ura
Honorary Members-
Posts
38 -
Joined
-
Last visited
Reputation
0 Neutral-
Hi, I unisntalled MS Security Essentials with that fixit (http://go.microsoft.com/?linkid=9775235) from the link you gave as MS Security Essentials wasn't in the remove programs folder. Here is the log from SecurityCheck: Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.189 Adobe Reader 10.1.12 Adobe Reader out of Date! Mozilla Firefox (33.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Now the computer hasn't crashed after my previous post and seems to run faster but I still haven't been able to run the windows updates.
-
Hi, I disabled all F-secure processes but still it said i is runnig so I just uninstalled F-secure Client Security totally but didn't reboot after that (didn't ask for that). Here is the report: ComboFix 14-11-12.01 - Aura 14.11.2014 12:31:47.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.3956.2158 [GMT 2:00] Sijainti: c:\users\Aura\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} FW: F-Secure Client Security 10.00 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Aura\AppData\Local\assembly\tmp . . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2014-10-14 to 2014-11-14 ))))))))))))))))) . . 2014-11-14 10:36 . 2014-11-14 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-13 01:01 . 2014-11-13 01:05 -------- d-----w- C:\AdwCleaner 2014-11-13 00:49 . 2014-11-13 00:49 -------- d-----w- c:\windows\ERUNT 2014-11-12 02:12 . 2014-11-12 02:12 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-11-12 02:12 . 2014-11-12 02:12 -------- d-----w- c:\programdata\RogueKiller 2014-11-12 01:49 . 2014-11-13 01:19 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-12 01:49 . 2014-11-12 01:49 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-11-12 01:49 . 2014-10-01 09:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-12 01:49 . 2014-10-01 09:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-12 01:49 . 2014-10-01 09:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-12 01:25 . 2014-11-12 01:25 -------- d-----w- c:\program files (x86)\ERUNT 2014-11-11 13:24 . 2014-11-14 10:23 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C2E2CCE-7F09-44B1-9DC9-130590E179DE}\offreg.dll 2014-11-11 13:23 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C2E2CCE-7F09-44B1-9DC9-130590E179DE}\mpengine.dll 2014-11-03 12:49 . 2014-11-03 12:49 -------- d-----w- c:\windows\system32\%LOCALAPPDATA% 2014-11-01 22:22 . 2014-11-13 19:45 -------- d-----w- C:\FRST . . . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-07 04:35 . 2013-06-02 22:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-11-07 04:35 . 2013-06-02 22:18 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-10-28 04:34 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-08-28 09:52 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-08-24 15:59 222832 ----a-w- c:\users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-08-24 15:59 222832 ----a-w- c:\users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-08-24 15:59 222832 ----a-w- c:\users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{B2E9CACA-0687-40F6-843E-89F38F8D1E25}" [HKEY_CLASSES_ROOT\CLSID\{B2E9CACA-0687-40F6-843E-89F38F8D1E25}] 2011-12-02 15:37 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2011-12-02 15:37 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-27 39408] "Spotify Web Helper"="c:\users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-08 1514040] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "LaCie Desktop Manager Startup"="c:\program files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe" [2012-10-10 3460608] "Spotify"="c:\users\Aura\AppData\Roaming\Spotify\spotify.exe" [2014-10-08 6553144] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2012-03-21 255208] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-06 291608] "IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752] "FJ Camera_Monitor"="c:\program files (x86)\FJ Camera\monitor.exe" [2011-04-29 275320] "DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2013-12-11 101728] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\lcStarter.exe [2012-1-19 21504] newreminderdialog.lnk - c:\program files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe [2012-1-25 931096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772b.sys;c:\windows\SYSNATIVE\DRIVERS\ax88772b.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD Scan -tuki UMB:n välityksellä;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [x] R4 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x] R4 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x] R4 FUJ02E3Service;FUJ02E3Service;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe;c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe [x] R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] R4 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x] R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] R4 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x] R4 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x] R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x] S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys;c:\windows\SYSNATIVE\Drivers\FBIOSDRV.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x] S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x] S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x] S2 ClickToRunSvc;Microsoft Officen pika-asennus;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie9\Genie Timeline\GenieTimelineService.exe;c:\program files\Genie9\Genie Timeline\GenieTimelineService.exe [x] S2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys;c:\windows\SYSNATIVE\drivers\FUJ02E3.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x] S4 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [x] S4 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys;c:\windows\SYSNATIVE\drivers\fses.sys [x] S4 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys;c:\windows\SYSNATIVE\drivers\fsdfw.sys [x] S4 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [x] . . --- Muut muistissa olevat ajurit/palvelut --- . *Deregistered* - F-Secure Gatekeeper *Deregistered* - fsbts *Deregistered* - fsni . 'Ajoitetut tehtävät'-kansion sisältö . 2014-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-02 04:35] . 2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27 17:50] . 2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfe70e239f86ba.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27 17:50] . 2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfff54ceef47df.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27 17:50] . 2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27 17:50] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-08-24 15:59 261744 ----a-w- c:\users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-08-24 15:59 261744 ----a-w- c:\users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-08-24 15:59 261744 ----a-w- c:\users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{B2E9CACA-0687-40F6-843E-89F38F8D1E25}" [HKEY_CLASSES_ROOT\CLSID\{B2E9CACA-0687-40F6-843E-89F38F8D1E25}] 2011-12-02 15:37 191504 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2011-12-02 15:37 191504 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992] "PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2011-10-03 205168] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-25 439064] "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2011-09-30 158024] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\fuj02e3.exe" [2012-01-17 76104] "LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2011-09-30 23368] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-25 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-25 398616] "AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576] "AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416] . ------- Täydentävä tarkistus ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.fujitsu.com/fts mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 86.50.64.3 86.50.64.35 FF - ProfilePath - c:\users\Aura\AppData\Roaming\Mozilla\Firefox\Profiles\ani7ov2f.default-1399713036171\ . - - - - POISTETUT JÄMÄRIVIT - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-LaCie Desktop Manager Launcher - c:\program files\LaCie\Desktop Manager\lacie_launcherd.exe AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe . . . --------------------- LUKITUT REKISTERIAVAIMET --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Valmistumisajankohta: 2014-11-14 12:37:42 ComboFix-quarantined-files.txt 2014-11-14 10:37 . Ennen ajoa: 5 154 553 856 tavua vapaana Ajon jälkeen: 5 303 676 928 tavua vapaana . - - End Of File - - DB2842EFAB744D5E6B619D4008338308
-
Hi, Thanks for the fast reply. Everything went fine but when I run FRST again I forgot to shut down F-Secure before that and during the scan F-Secure deep guard blocked a harmful program called Aut2Exe If you want me to run FRST again with F-secure being closed, I can do that With the past steps, F-Secure was always closed but with the current FRST step I forgot after the re-boot I did after scanning with TFC. PS. after the reboot from TFC, still the Windows updates failed. Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 Ran by Aura (administrator) on AURA-PC on 13-11-2014 21:44:38 Running from C:\Users\Aura\Desktop Loaded Profile: Aura (Available profiles: Aura) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: suomi (Suomi) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSMA32.EXE (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSHDLL32.EXE () C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSHDLL64.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FNRB32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FIH32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Atheros Communications) C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Spotify Ltd) C:\Users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe () C:\Program Files (x86)\FJ Camera\Monitor.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSM32.EXE (Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-06] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED) HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2012-01-17] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED) HKLM\...\Run: [LaCie Desktop Manager Launcher] => "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe" HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe [1020576 2012-02-23] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe [800416 2012-02-23] (Atheros Commnucations) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation) HKLM-x32\...\Run: [indicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED) HKLM-x32\...\Run: [FJ Camera_Monitor] => C:\Program Files (x86)\FJ Camera\monitor.exe [275320 2011-04-29] () HKLM-x32\...\Run: [F-Secure TNB] => C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [1826984 2013-02-04] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [349864 2013-02-04] (F-Secure Corporation) HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-12-11] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-27] (Google Inc.) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [spotify Web Helper] => C:\Users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [LaCie Desktop Manager Startup] => C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe [3460608 2012-10-10] () HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [spotify] => C:\Users\Aura\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-08] (Spotify Ltd) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => No File ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => No File ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {B2E9CACA-0687-40F6-843E-89F38F8D1E25} => C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {B2E9CACA-0687-40F6-843E-89F38F8D1E25} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsu.com/fts HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu.com/fts HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH; HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH; SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File Toolbar: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 86.50.64.3 86.50.64.35 FireFox: ======== FF ProfilePath: C:\Users\Aura\AppData\Roaming\Mozilla\Firefox\Profiles\ani7ov2f.default-1399713036171 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bookplus-fi.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-fi.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-fi.xml Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) S4 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc) S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [225448 2013-02-04] (F-Secure Corporation) R3 F-Secure Network Request Broker; C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [218280 2013-02-04] (F-Secure Corporation) R2 fsdevcon; C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe [516776 2013-02-04] (F-Secure Corporation) R3 FSDFWD; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [850088 2013-02-04] (F-Secure Corporation) R2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [188584 2013-02-04] (F-Secure Corporation) R3 FSORSPClient; C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [60352 2013-11-03] (F-Secure Corporation) S4 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2012-01-17] (FUJITSU LIMITED) R2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [662104 2012-09-16] (Genie9) S4 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-03-07] (Intel Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) R2 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1379840 2012-10-10] () [File not signed] S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) S4 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed] S4 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [98816 2010-12-31] (ASIX Electronics Corp.) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [348560 2011-12-02] (EldoS Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) S4 F-Secure Filter; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41512 2013-02-04] () R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [203304 2014-06-11] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation) S4 F-Secure Recognizer; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [26792 2013-02-04] () R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-11-03] () R1 FSES; C:\Windows\System32\drivers\fses.sys [45480 2013-02-04] (F-Secure Corporation) R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [96168 2013-02-04] (F-Secure Corporation) R3 fsni; C:\Program Files (x86)\F-Secure\NIF\bin\fsni64.sys [89640 2014-07-09] (F-Secure Corporation) R1 fsvista; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [14504 2013-02-04] () R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-07] (Intel Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-13] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2613368 2012-02-08] (Sunplus Technology) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-13 21:44 - 2014-11-13 21:44 - 00020585 _____ () C:\Users\Aura\Desktop\FRST.txt 2014-11-13 21:43 - 2014-11-13 21:43 - 02116608 _____ (Farbar) C:\Users\Aura\Desktop\FRST64.exe 2014-11-13 21:40 - 2014-11-13 21:40 - 00000000 ___RD () C:\Users\Aura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-11-13 21:32 - 2014-11-13 21:32 - 00448512 _____ (OldTimer Tools) C:\Users\Aura\Desktop\TFC.exe 2014-11-13 21:29 - 2014-11-13 21:29 - 00004649 _____ () C:\Users\Aura\Desktop\JavaRa.log 2014-11-13 21:29 - 2014-11-13 21:29 - 00004649 _____ () C:\JavaRa.log 2014-11-13 21:24 - 2014-11-13 21:25 - 00000000 ____D () C:\Users\Aura\Desktop\RemoveJava 2014-11-13 21:24 - 2014-11-13 21:24 - 00165800 _____ () C:\Users\Aura\Downloads\JavaRa-1.16-20-1-14.zip 2014-11-13 17:16 - 2014-11-13 17:16 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff54ceef47df.job 2014-11-13 03:40 - 2014-11-13 03:40 - 02347384 _____ (ESET) C:\Users\Aura\Downloads\esetsmartinstaller_enu.exe 2014-11-13 03:08 - 2014-11-13 03:08 - 00001107 _____ () C:\Users\Aura\Desktop\AdwCleaner[s0].txt 2014-11-13 03:01 - 2014-11-13 03:05 - 00000000 ____D () C:\AdwCleaner 2014-11-13 03:00 - 2014-11-13 03:00 - 02140160 _____ () C:\Users\Aura\Desktop\AdwCleaner.exe 2014-11-13 02:54 - 2014-11-13 02:54 - 00001989 _____ () C:\Users\Aura\Desktop\JRT.txt 2014-11-13 02:49 - 2014-11-13 02:49 - 00000000 ____D () C:\Windows\ERUNT 2014-11-13 02:45 - 2014-11-13 02:45 - 01706808 _____ (Thisisu) C:\Users\Aura\Desktop\JRT.exe 2014-11-12 14:08 - 2014-11-13 03:06 - 00000512 _____ () C:\Windows\Tasks\Scheduled scanning task.job 2014-11-12 04:12 - 2014-11-12 04:12 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-11-12 04:12 - 2014-11-12 04:12 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-11-12 04:09 - 2014-11-12 04:09 - 17528920 _____ () C:\Users\Aura\Desktop\RogueKillerX64.exe 2014-11-12 03:56 - 2014-11-12 03:56 - 00001212 _____ () C:\Users\Aura\Desktop\malwarebytes.txt 2014-11-12 03:49 - 2014-11-13 03:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-12 03:49 - 2014-11-12 03:49 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-12 03:49 - 2014-11-12 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-12 03:49 - 2014-11-12 03:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-12 03:49 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-12 03:49 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-12 03:49 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-12 03:41 - 2014-11-12 03:48 - 00000000 ____D () C:\Users\Aura\Desktop\12.11.2014 2014-11-12 03:38 - 2014-11-12 03:39 - 00002338 _____ () C:\Users\Aura\Desktop\Rkill.txt 2014-11-12 03:31 - 2014-11-13 03:06 - 00023456 _____ () C:\Windows\PFRO.log 2014-11-12 03:30 - 2014-11-12 03:30 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aura\Downloads\mbam-clean-2.1.1.1001.exe 2014-11-12 03:27 - 2014-11-12 03:27 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Aura\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-12 03:26 - 2014-11-12 03:26 - 00000000 ____D () C:\Windows\ERDNT 2014-11-12 03:25 - 2014-11-12 03:25 - 00000934 _____ () C:\Users\Aura\Desktop\NTREGOPT.lnk 2014-11-12 03:25 - 2014-11-12 03:25 - 00000915 _____ () C:\Users\Aura\Desktop\ERUNT.lnk 2014-11-12 03:25 - 2014-11-12 03:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-11-12 03:25 - 2014-11-12 03:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-11-12 03:24 - 2014-11-12 03:24 - 00791393 _____ (Lars Hederer ) C:\Users\Aura\Downloads\erunt-setup.exe 2014-11-12 03:22 - 2014-11-12 03:22 - 00002338 _____ () C:\Users\Aura\Desktop\RkillOLD.txt 2014-11-12 03:20 - 2014-11-12 03:20 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Aura\Desktop\rkill.exe 2014-11-10 23:02 - 2014-11-12 18:35 - 00016044 _____ () C:\Users\Aura\Desktop\canada.odt 2014-11-05 18:23 - 2014-11-05 18:23 - 00041921 _____ () C:\Users\Aura\Desktop\Tulokset.Aura.odt 2014-11-03 14:49 - 2014-11-03 14:49 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA% 2014-11-02 00:22 - 2014-11-13 21:44 - 00000000 ____D () C:\FRST 2014-10-31 17:10 - 2014-10-31 15:18 - 00018858 _____ () C:\Users\Aura\Documents\VARAUKSET_marraskuu14.doc_1_1.odt 2014-10-30 21:39 - 2014-10-30 19:38 - 00018897 _____ () C:\Users\Aura\Documents\VARAUKSET_marraskuu14.doc_1.odt 2014-10-29 17:04 - 2014-10-29 17:42 - 00088062 _____ () C:\Users\Aura\Desktop\Auran_Kandi.odt 2014-10-26 11:06 - 2014-10-26 11:06 - 00117456 _____ () C:\Users\Aura\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-26 11:05 - 2014-11-13 21:39 - 00005970 _____ () C:\Windows\setupact.log 2014-10-26 11:05 - 2014-10-26 11:05 - 00468936 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-26 11:05 - 2014-10-26 11:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-25 17:21 - 2014-10-25 17:21 - 00000000 _____ () C:\Users\Aura\AppData\Local\{5ACB0575-A6D6-4D38-B336-42B2FA1BB4B8} 2014-10-22 01:01 - 2014-10-23 10:17 - 00019032 _____ () C:\Users\Aura\Desktop\kandi ajatuksia.odt 2014-10-19 09:09 - 2014-10-18 12:34 - 00016874 _____ () C:\Users\Aura\Documents\VARAUKSET_lokakuu14.doc_0.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-13 21:43 - 2013-05-28 03:55 - 01574225 _____ () C:\Windows\WindowsUpdate.log 2014-11-13 21:41 - 2013-08-01 18:24 - 00000000 ____D () C:\Users\Aura\AppData\Roaming\Spotify 2014-11-13 21:41 - 2013-05-27 19:06 - 00000000 ____D () C:\Users\Aura\Documents\Youcam 2014-11-13 21:40 - 2013-05-27 18:57 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-13 21:39 - 2014-05-02 12:08 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt 2014-11-13 21:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-13 21:27 - 2013-05-27 18:57 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-13 21:19 - 2013-06-03 00:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-13 17:40 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-13 17:40 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-13 17:16 - 2014-10-13 19:50 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfe70e239f86ba.job 2014-11-13 00:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-12 14:08 - 2009-07-14 07:08 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-12 03:39 - 2013-05-27 19:02 - 00000000 ____D () C:\Users\Aura\AppData\Local\VirtualStore 2014-11-12 03:32 - 2013-08-01 18:24 - 00000000 ____D () C:\Users\Aura\AppData\Local\Spotify 2014-11-12 03:30 - 2013-10-31 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-12 03:29 - 2013-07-19 23:19 - 00000000 ____D () C:\Users\Aura\AppData\Local\CrashDumps 2014-11-10 18:33 - 2013-10-02 09:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 18:33 - 2013-06-02 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-09 00:59 - 2013-06-22 18:12 - 00000000 ____D () C:\Users\Aura\AppData\Roaming\vlc 2014-11-09 00:46 - 2014-05-02 12:08 - 00000004 _____ () C:\Windows\system32\devicelist.txt 2014-11-09 00:46 - 2014-05-02 12:08 - 00000004 _____ () C:\Windows\system32\devicealertlist.txt 2014-11-08 07:20 - 2013-05-27 18:58 - 00000000 ____D () C:\Users\Aura 2014-11-07 06:35 - 2013-06-03 00:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-07 06:35 - 2013-06-03 00:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-07 06:34 - 2014-06-23 19:59 - 00000000 ____D () C:\Users\Aura\AppData\Local\Adobe 2014-11-06 18:36 - 2014-09-08 12:17 - 00017847 _____ () C:\Users\Aura\Desktop\SynttäriOhjaajille_sopivat.odt 2014-11-06 15:20 - 2013-05-27 19:01 - 00000000 ____D () C:\Users\Aura\Documents\Bluetooth Folder 2014-11-01 23:58 - 2013-06-22 18:06 - 00000000 ____D () C:\Users\Aura\Tavaraa 2014-10-31 19:48 - 2013-06-19 13:19 - 00000000 ____D () C:\Users\Aura\Desktop\Kouluhommat 2014-10-30 15:44 - 2013-07-11 05:18 - 00039424 _____ () C:\Users\Aura\Desktop\Palleroiden budjetti.xls 2014-10-28 06:34 - 2010-11-21 05:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-25 18:14 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-25 07:28 - 2012-01-07 06:26 - 00516982 _____ () C:\Windows\system32\perfh00B.dat 2014-10-25 07:28 - 2012-01-07 06:26 - 00115328 _____ () C:\Windows\system32\perfc00B.dat 2014-10-25 07:28 - 2009-07-14 07:13 - 01438326 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-17 10:19 - 2013-07-19 19:41 - 00000000 ____D () C:\Users\Default\AppData\Local\ifolor 2014-10-17 10:19 - 2013-07-19 19:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\ifolor 2014-10-17 10:19 - 2013-07-19 19:41 - 00000000 ____D () C:\Program Files (x86)\ifolor 2014-10-17 10:18 - 2013-05-27 18:57 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-17 10:13 - 2014-10-13 19:51 - 00000000 ___RD () C:\Users\Aura\Google Drive ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 15:33 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014 Ran by Aura at 2014-11-13 21:45:00 Running from C:\Users\Aura\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: F-Secure Client Security 10.00 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17} AS: F-Secure Client Security 10.00 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: F-Secure Client Security 10.00 (Enabled) {2D7AC0A6-6241-D774-E168-461178D9686C} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Office Systemin yhteensopivuuspaketti (HKLM-x32\...\{90120000-0020-040B-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) - Suomi (HKLM-x32\...\{AC76BA86-7AD7-1035-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.125 - Atheros) Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros) CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1521 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.15.0134 - Fujitsu Technology Solutions) DirectVobSub 2.41.7259 (5d3641a) Beta (HKLM-x32\...\vsfilter_is1) (Version: 2.41.7259 - MPC-HC Team) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation) FJ Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.3.6.11 - SunplusIT) F-Secure Client Security - Browsing protection (HKLM-x32\...\F-Secure Browsing Protection) (Version: 2.00.349 - F-Secure Corporation) F-Secure Client Security - DeepGuard (HKLM-x32\...\F-Secure HIPS) (Version: 4.10.210 - F-Secure Corporation) F-Secure Client Security - Device control (HKLM-x32\...\F-Secure Device Control) (Version: 1.00.17478 - F-Secure Corporation) F-Secure Client Security - E-Mail Scanning (HKLM-x32\...\F-Secure E-mail Scanning) (Version: 6.00.525 - F-Secure Corporation) F-Secure Client Security - Internet Shield (HKLM-x32\...\F-Secure Internet Shield) (Version: 6.29 - F-Secure Corporation) F-Secure Client Security - Web traffic scanning (HKLM-x32\...\F-Secure Protocol Scanner) (Version: 3.00.339 - F-Secure Corporation) F-Secure Client Security - Virus & Spy Protection (HKLM-x32\...\F-Secure Anti-Virus) (Version: 9.50.19031 - F-Secure Corporation) Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED) Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.002 - FUJITSU LIMITED) Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.002 - FUJITSU LIMITED) Hidden Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.5.0 - FUJITSU LIMITED) Fujitsu System Extension Utility (Version: 3.4.5.0 - FUJITSU LIMITED) Hidden Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 3.0 - Genie9) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1022 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LaCie Desktop Manager 1.5.5 (HKLM\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 1.5.5 - LaCie) LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED) LIFEBOOK Application Panel (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (suomi) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 365 - fi-fi (HKLM\...\O365HomePremRetail - fi-fi) (Version: 15.0.4659.1001 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{9085040B-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-040B-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Tallenna PDF-muodossa -apuohjelma 2007 Microsoft Office -ohjelmiin (HKLM-x32\...\{90120000-00B0-040B-0000-0000000FF1CE}) (Version: 12.0.4518.1021 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 fi) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 fi)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{955C3F64-C693-41E6-B9D5-A505A5C41B52}) (Version: 4.01.9714 - Apache Software Foundation) Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED) Plugfree NETWORK (Version: 6.2.001 - FUJITSU LIMITED) Hidden Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.039 - FUJITSU LIMITED) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30129 - Realtek Semiconductor Corp.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.44.1 - Synaptics Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wuala (HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Wuala) (Version: 1.0.391.0 - LaCie) Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.102.0 - LaCie) Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.1 - LaCie) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Aura\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 10-11-2014 19:42:23 Windows Update 11-11-2014 05:18:18 Windows Update 11-11-2014 12:27:20 Windows Update 11-11-2014 12:34:53 Windows Update 11-11-2014 19:36:02 Windows Update 12-11-2014 01:29:11 Windows Update 12-11-2014 11:39:09 Windows Update 12-11-2014 11:47:02 Windows Update 12-11-2014 19:59:07 Windows Update 13-11-2014 00:59:27 Windows Update 13-11-2014 15:15:15 Windows Update 13-11-2014 15:22:47 Windows Update 13-11-2014 19:22:34 Removed Java 7 Update 67 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {353C79F2-2710-47EE-9EAC-3A04F0D6A2EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.) Task: {35EF3362-319D-4FA6-9986-3882D3C7A000} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation) Task: {4A5DDF55-3C2F-4145-BA3D-79BCD3C6A819} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-03-07] (Intel) Task: {5830DCE7-2B23-40C2-A797-A7ADDD7646FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd) Task: {694F2E52-0D66-4CA5-85AB-4837E04C061A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {8BE100AF-3E32-402E-82B0-CDFB91EB9B05} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation) Task: {9FA4D67A-B8F3-483B-8027-587C59C842F5} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-12-11] (Fujitsu Technology Solutions) Task: {C082F87D-D3A8-45C3-A8F4-160887E3F1F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-07] (Adobe Systems Incorporated) Task: {CD9D890E-6E39-45C3-AAAC-4041665D8A5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.) Task: {E49FEAE1-A6E1-40A5-BFBE-FE000A96B838} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\F-Secure\Anti-Virus\fsav.exe [2013-02-04] (F-Secure Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfe70e239f86ba.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff54ceef47df.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\F-Secure\ANTI-V~1\fsav.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-02 11:26 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2012-09-10 16:29 - 2012-09-10 16:29 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.dll 2012-04-24 11:29 - 2012-04-24 11:29 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.dll 2012-09-10 16:29 - 2012-09-10 16:29 - 00488960 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.dll 2012-02-02 11:16 - 2012-02-02 11:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.dll 2012-04-24 11:29 - 2012-04-24 11:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.dll 2012-09-10 16:29 - 2012-09-10 16:29 - 00205824 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.dll 2012-04-24 11:29 - 2012-04-24 11:29 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.dll 2012-09-10 16:29 - 2012-09-10 16:29 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.dll 2012-09-10 16:29 - 2012-09-10 16:29 - 00708608 _____ () C:\Program Files\Genie9\Genie Timeline\GSBackupManager.dll 2012-09-10 16:29 - 2012-09-10 16:29 - 00343552 _____ () C:\Program Files\Genie9\Genie Timeline\GSWatcher4.dll 2012-09-10 16:29 - 2012-09-10 16:29 - 00054784 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogManager.dll 2012-02-02 11:16 - 2012-02-02 11:16 - 00010752 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_Proxy.dll 2012-04-24 11:29 - 2012-04-24 11:29 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.dll 2014-05-02 12:08 - 2012-10-10 15:50 - 01379840 _____ () C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe 2012-09-10 16:29 - 2012-09-10 16:29 - 00063488 _____ () C:\Program Files\Genie9\Genie Timeline\XBalloonMsgDll.dll 2012-04-24 11:29 - 2012-04-24 11:29 - 00093696 _____ () C:\Program Files\Genie9\Genie Timeline\GSCurl.dll 2012-02-08 02:59 - 2012-01-18 08:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-05-02 12:08 - 2012-10-10 15:47 - 03460608 _____ () C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe 2011-04-29 10:47 - 2011-04-29 10:47 - 00275320 _____ () C:\Program Files (x86)\FJ Camera\Monitor.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: EPLTarget => ========================= Accounts: ========================== Aura (S-1-5-21-3885904128-3305184429-1650825724-1000 - Administrator - Enabled) => C:\Users\Aura HomeGroupUser$ (S-1-5-21-3885904128-3305184429-1650825724-1002 - Limited - Enabled) Järjestelmänvalvoja (S-1-5-21-3885904128-3305184429-1650825724-500 - Administrator - Disabled) Vieras (S-1-5-21-3885904128-3305184429-1650825724-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/13/2014 09:45:02 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 1 2014-11-13 21:45:02+02:00 aura-pc SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\windows\mod_frst.exe File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4 Error: (11/13/2014 09:41:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/13/2014 09:23:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (11/13/2014 09:22:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa. Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Semaforin aikakatkaisun määräaika on lopussa. . Error: (11/13/2014 09:22:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa. Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Semaforin aikakatkaisun määräaika on lopussa. . Error: (11/13/2014 05:35:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/13/2014 05:22:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa. Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Pyyntö epäonnistui I/O-laitevirheen vuoksi. . Error: (11/13/2014 05:22:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa. Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Semaforin aikakatkaisun määräaika on lopussa. . Error: (11/13/2014 05:15:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: 80004005 Error: (11/13/2014 05:15:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa. Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Pyyntö epäonnistui I/O-laitevirheen vuoksi. . System errors: ============= Error: (11/13/2014 09:42:13 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa. Error: (11/13/2014 09:42:13 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa. Error: (11/13/2014 09:42:06 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: ) Description: \Device\HarddiskVolume2\Program Files (x86)\Google\GoogleToolbarNotifier\5....swg.dll Error: (11/13/2014 09:42:04 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa. Error: (11/13/2014 09:41:54 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa. Error: (11/13/2014 09:41:53 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa. Error: (11/13/2014 09:41:52 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa. Error: (11/13/2014 09:41:52 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa. Error: (11/13/2014 09:41:42 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa. Error: (11/13/2014 09:41:32 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa. Microsoft Office Sessions: ========================= Error: (11/13/2014 09:45:02 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: ) Description: 1 2014-11-13 21:45:02+02:00 aura-pc SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\windows\mod_frst.exe File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4 Error: (11/13/2014 09:41:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/13/2014 09:23:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (11/13/2014 09:22:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Semaforin aikakatkaisun määräaika on lopussa. Error: (11/13/2014 09:22:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Semaforin aikakatkaisun määräaika on lopussa. Error: (11/13/2014 05:35:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/13/2014 05:22:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Pyyntö epäonnistui I/O-laitevirheen vuoksi. Error: (11/13/2014 05:22:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Semaforin aikakatkaisun määräaika on lopussa. Error: (11/13/2014 05:15:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: 80004005 Error: (11/13/2014 05:15:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Pyyntö epäonnistui I/O-laitevirheen vuoksi. CodeIntegrity Errors: =================================== Date: 2013-11-01 20:59:12.242 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-01 19:47:26.306 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-01 19:20:23.227 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-01 18:43:51.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-01 01:37:31.384 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-01 01:28:04.368 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 23:05:02.434 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 22:54:36.025 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 22:06:00.271 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 21:49:15.700 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-3517U CPU @ 1.90GHz Percentage of memory in use: 47% Total physical RAM: 3956.1 MB Available physical RAM: 2081.92 MB Total Pagefile: 7286.43 MB Available Pagefile: 5111.89 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:100 GB) (Free:4.81 GB) NTFS Drive d: (Data) (Fixed) (Total:2.23 GB) (Free:1.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 82186852) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=117.2 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 984CEDD0) Partition 1: (Not Active) - (Size=8 GB) - (Type=84) Partition 2: (Not Active) - (Size=21.8 GB) - (Type=73) ==================== End Of Log ============================ JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Nov 13 21:29:08 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\Classes\JavaPlugin.10512 ------------------------------------ Finished reporting.
-
Hi again, ESET took quite a while but didn't find anything. Here is the log from Farbar: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Aura (administrator) on AURA-PC on 13-11-2014 04:26:48 Running from C:\Users\Aura\Desktop Loaded Profile: Aura (Available profiles: Aura) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: suomi (Suomi) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSMA32.EXE (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSHDLL32.EXE () C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSHDLL64.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FNRB32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FIH32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Atheros Communications) C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Spotify Ltd) C:\Users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe () C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe () C:\Program Files (x86)\FJ Camera\Monitor.exe (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe (Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-06] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED) HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2012-01-17] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED) HKLM\...\Run: [LaCie Desktop Manager Launcher] => "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe" HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe [1020576 2012-02-23] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe [800416 2012-02-23] (Atheros Commnucations) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [indicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED) HKLM-x32\...\Run: [FJ Camera_Monitor] => C:\Program Files (x86)\FJ Camera\monitor.exe [275320 2011-04-29] () HKLM-x32\...\Run: [F-Secure TNB] => C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [1826984 2013-02-04] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [349864 2013-02-04] (F-Secure Corporation) HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-12-11] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-27] (Google Inc.) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [spotify Web Helper] => C:\Users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [LaCie Desktop Manager Startup] => C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe [3460608 2012-10-10] () HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [spotify] => C:\Users\Aura\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-08] (Spotify Ltd) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => No File ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => No File ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {B2E9CACA-0687-40F6-843E-89F38F8D1E25} => C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {B2E9CACA-0687-40F6-843E-89F38F8D1E25} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsu.com/fts HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu.com/fts HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH; HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH; SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File Toolbar: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3885904128-3305184429-1650825724-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 86.50.64.3 86.50.64.35 FireFox: ======== FF ProfilePath: C:\Users\Aura\AppData\Roaming\Mozilla\Firefox\Profiles\ani7ov2f.default-1399713036171 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bookplus-fi.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-fi.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-fi.xml Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) S4 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc) S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [225448 2013-02-04] (F-Secure Corporation) R3 F-Secure Network Request Broker; C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [218280 2013-02-04] (F-Secure Corporation) R2 fsdevcon; C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe [516776 2013-02-04] (F-Secure Corporation) R3 FSDFWD; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [850088 2013-02-04] (F-Secure Corporation) R2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [188584 2013-02-04] (F-Secure Corporation) R3 FSORSPClient; C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [60352 2013-11-03] (F-Secure Corporation) S4 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2012-01-17] (FUJITSU LIMITED) R2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [662104 2012-09-16] (Genie9) S4 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-03-07] (Intel Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) R2 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1379840 2012-10-10] () [File not signed] S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) S4 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed] S4 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [98816 2010-12-31] (ASIX Electronics Corp.) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [348560 2011-12-02] (EldoS Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) S4 F-Secure Filter; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41512 2013-02-04] () R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [203304 2014-06-11] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation) S4 F-Secure Recognizer; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [26792 2013-02-04] () R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-11-03] () R1 FSES; C:\Windows\System32\drivers\fses.sys [45480 2013-02-04] (F-Secure Corporation) R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [96168 2013-02-04] (F-Secure Corporation) R3 fsni; C:\Program Files (x86)\F-Secure\NIF\bin\fsni64.sys [89640 2014-07-09] (F-Secure Corporation) R1 fsvista; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [14504 2013-02-04] () R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-07] (Intel Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-13] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2613368 2012-02-08] (Sunplus Technology) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-13 04:24 - 2014-11-13 04:24 - 02116096 _____ (Farbar) C:\Users\Aura\Desktop\FRST64.exe 2014-11-13 03:40 - 2014-11-13 03:40 - 02347384 _____ (ESET) C:\Users\Aura\Downloads\esetsmartinstaller_enu.exe 2014-11-13 03:18 - 2014-11-13 03:18 - 00000000 ___RD () C:\Users\Aura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-11-13 03:08 - 2014-11-13 03:08 - 00001107 _____ () C:\Users\Aura\Desktop\AdwCleaner[s0].txt 2014-11-13 03:01 - 2014-11-13 03:05 - 00000000 ____D () C:\AdwCleaner 2014-11-13 03:00 - 2014-11-13 03:00 - 02140160 _____ () C:\Users\Aura\Desktop\AdwCleaner.exe 2014-11-13 02:54 - 2014-11-13 02:54 - 00001989 _____ () C:\Users\Aura\Desktop\JRT.txt 2014-11-13 02:49 - 2014-11-13 02:49 - 00000000 ____D () C:\Windows\ERUNT 2014-11-13 02:45 - 2014-11-13 02:45 - 01706808 _____ (Thisisu) C:\Users\Aura\Desktop\JRT.exe 2014-11-12 14:08 - 2014-11-13 03:06 - 00000512 _____ () C:\Windows\Tasks\Scheduled scanning task.job 2014-11-12 04:12 - 2014-11-12 04:12 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-11-12 04:12 - 2014-11-12 04:12 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-11-12 04:09 - 2014-11-12 04:09 - 17528920 _____ () C:\Users\Aura\Desktop\RogueKillerX64.exe 2014-11-12 03:56 - 2014-11-12 03:56 - 00001212 _____ () C:\Users\Aura\Desktop\malwarebytes.txt 2014-11-12 03:49 - 2014-11-13 03:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-12 03:49 - 2014-11-12 03:49 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-12 03:49 - 2014-11-12 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-12 03:49 - 2014-11-12 03:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-12 03:49 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-12 03:49 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-12 03:49 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-12 03:41 - 2014-11-12 03:48 - 00000000 ____D () C:\Users\Aura\Desktop\12.11.2014 2014-11-12 03:38 - 2014-11-12 03:39 - 00002338 _____ () C:\Users\Aura\Desktop\Rkill.txt 2014-11-12 03:31 - 2014-11-13 03:06 - 00023456 _____ () C:\Windows\PFRO.log 2014-11-12 03:30 - 2014-11-12 03:30 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aura\Downloads\mbam-clean-2.1.1.1001.exe 2014-11-12 03:27 - 2014-11-12 03:27 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Aura\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-12 03:26 - 2014-11-12 03:26 - 00000000 ____D () C:\Windows\ERDNT 2014-11-12 03:25 - 2014-11-12 03:25 - 00000934 _____ () C:\Users\Aura\Desktop\NTREGOPT.lnk 2014-11-12 03:25 - 2014-11-12 03:25 - 00000915 _____ () C:\Users\Aura\Desktop\ERUNT.lnk 2014-11-12 03:25 - 2014-11-12 03:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-11-12 03:25 - 2014-11-12 03:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-11-12 03:24 - 2014-11-12 03:24 - 00791393 _____ (Lars Hederer ) C:\Users\Aura\Downloads\erunt-setup.exe 2014-11-12 03:22 - 2014-11-12 03:22 - 00002338 _____ () C:\Users\Aura\Desktop\RkillOLD.txt 2014-11-12 03:20 - 2014-11-12 03:20 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Aura\Desktop\rkill.exe 2014-11-10 23:02 - 2014-11-12 18:35 - 00016044 _____ () C:\Users\Aura\Desktop\canada.odt 2014-11-05 18:23 - 2014-11-05 18:23 - 00041921 _____ () C:\Users\Aura\Desktop\Tulokset.Aura.odt 2014-11-03 14:49 - 2014-11-03 14:49 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA% 2014-11-02 00:22 - 2014-11-13 04:26 - 00022440 _____ () C:\Users\Aura\Desktop\FRST.txt 2014-11-02 00:22 - 2014-11-13 04:26 - 00000000 ____D () C:\FRST 2014-10-31 17:10 - 2014-10-31 15:18 - 00018858 _____ () C:\Users\Aura\Documents\VARAUKSET_marraskuu14.doc_1_1.odt 2014-10-30 21:39 - 2014-10-30 19:38 - 00018897 _____ () C:\Users\Aura\Documents\VARAUKSET_marraskuu14.doc_1.odt 2014-10-29 17:04 - 2014-10-29 17:42 - 00088062 _____ () C:\Users\Aura\Desktop\Auran_Kandi.odt 2014-10-26 11:06 - 2014-10-26 11:06 - 00117456 _____ () C:\Users\Aura\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-26 11:05 - 2014-11-13 03:17 - 00005746 _____ () C:\Windows\setupact.log 2014-10-26 11:05 - 2014-10-26 11:05 - 00468936 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-26 11:05 - 2014-10-26 11:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-25 17:21 - 2014-10-25 17:21 - 00000000 _____ () C:\Users\Aura\AppData\Local\{5ACB0575-A6D6-4D38-B336-42B2FA1BB4B8} 2014-10-22 01:01 - 2014-10-23 10:17 - 00019032 _____ () C:\Users\Aura\Desktop\kandi ajatuksia.odt 2014-10-19 09:09 - 2014-10-18 12:34 - 00016874 _____ () C:\Users\Aura\Documents\VARAUKSET_lokakuu14.doc_0.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-13 04:27 - 2013-05-27 18:57 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-13 04:18 - 2013-06-03 00:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-13 03:28 - 2013-05-28 03:55 - 01468623 _____ () C:\Windows\WindowsUpdate.log 2014-11-13 03:24 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-13 03:24 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-13 03:19 - 2013-08-01 18:24 - 00000000 ____D () C:\Users\Aura\AppData\Roaming\Spotify 2014-11-13 03:18 - 2013-05-27 19:06 - 00000000 ____D () C:\Users\Aura\Documents\Youcam 2014-11-13 03:18 - 2013-05-27 18:57 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-13 03:17 - 2014-05-02 12:08 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt 2014-11-13 03:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-13 00:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-12 14:08 - 2009-07-14 07:08 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-12 03:39 - 2013-05-27 19:02 - 00000000 ____D () C:\Users\Aura\AppData\Local\VirtualStore 2014-11-12 03:32 - 2013-08-01 18:24 - 00000000 ____D () C:\Users\Aura\AppData\Local\Spotify 2014-11-12 03:30 - 2013-10-31 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-12 03:29 - 2013-07-19 23:19 - 00000000 ____D () C:\Users\Aura\AppData\Local\CrashDumps 2014-11-10 18:33 - 2013-10-02 09:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 18:33 - 2013-06-02 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-09 00:59 - 2013-06-22 18:12 - 00000000 ____D () C:\Users\Aura\AppData\Roaming\vlc 2014-11-09 00:46 - 2014-05-02 12:08 - 00000004 _____ () C:\Windows\system32\devicelist.txt 2014-11-09 00:46 - 2014-05-02 12:08 - 00000004 _____ () C:\Windows\system32\devicealertlist.txt 2014-11-08 07:20 - 2013-05-27 18:58 - 00000000 ____D () C:\Users\Aura 2014-11-07 06:35 - 2013-06-03 00:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-07 06:35 - 2013-06-03 00:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-07 06:34 - 2014-06-23 19:59 - 00000000 ____D () C:\Users\Aura\AppData\Local\Adobe 2014-11-06 18:36 - 2014-09-08 12:17 - 00017847 _____ () C:\Users\Aura\Desktop\SynttäriOhjaajille_sopivat.odt 2014-11-06 15:20 - 2013-05-27 19:01 - 00000000 ____D () C:\Users\Aura\Documents\Bluetooth Folder 2014-11-01 23:58 - 2013-06-22 18:06 - 00000000 ____D () C:\Users\Aura\Tavaraa 2014-10-31 19:48 - 2013-06-19 13:19 - 00000000 ____D () C:\Users\Aura\Desktop\Kouluhommat 2014-10-30 15:44 - 2013-07-11 05:18 - 00039424 _____ () C:\Users\Aura\Desktop\Palleroiden budjetti.xls 2014-10-28 06:34 - 2010-11-21 05:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-25 18:14 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-25 07:28 - 2012-01-07 06:26 - 00516982 _____ () C:\Windows\system32\perfh00B.dat 2014-10-25 07:28 - 2012-01-07 06:26 - 00115328 _____ () C:\Windows\system32\perfc00B.dat 2014-10-25 07:28 - 2009-07-14 07:13 - 01438326 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-17 10:19 - 2013-07-19 19:41 - 00000000 ____D () C:\Users\Default\AppData\Local\ifolor 2014-10-17 10:19 - 2013-07-19 19:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\ifolor 2014-10-17 10:19 - 2013-07-19 19:41 - 00000000 ____D () C:\Program Files (x86)\ifolor 2014-10-17 10:18 - 2013-05-27 18:57 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-17 10:13 - 2014-10-13 19:51 - 00000000 ___RD () C:\Users\Aura\Google Drive Some content of TEMP: ==================== C:\Users\Aura\AppData\Local\Temp\dllnt_dump.dll C:\Users\Aura\AppData\Local\Temp\Quarantine.exe C:\Users\Aura\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 15:33 ==================== End Of Log ============================ It seems I have used Farbar around 1 year ago so Addition.txt had one year old log and therefore I guess it is useless to copy-paste it here? If you need to have it, please guide me how I can get it as the current one is one year old.
-
Hi, Thanks for the fast reply. Step 4 and 5 worked fine. Here are the logs. JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.7 (11.08.2014:1) OS: Windows 7 Home Premium x64 Ran by Aura on to 13.11.2014 at 2:49:11,01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\partner" Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{2337969B-418A-4941-898C-299C7F7CA436} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{2F6741ED-865C-4C09-BC6F-09D464E896E2} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{5C24CE2C-48C4-4BC6-B498-8D15B6172E8B} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{78A137D1-44CA-49FE-8BEA-155012D65746} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{80C4CB2E-107D-4F0D-9896-E93D0309D7FD} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{8A82ED27-7EE1-45A3-823C-9E1004937C2E} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{AFD77737-70EA-4C9B-81BB-F54E8BF52EB6} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{BA9269B4-710C-4E5E-B6E4-FFF748A45805} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{D6FC361D-81D3-4BCA-BCED-350338C5444F} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{DC4B5A6C-8E1E-4BED-B0B8-58B9DE5D7072} Successfully deleted: [Empty Folder] C:\Users\Aura\appdata\local\{F01511C9-CF1A-4832-BB48-5E3C4FD9883B} ~~~ FireFox Emptied folder: C:\Users\Aura\AppData\Roaming\mozilla\firefox\profiles\ani7ov2f.default-1399713036171\minidumps [15 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on to 13.11.2014 at 2:54:51,38 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADW: # AdwCleaner v4.101 - Report created 13/11/2014 at 03:05:43 # Updated 09/11/2014 by Xplode # Database : 2014-11-07.1 [Local] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Aura - AURA-PC # Running from : C:\Users\Aura\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v33.1 (x86 fi) ************************* AdwCleaner[R0].txt - [980 octets] - [13/11/2014 03:02:34] AdwCleaner[R1].txt - [1039 octets] - [13/11/2014 03:03:57] AdwCleaner[s0].txt - [968 octets] - [13/11/2014 03:05:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1027 octets] ########## After the reboot, Windows opens and the log file opens. In around 5s I get a blue screen (has happened in the past couple weeks many times) and need to hard boot as after the blue screen it goes to boot menu or something like that where I am not able to choose anything and clicking Esc just makes the screen black and then back to the same boot menu. After pressing power putton for long time I am able to reboot properly. After that, I run MBAM like you instructed and same blue screen and same problemsn come after couple minutes of scanning. I repeat the hard boot. After that I am able to do the scan This is from MBAM: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 13.11.2014 Scan Time: 3:20:07 Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.13.01 Rootkit Database: v2014.11.12.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Aura Scan Type: Threat Scan Result: Completed Objects Scanned: 319852 Time Elapsed: 11 min, 11 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) I will post this here now in case I get a blue screen again. Will post the other stuff to a new post within 30min.
-
Hi, I followed the steps carefully and everything was fine until I was trying to run MBAM. It seems the software wasn't anymore installed (not any idea why, I havent removed it but it is my gf's laptop... anyway, I dont think she neither has) so I downloaded the latest version and istalled it. It installed all good but when I opened it as adminstrator, nothing happened. I waited for a while and tried again - nothing. I pressed ctrl+atl+del to check if it had any processes running - nope. Then I instaled mbam-clean.exe and run it. After that i rebooted my pc. Then I started again and got problems with ERUNT. I tried changing the folder but still same error message (before reboot it worked good): Warning! Error saving file C:\Users\Aura\Desktop\12.11.2014\BCD ! Continue with the next file? [RegCreateKeyEx: 5 - Käyttö estetty ] (käyttö estetty means access denied or using not possible) I clicked no as it had worked the last time. After that, I install MBAM again. Now I tried if it opens if I leave the "Open Mbam after installation" ticked. It did. Then I close the program and open it like you asked (as adminstrator). Then I completed the other steps and started the scan. It didn't find anything. Here is the log for MBAM: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12.11.2014 Scan Time: 3:52:18 Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.12.02 Rootkit Database: v2014.11.11.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Aura Scan Type: Threat Scan Result: Completed Objects Scanned: 319440 Time Elapsed: 7 min, 33 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Oh and here is the log for RKILL (before I had to reboot for the MBAM uninstall tool): Rkill 2.6.8 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 11/12/2014 03:22:36 AM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 11/12/2014 03:22:56 AM Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s) And here is the RKILL log I got after removing MBAM completely and starting again from step0: Rkill 2.6.8 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 11/12/2014 03:39:03 AM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 11/12/2014 03:39:21 AM Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s) Then I downloaded RogueKill (got harmful website information from F-Secure, even if I had closed F-Secure and didn't find any of its processes running when I checked with ctrl+alt+del). Anyway, was able to download it. I move it to desktop and open it as adminstrator and followed the instuctions. I didnt find any log file in the desktop so I just clicked on the "Report" tab from RogueKiller after the scan was finished. Here it is: RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Aura [Administrator] Mode : Scan -- Date : 11/12/2014 04:15:52 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 12 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3885904128-3305184429-1650825724-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.fujitsu.com/fts -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3885904128-3305184429-1650825724-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.fujitsu.com/fts -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 86.50.64.3 86.50.64.35 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 86.50.64.3 86.50.64.35 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 86.50.64.3 86.50.64.35 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F4172CB-8BCA-468E-B3BF-CB6BAC4CFC2D} | DhcpNameServer : 86.50.64.3 86.50.64.35 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8F4172CB-8BCA-468E-B3BF-CB6BAC4CFC2D} | DhcpNameServer : 86.50.64.3 86.50.64.35 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8F4172CB-8BCA-468E-B3BF-CB6BAC4CFC2D} | DhcpNameServer : 86.50.64.3 86.50.64.35 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 8 (Driver: Loaded) ¤¤¤ [Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk1\DR1 : \Driver\excsd @ \Device\excsd1 (\SystemRoot\system32\DRIVERS\excsd.sys) [Filter(Kernel.Filter)] \Driver\Disk @ \Device\excsd1 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\excsd.sys) [Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\excsd @ \Device\excsd0 (\SystemRoot\system32\DRIVERS\excsd.sys) [Filter(Kernel.Filter)] \Driver\Disk @ \Device\excsd0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\excsd.sys) [Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\0000007b (\SystemRoot\system32\drivers\iusb3xhc.sys) [iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateUserProcess : Unknown @ 0x172018 (jmp 0xffffffff89330298) [iAT:Inl] (firefox.exe @ kernel32.dll) ntdll.dll - NtCreateUserProcess : c:\program files (x86)\f-secure\hips\fshook32.dll @ 0x7274e3e0 (jmp 0x7272c3d4) [iAT:Inl] (firefox.exe @ api-ms-win-downlevel-advapi32-l1-1-0.dll) ntdll.dll - NtCreateUserProcess : c:\program files (x86)\f-secure\hips\fshook32.dll @ 0x7274e3e0 (jmp 0x7272c3d4) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: C400-MTFDDAK128MAM +++++ --- User --- [MBR] 63d8c4739a19a03b03b3cde5127ac846 [bSP] 73f1f01c1db669b7ae1e026b5519204e : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2048 MB 1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 4198400 | Size: 120053 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SanDisk SSD i100 32GB +++++ --- User --- [MBR] 1f72e1ba2c3f2c16e62c499550c3c1ec [bSP] c21cf27271a0350775cd42d50fdc92a0 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 2048 | Size: 8192 MB 1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 16779264 | Size: 22339 MB User = LL1 ... OK User = LL2 ... OK After the scan, RogueKiller opened this tab to Firefox: http://www.adlice.com/kernelmode-rootkits-part-3-kernel-filters/
-
Hi, Lately my gf's laptop has been crashing and the windows update wont work. Using e.g. Malwarebytes scan or F-Secure scan (which she is using now) crashes the computer at some point. ESET online scan also jammed. I would really appreciate if someone could help me as I dont know what to do now. Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014 Ran by Aura (administrator) on AURA-PC on 02-11-2014 00:25:50 Running from C:\Users\Aura\Desktop Loaded Profile: Aura (Available profiles: Aura) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: suomi (Suomi) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSMA32.EXE (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSHDLL32.EXE () C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSHDLL64.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FNRB32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FIH32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Atheros Communications) C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Spotify Ltd) C:\Users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe () C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe () C:\Program Files (x86)\FJ Camera\Monitor.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\common\FSM32.EXE (Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-06] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED) HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2012-01-17] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED) HKLM\...\Run: [LaCie Desktop Manager Launcher] => "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe" HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe [1020576 2012-02-23] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe [800416 2012-02-23] (Atheros Commnucations) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [indicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED) HKLM-x32\...\Run: [FJ Camera_Monitor] => C:\Program Files (x86)\FJ Camera\monitor.exe [275320 2011-04-29] () HKLM-x32\...\Run: [F-Secure TNB] => C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe [1826984 2013-02-04] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\Common\FSM32.EXE [349864 2013-02-04] (F-Secure Corporation) HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-12-11] (Fujitsu Technology Solutions) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-27] (Google Inc.) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [spotify Web Helper] => C:\Users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [spotify] => C:\Users\Aura\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [LaCie Desktop Manager Startup] => C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe [3460608 2012-10-10] () HKU\S-1-5-21-3885904128-3305184429-1650825724-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => No File ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => No File ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {B2E9CACA-0687-40F6-843E-89F38F8D1E25} => C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {B2E9CACA-0687-40F6-843E-89F38F8D1E25} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsu.com/fts HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu.com/fts HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH; HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH; SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 86.50.64.3 86.50.64.35 FireFox: ======== FF ProfilePath: C:\Users\Aura\AppData\Roaming\Mozilla\Firefox\Profiles\ani7ov2f.default-1399713036171 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bookplus-fi.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-fi.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-fi.xml Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) S4 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc) S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [225448 2013-02-04] (F-Secure Corporation) R3 F-Secure Network Request Broker; C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [218280 2013-02-04] (F-Secure Corporation) R2 fsdevcon; C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe [516776 2013-02-04] (F-Secure Corporation) R3 FSDFWD; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [850088 2013-02-04] (F-Secure Corporation) R2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [188584 2013-02-04] (F-Secure Corporation) R3 FSORSPClient; C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [60352 2013-11-03] (F-Secure Corporation) S4 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2012-01-17] (FUJITSU LIMITED) R2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [662104 2012-09-16] (Genie9) S4 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-03-07] (Intel Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) R2 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1379840 2012-10-10] () [File not signed] S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) S4 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed] S4 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED) S4 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [X] S4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [98816 2010-12-31] (ASIX Electronics Corp.) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [348560 2011-12-02] (EldoS Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) S4 F-Secure Filter; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41512 2013-02-04] () R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [203304 2014-06-11] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation) S4 F-Secure Recognizer; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [26792 2013-02-04] () R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-11-03] () R1 FSES; C:\Windows\System32\drivers\fses.sys [45480 2013-02-04] (F-Secure Corporation) R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [96168 2013-02-04] (F-Secure Corporation) R3 fsni; C:\Program Files (x86)\F-Secure\NIF\bin\fsni64.sys [89640 2014-07-09] (F-Secure Corporation) R1 fsvista; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [14504 2013-02-04] () R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-07] (Intel Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2613368 2012-02-08] (Sunplus Technology) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 00:22 - 2014-11-02 00:25 - 00022419 _____ () C:\Users\Aura\Desktop\FRST.txt 2014-11-02 00:22 - 2014-11-02 00:25 - 00000000 ____D () C:\FRST 2014-11-02 00:20 - 2014-11-02 00:20 - 02114048 _____ (Farbar) C:\Users\Aura\Desktop\FRST64.exe 2014-11-02 00:17 - 2014-11-02 00:17 - 00000000 ___RD () C:\Users\Aura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-10-31 17:10 - 2014-10-31 15:18 - 00018858 _____ () C:\Users\Aura\Documents\VARAUKSET_marraskuu14.doc_1_1.odt 2014-10-30 21:39 - 2014-10-30 19:38 - 00018897 _____ () C:\Users\Aura\Documents\VARAUKSET_marraskuu14.doc_1.odt 2014-10-29 17:04 - 2014-10-29 17:42 - 00088062 _____ () C:\Users\Aura\Desktop\Auran_Kandi.odt 2014-10-26 11:06 - 2014-10-26 11:06 - 00117456 _____ () C:\Users\Aura\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-26 11:05 - 2014-11-02 00:17 - 00002162 _____ () C:\Windows\setupact.log 2014-10-26 11:05 - 2014-10-26 11:05 - 00468936 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-26 11:05 - 2014-10-26 11:05 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-25 17:21 - 2014-10-25 17:21 - 00000000 _____ () C:\Users\Aura\AppData\Local\{5ACB0575-A6D6-4D38-B336-42B2FA1BB4B8} 2014-10-23 10:18 - 2014-11-02 00:17 - 00000512 _____ () C:\Windows\Tasks\Scheduled scanning task.job 2014-10-22 01:01 - 2014-10-23 10:17 - 00019032 _____ () C:\Users\Aura\Desktop\kandi ajatuksia.odt 2014-10-19 09:09 - 2014-10-18 12:34 - 00016874 _____ () C:\Users\Aura\Documents\VARAUKSET_lokakuu14.doc_0.odt 2014-10-13 19:51 - 2014-10-17 10:13 - 00000000 ___RD () C:\Users\Aura\Google Drive 2014-10-13 19:50 - 2014-10-13 19:50 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfe70e239f86ba.job 2014-10-13 19:49 - 2014-10-13 19:49 - 00880272 _____ (Google Inc.) C:\Users\Aura\Downloads\googledrivesync.exe 2014-10-13 10:05 - 2014-10-13 10:05 - 00106255 _____ () C:\Users\Aura\Desktop\Kopio henkilötieto 14.ods 2014-10-08 23:01 - 2014-10-08 23:02 - 00000022 _____ () C:\Users\Aura\Downloads\VL__pictures.zip 2014-10-08 07:28 - 2014-10-08 07:28 - 00000000 ____D () C:\Users\Aura\AppData\Local\{F01511C9-CF1A-4832-BB48-5E3C4FD9883B} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-02 00:24 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-02 00:24 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-02 00:20 - 2013-05-28 03:55 - 02009155 _____ () C:\Windows\WindowsUpdate.log 2014-11-02 00:18 - 2013-08-01 18:24 - 00000000 ____D () C:\Users\Aura\AppData\Roaming\Spotify 2014-11-02 00:18 - 2013-06-03 00:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-02 00:18 - 2013-05-27 19:06 - 00000000 ____D () C:\Users\Aura\Documents\Youcam 2014-11-02 00:17 - 2014-05-02 12:08 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt 2014-11-02 00:17 - 2013-05-27 18:57 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-02 00:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-01 23:58 - 2013-06-22 18:06 - 00000000 ____D () C:\Users\Aura\Tavaraa 2014-11-01 22:52 - 2013-05-27 18:57 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-01 17:39 - 2013-08-01 18:24 - 00000000 ____D () C:\Users\Aura\AppData\Local\Spotify 2014-10-31 22:58 - 2013-05-27 19:01 - 00000000 ____D () C:\Users\Aura\Documents\Bluetooth Folder 2014-10-31 19:48 - 2013-06-19 13:19 - 00000000 ____D () C:\Users\Aura\Desktop\Kouluhommat 2014-10-31 17:14 - 2013-10-02 09:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-31 17:14 - 2013-06-02 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-31 05:57 - 2014-09-08 12:17 - 00017834 _____ () C:\Users\Aura\Desktop\SynttäriOhjaajille_sopivat.odt 2014-10-30 20:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-30 15:44 - 2013-07-11 05:18 - 00039424 _____ () C:\Users\Aura\Desktop\Palleroiden budjetti.xls 2014-10-28 06:34 - 2010-11-21 05:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-26 22:51 - 2013-06-22 18:12 - 00000000 ____D () C:\Users\Aura\AppData\Roaming\vlc 2014-10-25 18:14 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-25 17:53 - 2013-05-27 18:58 - 00000000 ____D () C:\Users\Aura 2014-10-25 07:28 - 2012-01-07 06:26 - 00516982 _____ () C:\Windows\system32\perfh00B.dat 2014-10-25 07:28 - 2012-01-07 06:26 - 00115328 _____ () C:\Windows\system32\perfc00B.dat 2014-10-25 07:28 - 2009-07-14 07:13 - 01438326 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-17 10:19 - 2013-07-19 19:41 - 00000000 ____D () C:\Users\Default\AppData\Local\ifolor 2014-10-17 10:19 - 2013-07-19 19:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\ifolor 2014-10-17 10:19 - 2013-07-19 19:41 - 00000000 ____D () C:\Program Files (x86)\ifolor 2014-10-17 10:18 - 2013-05-27 18:57 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-15 08:42 - 2009-07-14 07:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-13 19:50 - 2013-05-27 19:10 - 00000000 ____D () C:\Users\Aura\AppData\Local\Google 2014-10-03 03:11 - 2014-06-19 21:04 - 00000184 _____ () C:\error.fstmp 2014-10-03 03:07 - 2014-06-19 21:04 - 00000000 _____ () C:\infect.fstmp ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 19:18 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013 Ran by Aura at 2013-11-01 02:20:21 Running from C:\Users\Aura\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: F-Secure Client Security 10.00 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17} AS: F-Secure Client Security 10.00 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: F-Secure Client Security 10.00 (Disabled) {2D7AC0A6-6241-D774-E168-461178D9686C} ==================== Installed Programs ====================== 2007 Office Systemin yhteensopivuuspaketti (x32 Version: 12.0.6612.1000) ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader X (10.1.8) - Suomi (x32 Version: 10.1.8) Atheros Bluetooth Suite (64) (Version: 7.4.0.125) Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 10.0) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) CyberLink YouCam 5 (x32 Version: 5.0.1521) D3DX10 (x32 Version: 15.4.2368.0902) DeskUpdate (x32 Version: 4.14.0122) DirectVobSub 2.41.7259 (5d3641a) Beta (x32 Version: 2.41.7259) EPSON SX235 Series Printer Uninstall ExpressCache (Version: 1.0.86) FJ Camera (x32 Version: 3.3.6.11) F-Secure Client Security - Browsing protection (x32 Version: 2.00.349) F-Secure Client Security - DeepGuard (x32 Version: 4.10.210) F-Secure Client Security - Device control (x32 Version: 1.00.17478) F-Secure Client Security - E-Mail Scanning (x32 Version: 6.00.525) F-Secure Client Security - Internet Shield (x32 Version: 6.29) F-Secure Client Security - Web traffic scanning (x32 Version: 3.00.339) F-Secure Client Security - Virus & Spy Protection (x32 Version: 9.50.19031) Fujitsu Hotkey Utility (x32 Version: 3.70.0.0) Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.002) Fujitsu MobilityCenter Extension Utility (x32 Version: 3.01.00.002) Fujitsu System Extension Utility (Version: 3.4.5.0) Fujitsu System Extension Utility (x32 Version: 3.4.5.0) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54) Google Update Helper (x32 Version: 1.3.21.165) ifolor Designer (x32 Version: 3.2.8.0) Intel® Management Engine Components (x32 Version: 8.0.3.1427) Intel® OpenCL CPU Runtime (x32) Intel® Processor Graphics (x32 Version: 8.15.10.2696) Intel® Rapid Start Technology (x32 Version: 1.0.0.1022) Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032) Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214) Intel® Trusted Connect Service Client (Version: 1.23.605.1) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Junk Mail filter update (x32 Version: 15.4.3502.0922) LIFEBOOK Application Panel (Version: 8.3.2.0) LIFEBOOK Application Panel (x32 Version: 8.3.2.0) Malwarebytes Anti-Malware versio 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 365 Home Premium - fi-fi (Version: 15.0.4535.1511) Microsoft Office Starter 2010 - suomi (x32 Version: 14.0.4763.1007) Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0) Microsoft Officen pika-asennus 2010 (Version: 14.0.4763.1007) Microsoft Officen pika-asennus 2010 (x32 Version: 14.0.4763.1007) Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SkyDrive (HKCU Version: 17.0.2015.0811) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Tallenna PDF-muodossa -apuohjelma 2007 Microsoft Office -ohjelmiin (x32 Version: 12.0.4518.1021) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 24.0 (x86 fi) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511) Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1511) Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511) OpenOffice 4.0.1 (x32 Version: 4.01.9714) Plugfree NETWORK (Version: 6.2.0.1) Plugfree NETWORK (Version: 6.2.001) Power Saving Utility (x32 Version: 32.01.10.039) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6505) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30129) Skype™ 6.5 (x32 Version: 6.5.158) Spotify (HKCU Version: 0.9.4.185.g7545a404) Synaptics Pointing Device Driver (Version: 15.3.44.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Fotogalleri (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2) Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922) Windows Liven sähköposti (x32 Version: 15.4.3502.0922) Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) Windows Mobile Device Updater Component (Version: 04.08.2345.00) VLC media player 2.0.8 (x32 Version: 2.0.8) Zune (Version: 04.08.2345.00) Zune Language Pack (CHS) (Version: 04.08.2345.00) Zune Language Pack (CHT) (Version: 04.08.2345.00) Zune Language Pack (CSY) (Version: 04.08.2345.00) Zune Language Pack (DAN) (Version: 04.08.2345.00) Zune Language Pack (DEU) (Version: 04.08.2345.00) Zune Language Pack (ELL) (Version: 04.08.2345.00) Zune Language Pack (ESP) (Version: 04.08.2345.00) Zune Language Pack (FIN) (Version: 04.08.2345.00) Zune Language Pack (FRA) (Version: 04.08.2345.00) Zune Language Pack (HUN) (Version: 04.08.2345.00) Zune Language Pack (IND) (Version: 04.08.2345.00) Zune Language Pack (ITA) (Version: 04.08.2345.00) Zune Language Pack (JPN) (Version: 04.08.2345.00) Zune Language Pack (KOR) (Version: 04.08.2345.00) Zune Language Pack (MSL) (Version: 04.08.2345.00) Zune Language Pack (NLD) (Version: 04.08.2345.00) Zune Language Pack (NOR) (Version: 04.08.2345.00) Zune Language Pack (PLK) (Version: 04.08.2345.00) Zune Language Pack (PTB) (Version: 04.08.2345.00) Zune Language Pack (PTG) (Version: 04.08.2345.00) Zune Language Pack (RUS) (Version: 04.08.2345.00) Zune Language Pack (SVE) (Version: 04.08.2345.00) Основные компоненты Windows Live (x32 Version: 15.4.3502.0922) Почта Windows Live (x32 Version: 15.4.3502.0922) Фотоальбом Windows Live (x32 Version: 15.4.3502.0922) Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2) ==================== Restore Points ========================= 22-10-2013 13:10:30 Windows Update 29-10-2013 12:22:40 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {34915FCD-FAFC-450F-B4B6-5BAD18F04E32} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-06] (Microsoft Corporation) Task: {353C79F2-2710-47EE-9EAC-3A04F0D6A2EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.) Task: {35EF3362-319D-4FA6-9986-3882D3C7A000} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {4A5DDF55-3C2F-4145-BA3D-79BCD3C6A819} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-03-07] (Intel) Task: {55CDC98B-69A1-47F8-95B5-818EBB8B2AE9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {7637CEFD-0A3A-4C1F-8064-4BA61379C4EC} - System32\Tasks\Fujitsu\DeskUpdate => C:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-05-17] (Fujitsu Technology Solutions) Task: {8BC5A12B-F548-4B61-917D-4CA55461105A} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\F-Secure\Anti-Virus\fsav.exe [2013-02-04] (F-Secure Corporation) Task: {A42B4098-58B8-4016-9213-3A69D76482DA} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {C082F87D-D3A8-45C3-A8F4-160887E3F1F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {CD9D890E-6E39-45C3-AAAC-4041665D8A5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\F-Secure\ANTI-V~1\fsav.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-02 09:48 - 2013-10-02 09:48 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-10-09 18:19 - 2013-10-09 18:19 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/01/2013 01:46:33 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/01/2013 01:41:58 AM) (Source: Application Error) (User: ) Description: Viallisen sovelluksen nimi: fsdfwd.exe, versio: 6.29.134.0, aikaleima: 0x510fa1ea Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.18247, aikaleima: 0x521eaf24 Poikkeuskoodi: 0xc0000005 Virhepoikkeama: 0x0000000000018e4b Viallisen prosessin tunnus: 0x124c Viallisen sovelluksen käynnistysaika: 0xfsdfwd.exe0 Viallisen sovelluksen polku: fsdfwd.exe1 Viallisen moduulin polku: fsdfwd.exe2 Raportin tunnus: fsdfwd.exe3 Error: (11/01/2013 01:41:49 AM) (Source: Microsoft Security Client Setup) (User: Aura-PC) Description: HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A. Error: (11/01/2013 01:39:16 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/01/2013 01:37:58 AM) (Source: Application Error) (User: ) Description: Windows ei voi käyttää tiedostoa C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dll jostakin seuraavista syistä: verkkoyhteydessä, tiedoston tallennuslevyssä tai tietokoneeseen asennetuissa tallennusohjaimissa on ilmennyt ongelma, tai levy puuttuu. Windows on sulkenut ohjelman F-Secure Internet Shield daemon (64 bit) tämän virheen vuoksi. Ohjelma: F-Secure Internet Shield daemon (64 bit) Tiedosto: C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dll Virhearvo on nähtävissä Lisätiedot-osan luettelossa. Käyttäjän toimi 1. Avaa tiedosto uudelleen. Tämä tilanne saattaa olla tilapäinen ongelma, joka korjautuu itsestään, kun ohjelma suoritetaan uudelleen. 2. Jos tiedostoa ei edelleenkään voi käyttää ja - se on verkossa, järjestelmänvalvojasi tulee vahvistaa, että ongelma ei liity verkkoon ja että yhteyden muodostaminen palvelimeen onnistuu. - se on siirrettävässä tallennusvälineessä, esimerkiksi levykkeellä tai CD-levyllä, tarkista, että tallennusväline on asetettu tietokoneeseen oikein. 3. Tarkista ja korjaa tiedostojärjestelmä suorittamalla CHKDSK. Suorita CHKDSK napsauttamalla Käynnistä-painiketta ja valitsemalla Suorita, kirjoittamalla CMD ja valitsemalla sitten OK. Kirjoita komentokehotteeseen CHKDSK /F ja paina ENTER-näppäintä. 4. Jos ongelma ei poistu, palauta tiedosto varmuuskopiosta. 5. Tarkista, voiko saman levyn muita tiedostoja avata. Jos avaaminen ei onnistu, levy saattaa olla vioittunut. Jos kyseessä on kiintolevy, ota yhteyttä järjestelmänvalvojaan tai tietokoneen toimittajaan lisätietojen saamiseksi. Lisätiedot Virhearvo: C0000185 Levyn tyyppi: 3 Error: (11/01/2013 01:37:58 AM) (Source: Application Error) (User: ) Description: Viallisen sovelluksen nimi: fsdfwd.exe, versio: 6.29.134.0, aikaleima: 0x510fa1ea Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.18247, aikaleima: 0x521eaf24 Poikkeuskoodi: 0xc0000006 Virhepoikkeama: 0x0000000000018f56 Viallisen prosessin tunnus: 0xe08 Viallisen sovelluksen käynnistysaika: 0xfsdfwd.exe0 Viallisen sovelluksen polku: fsdfwd.exe1 Viallisen moduulin polku: fsdfwd.exe2 Raportin tunnus: fsdfwd.exe3 Error: (11/01/2013 01:35:46 AM) (Source: Microsoft Security Client Setup) (User: Aura-PC) Description: HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11. Error: (11/01/2013 01:31:53 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/01/2013 01:28:15 AM) (Source: Application Error) (User: ) Description: Windows ei voi käyttää tiedostoa C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dll jostakin seuraavista syistä: verkkoyhteydessä, tiedoston tallennuslevyssä tai tietokoneeseen asennetuissa tallennusohjaimissa on ilmennyt ongelma, tai levy puuttuu. Windows on sulkenut ohjelman F-Secure Internet Shield daemon (64 bit) tämän virheen vuoksi. Ohjelma: F-Secure Internet Shield daemon (64 bit) Tiedosto: C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dll Virhearvo on nähtävissä Lisätiedot-osan luettelossa. Käyttäjän toimi 1. Avaa tiedosto uudelleen. Tämä tilanne saattaa olla tilapäinen ongelma, joka korjautuu itsestään, kun ohjelma suoritetaan uudelleen. 2. Jos tiedostoa ei edelleenkään voi käyttää ja - se on verkossa, järjestelmänvalvojasi tulee vahvistaa, että ongelma ei liity verkkoon ja että yhteyden muodostaminen palvelimeen onnistuu. - se on siirrettävässä tallennusvälineessä, esimerkiksi levykkeellä tai CD-levyllä, tarkista, että tallennusväline on asetettu tietokoneeseen oikein. 3. Tarkista ja korjaa tiedostojärjestelmä suorittamalla CHKDSK. Suorita CHKDSK napsauttamalla Käynnistä-painiketta ja valitsemalla Suorita, kirjoittamalla CMD ja valitsemalla sitten OK. Kirjoita komentokehotteeseen CHKDSK /F ja paina ENTER-näppäintä. 4. Jos ongelma ei poistu, palauta tiedosto varmuuskopiosta. 5. Tarkista, voiko saman levyn muita tiedostoja avata. Jos avaaminen ei onnistu, levy saattaa olla vioittunut. Jos kyseessä on kiintolevy, ota yhteyttä järjestelmänvalvojaan tai tietokoneen toimittajaan lisätietojen saamiseksi. Lisätiedot Virhearvo: C0000185 Levyn tyyppi: 3 Error: (11/01/2013 01:28:14 AM) (Source: Application Error) (User: ) Description: Viallisen sovelluksen nimi: fsdfwd.exe, versio: 6.29.134.0, aikaleima: 0x510fa1ea Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.18247, aikaleima: 0x521eaf24 Poikkeuskoodi: 0xc0000006 Virhepoikkeama: 0x0000000000018f56 Viallisen prosessin tunnus: 0xe04 Viallisen sovelluksen käynnistysaika: 0xfsdfwd.exe0 Viallisen sovelluksen polku: fsdfwd.exe1 Viallisen moduulin polku: fsdfwd.exe2 Raportin tunnus: fsdfwd.exe3 System errors: ============= Error: (11/01/2013 02:19:52 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Error: (11/01/2013 02:19:52 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Error: (11/01/2013 02:19:32 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Error: (11/01/2013 02:19:32 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Error: (11/01/2013 02:19:32 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Error: (11/01/2013 02:19:32 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Error: (11/01/2013 02:18:32 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Error: (11/01/2013 02:18:32 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Error: (11/01/2013 02:18:32 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Error: (11/01/2013 02:18:32 AM) (Source: Service Control Manager) (User: ) Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1068 Microsoft Office Sessions: ========================= Error: (11/01/2013 01:46:33 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/01/2013 01:41:58 AM) (Source: Application Error)(User: ) Description: fsdfwd.exe6.29.134.0510fa1eantdll.dll6.1.7601.18247521eaf24c00000050000000000018e4b124c01ced6923bc8921eC:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exeC:\Windows\SYSTEM32\ntdll.dll07adde78-4286-11e3-80b2-24ec99395ac6 Error: (11/01/2013 01:41:49 AM) (Source: Microsoft Security Client Setup)(User: Aura-PC) Description: HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A. Error: (11/01/2013 01:39:16 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/01/2013 01:37:58 AM) (Source: Application Error)(User: ) Description: C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dllF-Secure Internet Shield daemon (64 bit)C00001853 Error: (11/01/2013 01:37:58 AM) (Source: Application Error)(User: ) Description: fsdfwd.exe6.29.134.0510fa1eantdll.dll6.1.7601.18247521eaf24c00000060000000000018f56e0801ced6922927a460C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exeC:\Windows\SYSTEM32\ntdll.dll787b2c82-4285-11e3-80b2-24ec99395ac6 Error: (11/01/2013 01:35:46 AM) (Source: Microsoft Security Client Setup)(User: Aura-PC) Description: HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11. Error: (11/01/2013 01:31:53 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/01/2013 01:28:15 AM) (Source: Application Error)(User: ) Description: C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dllF-Secure Internet Shield daemon (64 bit)C00001853 Error: (11/01/2013 01:28:14 AM) (Source: Application Error)(User: ) Description: fsdfwd.exe6.29.134.0510fa1eantdll.dll6.1.7601.18247521eaf24c00000060000000000018f56e0401ced690d70c38dcC:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exeC:\Windows\SYSTEM32\ntdll.dll1cf1b006-4284-11e3-afb4-24ec99395ac6 CodeIntegrity Errors: =================================== Date: 2013-11-01 01:37:31.384 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-01 01:28:04.368 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 23:05:02.434 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 22:54:36.025 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 22:06:00.271 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 21:49:15.700 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 21:42:04.711 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 21:38:16.747 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 21:30:09.747 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-31 21:23:27.747 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 3956.1 MB Available physical RAM: 3136.18 MB Total Pagefile: 7910.38 MB Available Pagefile: 7154.25 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:100 GB) (Free:14.72 GB) NTFS Drive d: (Data) (Fixed) (Total:2.23 GB) (Free:1.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 82186852) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=117 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 30 GB) (Disk ID: 984CEDD0) Partition 1: (Not Active) - (Size=8 GB) - (Type=84) Partition 2: (Not Active) - (Size=22 GB) - (Type=73) ==================== End Of Log ============================
-
PUPs and Windows going to bluescreen after opening F-secure
ura replied to ura's topic in Resolved Malware Removal Logs
Okay to close the thread. Thanks a million. Also, really good tips. Need to install some of that stuff also to my own computer All the best to you! -
PUPs and Windows going to bluescreen after opening F-secure
ura replied to ura's topic in Resolved Malware Removal Logs
I mean I uninstalled Office 2010. -
PUPs and Windows going to bluescreen after opening F-secure
ura replied to ura's topic in Resolved Malware Removal Logs
Sorry for the late response. I saw that she had tried to install Office 2010. I just deleted it since she hadn't bought it so it was useless. Not that Q: went away. So everything should be fixed now? At least it runs smoothly now. Thanks a million! -
PUPs and Windows going to bluescreen after opening F-secure
ura replied to ura's topic in Resolved Malware Removal Logs
Okay, did all you asked. Here is the log: Yes HKCU:Run EPSON2F1349 (Epson Stylus SX235) SEIKO EPSON CORPORATION C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU "C:\Users\Aura\AppData\Local\Temp\E_S43D4.tmp" /EF "HKCU" Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun Yes HKCU:Run Spotify Spotify Ltd "C:\Users\Aura\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart Yes HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" Yes HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Yes HKLM:Run AthBtTray Atheros Commnucations "C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" Yes HKLM:Run AtherosBtStack Atheros Communications "C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" Yes HKLM:Run DeskUpdateNotifier Fujitsu Technology Solutions "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" Yes HKLM:Run F-Secure Manager F-Secure Corporation "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash Yes HKLM:Run F-Secure TNB F-Secure Corporation "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW Yes HKLM:Run FJ Camera_Monitor Sunplus Innovation Technology Inc. C:\Program Files (x86)\FJ Camera\monitor.exe Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe Yes HKLM:Run IndicatorUtility FUJITSU LIMITED "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" Yes HKLM:Run LoadBtnHnd FUJITSU LIMITED "C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe" Yes HKLM:Run LoadFUJ02E3 FUJITSU LIMITED "C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe" Yes HKLM:Run LoadFujitsuQuickTouch FUJITSU LIMITED "C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe Yes HKLM:Run PSUTility FUJITSU LIMITED C:\Program Files\Fujitsu\PSUtility\TrayManager.exe Yes HKLM:Run RtHDVBg_DTS Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P Yes HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" Yes HKLM:Run YouCam Service CyberLink Corp. "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s Yes HKLM:Run Zune Launcher Microsoft Corporation "C:\Program Files\Zune\ZuneLauncher.exe" Everything seems to work fine but when I open My Computer there is System (C:), Data (D:) and one wierd thing: Microsoft Office (2010) pika-asennus (suojattu) (Q:). There isnt any DVD/CD station in the whole laptop and no USB drives attached, except Logitech wireless mouse adapter. Pika-asennus means fast install (or something like that) and suojattu means protected or locked. When I look at it, it shows that the size is 0kb. When I click right, go to Properties->Security, it says that I have to have admin rights to continue and I can click continue in order to continue. -
PUPs and Windows going to bluescreen after opening F-secure
ura replied to ura's topic in Resolved Malware Removal Logs
What do you mean with this? Should I just pay attention to what you say under this sentence: "OK, we continue:"?