea25f9
 
Error - 4/11/2013 7:56:46 AM | Computer Name = Dondreius-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\Cultures\XSplitBroadcasterSrc.exe".
Dependent
 Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 4/13/2013 11:02:12 AM | Computer Name = Dondreius-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\Cultures\XSplitBroadcasterSrc.exe".
Dependent
 Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found.  Please use sxstrace.exe for detailed diagnosis.

Drejer

  • Guest
Error - 4/16/2013 8:01:14 AM | Computer Name = Dondreius-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\Cultures\XSplitBroadcasterSrc.exe".
Dependent
 Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ Dell Events ]
Error - 5/16/2011 8:36:44 PM | Computer Name = Dondreius-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ System Events ]
Error - 5/25/2013 8:06:47 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
   %%2
 
Error - 5/25/2013 9:06:42 PM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Error Reporting Service service to connect.
 
Error - 5/26/2013 9:50:39 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
   %%2
 
Error - 5/27/2013 10:44:29 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 5/27/2013 10:44:36 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
   %%2
 
Error - 5/27/2013 10:44:42 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
 service: BFE. This service might not be installed.
 
Error - 5/27/2013 10:44:43 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 5/27/2013 10:44:43 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
 This service might not be installed.
 
Error - 5/27/2013 6:29:33 PM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147024891
 
Error - 5/27/2013 6:29:33 PM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
 Publication service which failed to start because of the following error:   %%-2147024891
 
 
< End of report >

Sorry that took so many posts. Also, I could not attach the MBR zip file because I got an error message saying that zip isn't a valid file type for attaching.

Drejer

  • Guest
Sorry that took so many posts. Also, I could not attach the MBR zip file because I got an error message saying that zip isn't a valid file type for attaching.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Hi Drejer,

Quote
Also, I could not attach the MBR zip file because I got an error message saying that zip isn't a valid file type for attaching
Sorry about that. Rename MBR.dat to MBR.txt and attach it.


Your system has been infected by one or more Rootkits/Backdoor Trojans.

This may allow hackers to remotely control your computer, steal critical system information and Download and Execute files

More information on Remote Access Trojans can be found here.

I strongly suggest you do the following immediately:
  • From a known clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer until it has been cleaned.
.
This tool should take care of most of it. We'll check the services later and see which need to be fixed.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1 to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:

     -Tools->Options->Main tab
     -Set to "Always ask me where to Save the files".

  • During the download, before you save it to your desktop, rename Combofix to jgh.exe
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------
  • Right click on ComboFix.exe (jgh.exe in your case), click Run as Administrator & follow the prompts.
Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If after running combofix you recieve an message "Illegal operation attempted on a registery key that has been marked for deletion" or similar reboot the computer.

Please post back with
  • combofix log
How is the computer?

Thanks

Drejer

  • Guest
Here is the MBR file, working on the rest now.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Hi Drejer,

How you making out?

Drejer

  • Guest
Hello, I ran into an error with the Combofix scan and reboot, and I ended up doing a factory reset on my computer unfortunately. After running Combofix and signing in, I couldn't get any programs to run or use the internet. So I did a factory reset and everything is working again. What would you recommend we do next? Everything seems to be fine, Avast isn't showing any virus attacks like before.