Jump to content

Search the Community

Showing results for tags 'runtime'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 12 results

  1. Hello. I tried to udpate my father's old computer with Malware Bytes 3 (mb3-setup-consumer-3.3.1.2183.exe). When trying to install, after selecting the language, it fails with a "Runtime error (at 352:120): Invalid floating point operation." The PC had a much older version which I removed using "mb-clean-3.1.0.1031.exe". Ran it as administrator per some instructions on another post. This prompted a reboot and installation of the new MB 3. When it failed with above error, I think another message popped up with instructions to grab the file created on my desktop: mb-clean-results.txt. File attached. I read that MBAM 3 still supports PCs on Windows XP. Here is the XP info from the PC: Windows XP Home Edition, Version 2002, Service Pack 3 The PC is an eMachines T3092 with AMD Athalon XP 3000+ 2.17 GHz processor and 2 GB RAM Any advice on how to load MB 3 would be very appreciated. Thank you. Rick mb-clean-results.txt
  2. After downloading malwarebytes and running the setup, during installation, right after I choose my preferred language , the message ''Runtime Error (at 47:120)" appears. I have tried to fix it, I even checked the forum but I found no help. I have tried completely uninstalling malwarebytes with your removal program, rebooting and reinstalling it right after but I still get the message "Runtime Error (at 47:120)". A way to solve this would be appreciated. Thanks for your time
  3. Hi, as the title says, I can't reinstall Malwarebytes. It all began, when I was installing Brutal Doom addon. I saw that for some reason, the wallpaper was pure black. I was scared and first thing I thought to do was to scan my laptop with Malwarebytes. It failed, because when I tried to run it i got "runtime error 92:137 - could not call proc" error. I tried to uninstall it, but..... "runtime error 92:137 - could not call proc". I used the mbam-clean.exe to uninstall it. Meanwhile, I downloaded setup for Malwarebytes. When the laptop rebooted, I opened the setup and... " runtime error 92:137 - could not call proc ". This seemed weird to me, so I searched about it in google. I saw "Can't install malwarebytes, run Firefox." topic. As TwinHeadedEagle said in this topic, I downloaded ADW Cleaner and scanned everything. Here's what I got: # AdwCleaner v5.119 - raport utworzono 10/06/2016 o 12:29:30 # Ostatnia aktualizacja 30/05/2016 przez Xplode # Baza danych : 2016-06-07.1 [z serwera] # System operacyjny : Windows 7 Home Premium Service Pack 1 (X86) # Nazwa użytkownika : Bartek - MACIEK-KOMPUTER # Lokalizacja programu : C:\Users\Bartek\Downloads\AdwCleaner.exe # Działanie : Usuń # Pomoc techniczna : http://toolslib.net/forum ***** [ Usługi ] ***** [-] Usługa usunięto : Partner Service ***** [ Foldery ] ***** [-] Folder usunięto : C:\ProgramData\MiniApp [-] Folder usunięto : C:\ProgramData\Partner [-] Folder usunięto : C:\ProgramData\SNT [-] Folder usunięto : C:\ProgramData\StarApp [-] Folder usunięto : C:\ProgramData\ytd video downloader [#] Folder usunięto : C:\ProgramData\Application Data\MiniApp [#] Folder usunięto : C:\ProgramData\Application Data\Partner [#] Folder usunięto : C:\ProgramData\Application Data\SNT [#] Folder usunięto : C:\ProgramData\Application Data\StarApp [#] Folder usunięto : C:\ProgramData\Application Data\ytd video downloader [-] Folder usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Play [-] Folder usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader [-] Folder usunięto : C:\Program Files\BabylonToolbar [-] Folder usunięto : C:\Program Files\GreenTree Applications [-] Folder usunięto : C:\Program Files\sitefinder [-] Folder usunięto : C:\Program Files\Uniblue [-] Folder usunięto : C:\Users\Maciek i Bartek\Qtrax [-] Folder usunięto : C:\Users\Maciek i Bartek\AppData\Local\torch [-] Folder usunięto : C:\Users\Bartek\AppData\Local\StormFall [-] Folder usunięto : C:\Users\Bartek\AppData\Local\torch [-] Folder usunięto : C:\Users\Bartek\AppData\Local\28050 [-] Folder usunięto : C:\Users\Bartek\AppData\LocalLow\AVG Secure Search [-] Folder usunięto : C:\Users\Bartek\AppData\Roaming\SendSpace [-] Folder usunięto : C:\Users\Bartek\AppData\Roaming\YourFileDownloader [-] Folder usunięto : C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop [-] Folder usunięto : C:\Users\Dorota\AppData\Local\torch ***** [ Pliki ] ***** [-] Plik usunięto : C:\Users\Bartek\AppData\Local\Temp\OptimizerPro.exe [-] Plik usunięto : C:\Users\Bartek\AppData\Roaming\LiveSupport.exe_log.txt [-] Plik usunięto : C:\Users\Bartek\AppData\Roaming\regsvr32.exe_log.txt [-] Plik usunięto : C:\Users\Maciek i Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\uv9uzuf2.default-1365018733572\invalidprefs.js [-] Plik usunięto : C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\ej67stx4.default\invalidprefs.js [-] Plik usunięto : C:\Users\Dorota\AppData\Roaming\Mozilla\Firefox\Profiles\5cjiq80c.default\invalidprefs.js ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Skróty ] ***** ***** [ Zaplanowane zadania ] ***** ***** [ Rejestr ] ***** [-] Klucz usunięto : HKCU\Software\Classes\Applications\lollipop.exe [-] Klucz usunięto : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll [-] Klucz usunięto : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL [-] Klucz usunięto : HKCU\Software\5353d9ddb03ce815 [-] Wartość usunięto : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}] [-] Klucz usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr [-] Klucz usunięto : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 [-] Klucz usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho [-] Klucz usunięto : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Prod.cap [-] Klucz usunięto : HKLM\SOFTWARE\Classes\speedupmypc [-] Klucz usunięto : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} [-] Klucz usunięto : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1} [-] Klucz usunięto : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} [-] Klucz usunięto : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} [-] Klucz usunięto : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} [-] Klucz usunięto : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} [-] Klucz usunięto : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} [-] Klucz usunięto : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} [-] Klucz usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} [-] Klucz usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} [-] Klucz usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Klucz usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} [-] Klucz usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} [-] Wartość usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] [-] Klucz usunięto : HKCU\Software\AVG Secure Search [-] Klucz usunięto : HKCU\Software\dobreprogramy [-] Klucz usunięto : HKCU\Software\VIS [-] Klucz usunięto : HKCU\Software\YourFileDownloader [-] Klucz usunięto : HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I [-] Klucz usunięto : HKCU\Software\WIN [-] Klucz usunięto : HKCU\Software\GreenTree Applications\YTD [-] Klucz usunięto : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [-] Klucz usunięto : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [-] Klucz usunięto : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [-] Klucz usunięto : HKLM\SOFTWARE\Babylon [-] Klucz usunięto : HKLM\SOFTWARE\SiteFinder [-] Klucz usunięto : HKLM\SOFTWARE\SP Global [-] Klucz usunięto : HKLM\SOFTWARE\StrongSignal [-] Klucz usunięto : HKLM\SOFTWARE\SupDp [-] Klucz usunięto : HKLM\SOFTWARE\Uniblue [-] Klucz usunięto : HKLM\SOFTWARE\YourFileDownloader [-] Klucz usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop [-] Klucz usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} [-] Klucz usunięto : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly [-] Klucz usunięto : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3916604919-2912353607-3506189148-1004\Software\AVG Secure Search [-] Klucz usunięto : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3916604919-2912353607-3506189148-1004\Software\BabylonToolbar [-] Klucz usunięto : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3916604919-2912353607-3506189148-1004\Software\Mega Browse [-] Klucz usunięto : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3916604919-2912353607-3506189148-1004\Software\SweetIM [-] Klucz usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Klucz usunięto : HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ROC_roc_ssl_v12 [-] Klucz usunięto : HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt [-] Klucz usunięto : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Partner Service ***** [ Przeglądarki internetowe ] ***** [-] [C:\Users\Maciek i Bartek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] usunięto : hxxp://www.sweet-page.com/?type=hp&ts=1424952572&from=cor&uid=SAMSUNGXHM500JI_S20CJD0SB69479 ************************* :: Usunięto klucz "Tracing" :: Zresetowano ustawienia Winsock ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [10639 bajty] - [10/06/2016 12:29:30] C:\AdwCleaner\AdwCleaner[S1].txt - [11642 bajty] - [10/06/2016 12:20:23] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10787 bajty] ########## Plik is file, klucz is key, wartość is value and usunięto means deleted. And it still doesn't work. Thanks for any help i'll get.
  4. I'm trying to install antimalaware on my laptop (Lenovo Thinkpad E530, so Windows 10 PRO x64 eng) but every time i try to run it it gives me this error runtime error (at 79:100) Could not call proc. I though that was for some malware or similar, so i run 4 different programs to scan all my drives, anti rootkit and so on, but nothing come out. I've re installed all vcredist and .NET framework (after looking on google, for some people it worked, but not for me) I tried to run the installer shutting down both avira and windows defender (still nothing) someone can help me? i tried all solution google gave me!
  5. Hi all, Following these topics: https://forums.malwarebytes.org/index.php?/topic/169779-cant-install-malwarebytes/ http://www.bleepingcomputer.com/forums/t/579690/cleaning-up-pc-after-picexaviewer-virus-attack/ I'm posting here a new topic by 1PW's advice. All the info you need is there about my issue. And now for the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01Ran by sofia_d (administrator) on SOFIA on 01-07-2015 22:40:35Running from C:\Documents and Settings\sofia_d\desktopLoaded Profiles: sofia_d (Available Profiles: sofia_d & Administrator)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 6 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Logitech Inc.) C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe(Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE(Logitech Inc.) C:\Program Files\Logitech\Video\CameraAssistant.exe(Logitech Inc.) C:\WINDOWS\system32\ElkCtrl.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe(Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe(LogMeIn, Inc.) C:\secure\x86\LMIGuardianSvc.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [225280 2005-12-09] (Logitech Inc.)HKLM\...\Run: [LogitechCameraAssistant] => C:\Program Files\Logitech\Video\CameraAssistant.exe [489472 2005-12-07] (Logitech Inc.)HKLM\...\Run: [LogitechCameraService(E)] => C:\WINDOWS\system32\ElkCtrl.exe [262144 2004-11-01] (Logitech Inc.)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-10] (Realtek Semiconductor Corp.)HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-20] (Avast Software s.r.o.)Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2011-01-26] (ATI Technologies Inc.)HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [LDM] => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [32768 2011-01-08] (Logitech)HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)HKU\S-1-5-21-515967899-583907252-682003330-1003\...\MountPoints2: {be372b5f-87be-11e0-8495-002618a3a436} - F:\KODAK_Software_Downloader.exeStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-01-08]ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-20] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=homeHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/URLSearchHook: HKU\S-1-5-21-515967899-583907252-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: bw+0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw+0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw-0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw-0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw00 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw00s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw10 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw10s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw20 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw20s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw30 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw30s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw40 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw40s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw50 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw50s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw60 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw60s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw70 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw70s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw80 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw80s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw90 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bw90s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwa0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwa0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwb0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwb0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwc0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwc0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwd0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwd0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwe0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwe0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwf0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwf0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwg0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwg0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwh0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwh0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwi0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwi0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwj0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwj0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwk0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwk0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwl0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwl0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwm0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwm0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwn0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwn0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwo0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwo0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwp0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwp0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwq0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwq0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwr0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwr0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bws0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bws0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwt0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwt0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwu0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwu0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwv0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwv0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bww0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bww0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwx0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwx0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwy0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwy0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwz0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: bwz0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)Handler: offline-8876480 - {549F974D-7733-4E30-8139-FE232E9AF0C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc. )Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 10.0.0.138Tcpip\..\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773}: [DhcpNameServer] 10.0.0.138 FireFox:========FF ProfilePath: C:\Documents and Settings\sofia_d\Application Data\Mozilla\Firefox\Profiles\nzfyl4dt.defaultFF DefaultSearchEngine: GoogleFF SelectedSearchEngine: delta-homesFF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml [2015-04-07]FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml [2015-04-07]FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2015-04-07]FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml [2015-04-07]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-18]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-20] Chrome: =======CHR Profile: C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (YouTube) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]CHR Extension: (Adblock Plus) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-17]CHR Extension: (Google Search) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]CHR Extension: (Avast Online Security) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-22]CHR Extension: (Default) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2011-01-11]CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]CHR Extension: (Google Wallet) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]CHR Extension: (Gmail) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-20]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-20]StartMenuInternet: chrome.exe - c:\documents and settings\sofia_d\local settings\application data\google\chrome\application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-20] (Avast Software s.r.o.)R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]R2 LMIGuardianSvc; C:\secure\x86\LMIGuardianSvc.exe [375120 2014-07-19] (LogMeIn, Inc.)R2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [81920 2005-12-09] (Logitech Inc.) [File not signed]S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-18] (SolidWorks) [File not signed]R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-18] ()R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-06-20] ()R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-06-20] (Avast Software s.r.o.)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-06-20] (Avast Software s.r.o.)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-06-20] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-06-20] (Avast Software s.r.o.)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-06-20] (Avast Software s.r.o.)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-06-20] ()S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)S3 eapihdrv; C:\Documents and Settings\sofia_d\Local Settings\Temp\ehdrv.sys [135760 2015-06-25] (ESET)S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)R3 Lvckap; C:\WINDOWS\system32\drivers\Lvckap.sys [2174464 2005-12-09] () [File not signed]S3 lvmvdrv; C:\WINDOWS\system32\drivers\lvmvdrv.sys [2400256 2005-12-09] () [File not signed]R3 LVPrcMon; C:\WINDOWS\system32\drivers\LVPrcMon.sys [16768 2005-12-09] () [File not signed]R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [39424 2005-12-06] (Logitech Inc.)R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [100456 2010-11-12] (NVIDIA Corporation)R3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [7136 2005-12-06] (Logitech Inc.)R3 PID_08A0; C:\WINDOWS\System32\DRIVERS\LV302AV.SYS [916096 2005-12-06] (Logitech Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-01 22:40 - 2015-07-01 22:41 - 00032648 _____ C:\Documents and Settings\sofia_d\desktop\FRST.txt2015-07-01 22:37 - 2015-07-01 22:37 - 01636352 _____ (Farbar) C:\Documents and Settings\sofia_d\desktop\FRST.exe2015-06-28 23:02 - 2015-06-28 23:02 - 00010799 _____ C:\WINDOWS\setupapi.log2015-06-28 23:02 - 2015-06-28 23:02 - 00000041 _____ C:\WINDOWS\setupact.log2015-06-28 23:02 - 2015-06-28 23:02 - 00000000 _____ C:\WINDOWS\setuperr.log2015-06-27 20:51 - 2015-06-27 20:51 - 00006948 _____ C:\Documents and Settings\sofia_d\desktop\CheckResults.txt2015-06-27 20:49 - 2015-06-27 20:49 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\sofia_d\desktop\mbam-check-2.1.1.1001.exe2015-06-25 22:13 - 2015-06-25 22:13 - 00000000 _____ C:\Documents and Settings\sofia_d\defogger_reenable2015-06-25 22:11 - 2015-06-25 22:11 - 00000000 ____D C:\_OTL2015-06-25 00:17 - 2015-06-25 00:17 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\sofia_d\desktop\OTL.exe2015-06-23 21:57 - 2015-06-23 22:55 - 00000000 ____D C:\Documents and Settings\sofia_d\desktop\Tweaking.com - Windows Repair2015-06-23 21:53 - 2015-06-23 21:54 - 00000000 ____D C:\AdwCleaner2015-06-23 21:44 - 2015-06-26 19:01 - 00000000 ___SD C:\32788R22FWJFW2015-06-23 21:44 - 2015-06-26 19:00 - 05631168 ____R (Swearware) C:\Documents and Settings\sofia_d\desktop\ComboFix.exe2015-06-22 22:40 - 2015-06-22 22:40 - 00000706 _____ C:\Documents and Settings\All Users\desktop\TeamViewer 10.lnk2015-06-22 22:40 - 2015-06-22 22:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 102015-06-21 00:09 - 2015-06-21 00:09 - 00000000 ____D C:\WINDOWS\jumpshot.com2015-06-20 23:54 - 2015-06-20 23:54 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\AVAST Software2015-06-20 23:53 - 2015-07-01 21:59 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2015-06-20 23:53 - 2015-06-26 18:53 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys2015-06-20 23:53 - 2015-06-20 23:53 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys2015-06-20 23:53 - 2015-06-20 23:53 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe2015-06-20 23:53 - 2015-06-20 23:53 - 00209048 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys2015-06-20 23:53 - 2015-06-20 23:53 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2015-06-20 23:53 - 2015-06-20 23:53 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys2015-06-20 23:53 - 2015-06-20 23:53 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys2015-06-20 23:53 - 2015-06-20 23:53 - 00049904 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys2015-06-20 23:53 - 2015-06-20 23:53 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr2015-06-20 23:53 - 2015-06-20 23:53 - 00024144 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys2015-06-20 23:53 - 2015-06-20 23:53 - 00001689 _____ C:\Documents and Settings\All Users\desktop\Avast Free Antivirus.lnk2015-06-20 23:53 - 2015-06-20 23:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software2015-06-20 23:51 - 2015-06-20 23:51 - 00000000 ____D C:\Program Files\AVAST Software2015-06-20 23:46 - 2015-06-21 00:49 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt2015-06-20 23:46 - 2015-06-20 23:46 - 00000000 ____D C:\WINDOWS\system32\windowspowershell2015-06-20 23:46 - 2015-06-20 23:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.02015-06-20 23:45 - 2015-06-20 23:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$2015-06-20 23:38 - 2015-06-20 23:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$2015-06-20 23:17 - 2015-06-20 23:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software2015-06-20 22:36 - 2015-06-20 22:36 - 00000000 __SHD C:\WINDOWS\CSC2015-06-20 21:56 - 2015-06-20 21:56 - 00000917 _____ C:\Documents and Settings\sofia_d\desktop\Revo Uninstaller.lnk2015-06-20 21:56 - 2015-06-20 21:56 - 00000000 ____D C:\Program Files\VS Revo Group2015-06-17 22:54 - 2015-06-17 22:54 - 00000000 ____D C:\Program Files\K-Lite Codec Pack2015-06-17 22:54 - 2015-06-17 22:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack2015-06-17 22:54 - 2015-05-31 21:00 - 00112128 _____ C:\WINDOWS\system32\ff_vfw.dll2015-06-17 22:54 - 2015-02-28 18:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll2015-06-17 22:54 - 2015-02-25 19:27 - 00473088 _____ (http://www.mp3dev.org/) C:\WINDOWS\system32\lameACM.acm 2015-06-17 22:54 - 2015-02-25 01:37 - 00655872 _____ C:\WINDOWS\system32\xvidcore.dll2015-06-17 22:54 - 2015-02-25 01:37 - 00240128 _____ C:\WINDOWS\system32\xvidvfw.dll2015-06-17 22:54 - 2012-07-21 13:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm2015-06-17 22:54 - 2012-05-22 00:48 - 00000415 _____ C:\WINDOWS\system32\lame_acm.xml2015-06-17 22:54 - 2011-12-07 20:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll2015-06-17 22:54 - 2011-06-22 17:14 - 00000714 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest2015-06-17 22:54 - 2004-05-18 21:16 - 00039936 _____ (Disappearing Inc.) C:\WINDOWS\system32\huffyuv.dll2015-06-17 01:29 - 2015-07-01 22:40 - 00000000 ____D C:\FRST2015-06-16 23:29 - 2015-06-16 23:29 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\DxCK2015-06-16 23:14 - 2015-06-16 23:14 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\WinRAR2015-06-16 23:06 - 2015-06-16 23:06 - 00000692 _____ C:\Documents and Settings\sofia_d\Start Menu\WinRAR.lnk2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Program Files\WinRAR2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Documents and Settings\sofia_d\Start Menu\Programs\WinRAR2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR2015-06-16 22:51 - 2015-06-16 23:05 - 00000000 ____D C:\Program Files\Mozilla Firefox2015-06-16 22:51 - 2015-06-16 22:51 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys2015-06-16 22:24 - 2015-06-16 22:24 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories2015-06-16 22:17 - 2015-06-16 22:17 - 00000000 ____D C:\RegBackup2015-06-16 21:56 - 2015-06-16 21:56 - 00000000 ____D C:\WINDOWS\erdnt2015-06-16 21:49 - 2015-06-16 21:49 - 00000000 ___HD C:\WINDOWS\PIF2015-06-16 21:45 - 2015-06-16 21:45 - 00001734 _____ C:\Documents and Settings\sofia_d\desktop\HijackThis.lnk2015-06-16 21:45 - 2015-06-16 21:45 - 00000000 ____D C:\Program Files\Trend Micro2015-06-16 21:45 - 2015-06-16 21:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis2015-06-16 21:11 - 2015-06-23 09:20 - 00000000 ____D C:\Program Files\TeamViewer2015-06-16 21:11 - 2015-06-16 21:11 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\TeamViewer ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-01 22:41 - 2011-01-07 14:58 - 00000000 ____D C:\Documents and Settings\sofia_d\Local Settings\Temp2015-07-01 22:40 - 2011-01-08 22:04 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\Skype2015-07-01 22:16 - 2011-01-08 22:13 - 00001016 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job2015-07-01 21:55 - 2004-08-04 15:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl2015-07-01 21:54 - 2011-01-07 14:50 - 01207562 _____ C:\WINDOWS\WindowsUpdate.log2015-07-01 21:53 - 2014-03-09 22:01 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2015-07-01 21:53 - 2011-01-07 16:34 - 00000157 _____ C:\WINDOWS\wiadebug.log2015-07-01 21:53 - 2011-01-07 16:34 - 00000050 _____ C:\WINDOWS\wiaservc.log2015-07-01 21:53 - 2011-01-07 14:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-07-01 21:51 - 2011-01-07 14:54 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt2015-07-01 21:43 - 2013-05-18 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-07-01 21:41 - 2011-05-25 19:23 - 00000238 _____ C:\Documents and Settings\sofia_d\intlname.ols2015-07-01 20:02 - 2011-01-07 16:48 - 00002457 _____ C:\Documents and Settings\sofia_d\desktop\Microsoft Office Outlook 2003.lnk2015-07-01 20:00 - 2013-03-25 23:55 - 00001006 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job2015-06-30 23:00 - 2013-03-25 23:55 - 00000984 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job2015-06-30 21:57 - 2014-02-28 18:46 - 00002265 _____ C:\Documents and Settings\All Users\desktop\Skype.lnk2015-06-30 19:16 - 2011-01-08 22:13 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job2015-06-26 18:31 - 2011-01-07 14:58 - 00000000 ____D C:\Documents and Settings\sofia_d2015-06-26 18:30 - 2015-05-14 22:55 - 00000682 _____ C:\Documents and Settings\All Users\desktop\CCleaner.lnk2015-06-26 18:30 - 2015-05-14 22:55 - 00000000 ____D C:\Program Files\CCleaner2015-06-26 18:30 - 2013-05-23 18:40 - 00000000 ____D C:\Documents and Settings\sofia_d\My Documents\Загрузки2015-06-25 21:35 - 2011-01-07 16:32 - 00558374 _____ C:\WINDOWS\system32\PerfStringBackup.INI2015-06-25 21:22 - 2011-01-07 16:45 - 00002417 _____ C:\Documents and Settings\sofia_d\desktop\Microsoft Office Word 2003.lnk2015-06-24 00:43 - 2013-05-18 19:07 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2015-06-24 00:43 - 2013-05-18 19:07 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2015-06-23 00:31 - 2011-01-10 22:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET2015-06-22 22:53 - 2011-01-08 22:14 - 00002296 _____ C:\Documents and Settings\sofia_d\desktop\Google Chrome.lnk2015-06-22 22:50 - 2011-01-08 22:13 - 00000000 ____D C:\Documents and Settings\sofia_d\Local Settings\Application Data\Temp2015-06-22 22:39 - 2011-01-07 14:50 - 00000000 ____D C:\WINDOWS\system32\Restore2015-06-22 22:35 - 2011-01-08 22:03 - 00000000 ___RD C:\Program Files\Skype2015-06-22 22:35 - 2011-01-08 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype2015-06-22 22:27 - 2011-01-07 16:28 - 00000211 ___SH C:\boot.ini2015-06-22 22:27 - 2011-01-07 14:58 - 00000278 ___SH C:\Documents and Settings\sofia_d\ntuser.ini2015-06-22 22:27 - 2004-08-04 15:00 - 00000638 _____ C:\WINDOWS\win.ini2015-06-22 22:27 - 2004-08-04 15:00 - 00000227 _____ C:\WINDOWS\system.ini2015-06-20 23:45 - 2011-01-07 14:59 - 00070912 _____ C:\Documents and Settings\sofia_d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2015-06-20 23:40 - 2011-01-07 16:29 - 00268600 _____ C:\WINDOWS\system32\FNTCACHE.DAT2015-06-17 23:28 - 2011-05-18 14:24 - 00002727 _____ C:\Documents and Settings\All Users\desktop\SolidWorks Explorer 2009.lnk2015-06-17 23:14 - 2013-02-06 21:12 - 00000000 ____D C:\Program Files\DScaler52015-06-16 23:56 - 2011-01-07 14:48 - 00000000 ____D C:\Program Files\MSN2015-06-16 22:51 - 2013-05-18 15:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2015-06-16 22:24 - 2011-01-07 14:54 - 00000000 __SHD C:\Documents and Settings\LocalService2015-06-16 22:23 - 2011-01-07 14:51 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb2015-06-16 22:23 - 2011-01-07 14:51 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb2015-06-16 21:47 - 2011-01-07 16:36 - 00000000 ____D C:\WINDOWS\pss2015-06-16 21:41 - 2011-01-07 14:54 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp2015-06-11 20:31 - 2013-07-24 22:16 - 00000000 ____D C:\WINDOWS\system32\MRT2015-06-11 20:25 - 2011-01-10 14:52 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-06-11 18:10 - 2015-05-14 22:31 - 00000000 ____D C:\WINDOWS\CryptoGuard ==================== Files in the root of some directories ======= 2012-01-03 21:02 - 2012-01-03 21:02 - 0000130 _____ () C:\Documents and Settings\sofia_d\Local Settings\Application Data\fusioncache.dat Some files in TEMP:====================C:\Documents and Settings\sofia_d\Local Settings\Temp\IadHide5.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01Ran by sofia_d at 2015-07-01 22:41:43Running from C:\Documents and Settings\sofia_d\desktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-515967899-583907252-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\AdministratorASPNET (S-1-5-21-515967899-583907252-682003330-1005 - Limited - Enabled)Guest (S-1-5-21-515967899-583907252-682003330-501 - Limited - Disabled)HelpAssistant (S-1-5-21-515967899-583907252-682003330-1000 - Limited - Disabled)LogMeInRemoteUser (S-1-5-21-515967899-583907252-682003330-1004 - Administrator - Enabled)sofia_d (S-1-5-21-515967899-583907252-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\sofia_dSUPPORT_388945a0 (S-1-5-21-515967899-583907252-682003330-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ##CAMERADRIVERNAME## (HKLM\...\QcDrv) (Version: - )32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden4500_Help (Version: 1.00.0000 - Hewlett-Packard) HiddenAdobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hiddenbpd_scan (Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) HiddenBufferChm (Version: 100.0.170.000 - Hewlett-Packard) HiddenCanon Camera Access Library (HKLM\...\CAL) (Version: 8.3.0.1 - )Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.0.9 - )Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.3.0.8 - )Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.4.0.14 - )Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.5.0.8 - )Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.0.8 - )Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.19.43 - )Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.8.0.74 - )CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenDestination Component (Version: 100.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) HiddenDeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenDocMgr (Version: 100.0.201.000 - Hewlett-Packard) HiddenDocProc (Version: 10.0.0.0 - Hewlett-Packard) HiddenDocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenDWGeditor (Version: 17.00.6014 - SolidWorks) HiddeneSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) HiddenFacebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)Fax (Version: 100.0.187.000 - Hewlett-Packard) HiddenGoogle Chrome (HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP)HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) HiddenHPSSupply (Version: 100.0.170.000 - Hewlett-Packard) HiddenJ4500 (Version: 50.0.165.000 - Hewlett-Packard) HiddenK-Lite Mega Codec Pack 11.2.0 (HKLM\...\KLiteCodecPack_is1) (Version: 11.2.0 - )Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.01.02 - Logitech, Inc.)Logitech QuickCam Software (HKLM\...\{C191BE7C-8542-4A61-973A-714EF76C5995}) (Version: 9.50.0000 - Logitech, Inc.)MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) HiddenMicrosoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM\...\{9011040D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)mobile PhoneTools (HKLM\...\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}) (Version: 3.28 7/08/2005 - BVRP Software)Motorola Mobile Drivers Installation 5.2.0 (HKLM\...\{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}) (Version: 5.2.0 - Motorola Inc.)Mozilla Firefox 38.0.5 (x86 ru) (HKLM\...\Mozilla Firefox 38.0.5 (x86 ru)) (Version: 38.0.5 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )NVIDIA Graphics Driver 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.58 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)NVIDIA nView 135.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.50 - NVIDIA Corporation)NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)PhotoView 360 (Version: 17.00.6014 - SolidWorks Corporation) HiddenProductContext (Version: 50.0.165.000 - Hewlett-Packard) HiddenPSSWCORE (Version: 2.02.0000 - Hewlett-Packard) HiddenRealtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Scan (Version: 10.1.0.0 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) HiddenSolidWorks 2009 SP0 (HKLM\...\SolidWorks Installation Manager 20090-40000-1100-200) (Version: 17.0.0.6014 - SolidWorks Corporation)SolidWorks 2009 SP0 (Version: 17.1.0003 - SolidWorks) HiddenSolidWorks eDrawings 2009 (Version: 9.0.706 - Dassault Systטmes SolidWorks Corp.) HiddenSolidWorks Explorer 2009 sp0 (Version: 17.00.6014 - SolidWorks Corporation) HiddenSolidWorks Motion 2009 SP0 (Version: 17.00.6015 - SolidWorks Corporation) HiddenSolidWorks Simulation 2009 SP0 (Version: 17.00.6015 - SolidWorks Corporation) HiddenSolidWorks viewer (Version: 17.00.6014 - SolidWorks) HiddenStatus (Version: 100.0.175.000 - Hewlett-Packard) HiddenSystem Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)Toolbox (Version: 100.0.170.000 - Hewlett-Packard) HiddenTrayApp (Version: 100.0.170.000 - Hewlett-Packard) HiddenVideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) HiddenWebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWebReg (Version: 100.0.170.000 - Hewlett-Packard) HiddenWinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hiddenחבילת תאימות עבור מהדורת 2007 של מערכת Office (HKLM\...\{90120000-0020-040D-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\43.0.2357.130\delegate_execute.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.) ==================== Restore Points ========================= 22-06-2015 22:39:26 System Checkpoint24-06-2015 00:47:16 System Checkpoint25-06-2015 01:28:56 System Checkpoint25-06-2015 09:59:32 Revo Uninstaller's restore point - ESET Online Scanner v326-06-2015 10:59:51 System Checkpoint27-06-2015 11:08:32 System Checkpoint28-06-2015 22:14:01 System Checkpoint30-06-2015 19:56:31 System Checkpoint01-07-2015 20:57:29 System Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-04 15:00 - 2004-08-04 15:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (Whitelisted) ============== 2015-06-20 23:53 - 2015-06-20 23:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll2015-06-20 23:53 - 2015-06-20 23:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll2015-07-01 19:28 - 2015-07-01 19:28 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15070102\algo.dll2013-03-11 14:28 - 2010-11-04 09:51 - 00555624 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll2015-06-20 23:53 - 2015-06-20 23:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2011-01-08 21:38 - 2011-01-08 21:38 - 00061496 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\clntutil.dll2011-01-08 21:38 - 2011-01-08 21:38 - 00147493 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWfiles.dll2011-01-08 21:38 - 2011-01-08 21:38 - 00536617 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWDocMapExt.dll2011-01-08 21:38 - 2011-01-08 21:38 - 00114688 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwscriptext.dll2008-04-14 05:41 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2008-04-14 05:42 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2008-04-14 05:42 - 2013-01-02 09:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-515967899-583907252-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Microsoft\Wallpaper1.bmpDNS Servers: 10.0.0.138 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon StartupMSCONFIG\startupfolder: C:^Documents and Settings^sofia_d^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk => C:\WINDOWS\pss\SolidWorks Task Scheduler Engine.lnkStartupMSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverMSCONFIG\startupreg: hpqSRMon => MSCONFIG\startupreg: LogitechVideo[inspector] => C:\Program Files\Logitech\Video\InstallHelper.exe /inspectMSCONFIG\startupreg: LogMeIn GUI => "C:\secure\x86\LogMeInSystray.exe"MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupMSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitMSCONFIG\startupreg: SolidWorks_CheckForUpdates => "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /schedulerMSCONFIG\startupreg: Torrent2Exe => ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] => Enabled:Logitech Desktop MessengerStandardProfile\AuthorizedApplications: [C:\Documents and Settings\sofia_d\Local Settings\Temp\Torrent2Exe\T2E.exe] => Enabled:Torrent2ExeStandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] => Disabled:Logitech Desktop MessengerStandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras ManagerStandardProfile\AuthorizedApplications: [C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google ChromeStandardProfile\AuthorizedApplications: [C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling PluginStandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:SkypeStandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control ApplicationStandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control ServiceStandardProfile\GloballyOpenPorts: [5353:UDP] => Enabled:Bonjour Port 5353StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/01/2015 09:53:55 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service. Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) Error: (07/01/2015 09:53:55 PM) (Source: ESENT) (EventID: 604) (User: )Description: SearchIndexer (2836) Locale ID 0x0000040d (Hebrew Hebrew) is either invalid or not installed on this machine. Error: (07/01/2015 07:26:42 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service. Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) Error: (07/01/2015 07:26:42 PM) (Source: ESENT) (EventID: 604) (User: )Description: SearchIndexer (3124) Locale ID 0x0000040d (Hebrew Hebrew) is either invalid or not installed on this machine. Error: (06/30/2015 06:55:41 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service. Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) Error: (06/30/2015 06:55:41 PM) (Source: ESENT) (EventID: 604) (User: )Description: SearchIndexer (3144) Locale ID 0x0000040d (Hebrew Hebrew) is either invalid or not installed on this machine. Error: (06/29/2015 10:09:43 PM) (Source: Windows Search Service) (EventID: 3024) (User: )Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error: (06/28/2015 09:52:27 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service. Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) Error: (06/28/2015 09:52:27 PM) (Source: ESENT) (EventID: 604) (User: )Description: SearchIndexer (2980) Locale ID 0x0000040d (Hebrew Hebrew) is either invalid or not installed on this machine. Error: (06/26/2015 09:12:01 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service. Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) System errors:=============Error: (07/01/2015 09:55:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The שירות HP CUE DeviceDiscovery Service service hung on starting. Error: (07/01/2015 09:53:49 PM) (Source: 0) (EventID: 4311) (User: )Description: Error: (07/01/2015 07:27:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The שירות HP CUE DeviceDiscovery Service service hung on starting. Error: (07/01/2015 07:26:33 PM) (Source: 0) (EventID: 4311) (User: )Description: Error: (06/30/2015 06:57:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The שירות HP CUE DeviceDiscovery Service service hung on starting. Error: (06/30/2015 06:55:26 PM) (Source: 0) (EventID: 4311) (User: )Description: Error: (06/28/2015 09:53:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The שירות HP CUE DeviceDiscovery Service service hung on starting. Error: (06/28/2015 09:52:12 PM) (Source: 0) (EventID: 4311) (User: )Description: Error: (06/26/2015 09:13:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The שירות HP CUE DeviceDiscovery Service service hung on starting. Error: (06/26/2015 09:11:39 PM) (Source: 0) (EventID: 4311) (User: )Description: Microsoft Office:=========================Error: (07/01/2015 09:53:55 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) Error: (07/01/2015 09:53:55 PM) (Source: ESENT) (EventID: 604) (User: )Description: SearchIndexer28360x0000040dHebrewHebrew Error: (07/01/2015 07:26:42 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) Error: (07/01/2015 07:26:42 PM) (Source: ESENT) (EventID: 604) (User: )Description: SearchIndexer31240x0000040dHebrewHebrew Error: (06/30/2015 06:55:41 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) Error: (06/30/2015 06:55:41 PM) (Source: ESENT) (EventID: 604) (User: )Description: SearchIndexer31440x0000040dHebrewHebrew Error: (06/29/2015 10:09:43 PM) (Source: Windows Search Service) (EventID: 3024) (User: )Description: Context: Application, SystemIndex Catalog Error: (06/28/2015 09:52:27 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) Error: (06/28/2015 09:52:27 PM) (Source: ESENT) (EventID: 604) (User: )Description: SearchIndexer29800x0000040dHebrewHebrew Error: (06/26/2015 09:12:01 PM) (Source: Windows Search Service) (EventID: 3026) (User: )Description: Context: Application, SystemIndex Catalog Details:The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f) ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHzPercentage of memory in use: 53%Total physical RAM: 2047.04 MBAvailable physical RAM: 946.8 MBTotal Virtual: 3939.82 MBAvailable Virtual: 2908.99 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.04 GB) (Free:123.45 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: () (Fixed) (Total:149.04 GB) (Free:133.04 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 2C6B2C6A)Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended) ==================== End of log ============================
  6. Hey there, Been using MBAM for about 5 years now My friend's PC had a virus attack (PicexaViewer) and after help from nasdaq from Bleeping Computer (would be better if you first read this topic since FRST log is there) her PC is clean now (I think) but I can't run/install MBAM. Right upon installation I get this error: Now I know MBAM installer is not to blame but I still want to find a solution to this since I'm out of more ideas. Using Windows XP SP3, Avast antivirus free installed. Things I've tried: 1. Try installing in Safe mode. Same issue. 2. Runnig mbam-clean-2.1.1.1001 (although unnecessary since MBAM was never installed). 3. Seeking help (as I said) from Bleeping Computer to see if a virus is stopping MBAM from running- Windows supposed to be clean now. 4. Running mbam chameleon- to no avail. 5. I've seen reports over the internet that installing Microsoft Visual C++ 2005 Runtime would help. I think installation failed but can't be sure about it. No "installation completed" message in the end. 6. I had ESET SS before. Tried uninstalling it totally (normally and afterwards with ESET own uninstaller ESETUninstaller.exe from safe mode) and rebooted- and still the same without any security product installed. 7. Trying this. 8. Applying some fixes (see the topic above from Bleeping Computer). Notes: 1. Can't run sfc /scannow since I'm connected to this PC via TeamViewer and Windows XP installation disk is not around. 2. Combofix also won't run since it gives an error (Warning!! Do not run ComboFix in Compatibility Mode. Doing so may damage the machine) also from safe mode. Note that this user is the administrator. Any thoughts about this? Thanks.
  7. I've been trying to install Malwarebytes, but i can't...I'm getting errors, some more than once when i try to install this software.These are some pics i took : http://gyazo.com/8c95da19c7e77b7b48b56edf3bfe821c http://gyazo.com/e850c0de7cea51d1a96ec4683c705b68 http://gyazo.com/b103dba0bfb0cff9bdf7c3600fc231d7 http://gyazo.com/c64a7ced8a46c44c4ac4ad7592495b2c As you can see, when i get an error i can press ok and then the installation continues, but in the end , it crashes...I hope someone here can help me.
  8. I keep getting this error and I have tried a multitude of options to clear it up. I have uninstalled & reinstalled Malware Bytes twice, cleared all the files, Ran CC Cleaner, reinstalled, reboots, the whole 9 yards. I came across this forum & saw another thread where it was suggested to download Farbar Recovery, which I did. I copied the logs per the instructions but it won't let me reply back to that post so here is another one. I have the logs but didn't want to post them yet. I ran the one for my system, (32 bit) so now I am at a stumbling block. Please help! Incidentally, I also have errors in accessing my docs from gmail to attach to emails and something upon startup that my PC Fax (which I forgot was even on computers anymore) has issues. Also, I sign in using Credant Shield and it's been telling me for a month now that I am an unmanaged user. Below is the pic of the error. Ideas?? Runtime Error pic.bmp
  9. I'm running Malwarebytes Anti-Malware (Trial) 2.0.2.1012 on a Windows XP Home Edition sp3 Dell Inspiron laptop. This is a fresh installation of Malwarebytes on a computer I haven't used in over a year. The installation appeared successful, but the database is out of date and when I try to update it I get a dialog with the following text: Microsoft Visual C++ Runtime Library Runtime Error! Program: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. Selecting "OK" on the dialog will close it and kill the Malwarebytes application. If I try to start a scan I get the same behavior. I've used mbam-clean-2.0.2.0.exe to uninstall Malwarebytes and then did a fresh install and the problem persists. I tried mbam-clean again, then installed with Malwarebytes Chameleon (ver. 1.62.1.1000). The installation appeared successful, during which there is a dialog that says the database was successfully updated from version v2013.04.04.07 to version v2014.06.17.12, then ran a full scan successfully, but the final version installed is 1.75.0.1300. I uninstalled version 1.75.0.1300 and downloaded Chameleon ver. 3.1.4, but when the latest chameleon is installing mbam I get the same Runtime Error dialog that happens when I try to update or scan with 2.0.2, at which point the installation dies. Any help to get the latest Malwarebytes Anty-Malware installed and running would be appreciated (I have a premium account, but I don't want to waste an activation on this laptop if the latest mbam is going to have problems with the older Windows OS). Thank you, Michael
  10. Apologies for the long post. The "browse" button was not functioning when I tried to attach these files. The incident occured in the following order: 1) Blue screen twice, over a period of 20mins. 2) Mozilla Firefox crashed 5-10 times over a period of 8 hours. 3) Unable to update or re-install Malwarebytes. Error message during installation: "CoCreateInstance failed; code 0x80040154. Class not registered." Error message at the end of installation: "Run-time error '0'" "Run-time error '404': Automation error". This pop-up occured multiple times. 4) AVG Free suddenly asked for a license code upon computer restart. Below are my "attachments": DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by User at 22:33:59 on 2013-01-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6003.4059 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Fingerprint Sensor\ATService.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Softex\OmniPass\OmniServ.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files\Fujitsu\PSUtility\PSUService.exe c:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files\SAS\PCFilesServer\9.2\pcfservice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Fujitsu\updnavi\updnvsrv.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k NetworkService C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe c:\Program Files\Softex\OmniPass\opvapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe C:\Program Files\Fujitsu\updnavi\updatenv.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe c:\Program Files\Softex\OmniPass\hook\OpHook32BitProcess.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\vsnp2uvc.exe C:\Windows\snuvcdsm.exe C:\Windows\WindowsMobile\wmdc.exe C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Users\User\Downloads\mbam-setup-1.70.0.1100.exe C:\Users\User\AppData\Local\Temp\is-50RGV.tmp\mbam-setup-1.70.0.1100.tmp C:\Users\User\Downloads\mbam-setup-1.70.0.1100.exe C:\Users\User\AppData\Local\Temp\is-4G597.tmp\mbam-setup-1.70.0.1100.tmp C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://hk.fujitsu.com/pc uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned> BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - <orphaned> BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned> BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned> BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - <orphaned> BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned> BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned> BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned> EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned> uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [googletalk] C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver mRun: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" mRun: [updatePDRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe mRun: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(1583).ini uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned> IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - <orphaned> IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned> IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned> IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned> IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\35471627265736B6370275966496 : DHCPNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\35C4 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\363636F6C6C6567656 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\46C696E6B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\65944454F44525F4E483336393 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\8445 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{0986B670-9564-4652-9241-A286EA7A40C5} : DHCPNameServer = 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> SSODL: WebCheck - <orphaned> CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [ConMgr] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" x64-Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe x64-Run: [bthSyncServ] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" x64-Run: [FDM7] c:\Program Files\Fujitsu\FDM7\FdmDaemon.exe x64-Run: [PSUTility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe x64-Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe x64-Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe x64-Run: [FJBATAID2] c:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup x64-Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe x64-Run: [OmniPass] c:\Program Files\Softex\OmniPass\scureapp.exe x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe x64-Run: [sNUVCDSM] C:\Windows\snuvcdsm.exe x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zyqva02y.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zyqva02y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zyqva02y.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\System32\drivers\FBIOSDRV.sys [2010-4-22 21104] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-2 55280] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2009-12-27 2704704] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-13 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-13 682344] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2010-4-22 126392] R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-29 63336] R2 SAS PC Files Server;SAS PC Files Server;C:\Program Files\SAS\PCFilesServer\9.2\pcfservice.exe [2011-9-8 345368] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-7 2314240] R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\updnavi\updnvsrv.exe [2009-9-30 14336] R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-8-20 145792] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-28 736840] R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-20 34656] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2010-4-22 7296] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-25 151936] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-15 321064] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-6 24176] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-10-29 244736] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-14 6952960] S3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-7-20 72352] S3 O2SDGRDR;O2SDGRDR;C:\Windows\System32\drivers\o2sdgx64.sys [2009-7-15 49696] S3 PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0;PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Fujitsu Hardware Diagnostics Tool\pcdsrvc_x64.pkms [2010-3-24 24560] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-7 225280] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-1 1255736] . =============== Created Last 30 ================ . 2013-01-14 03:17:39 710504 ----a-w- C:\Windows\isRS-000.tmp 2013-01-14 03:17:05 -------- d-----w- C:\Users\User\AppData\Local\Programs 2013-01-14 02:18:17 -------- d-----w- C:\Users\User\AppData\Local\{0D5B817A-2432-4A2B-8677-3488715E23A6} 2013-01-13 12:46:24 -------- d-----w- C:\Users\User\AppData\Local\{12FA19D4-C2C3-44ED-8870-BB3669F3273A} 2013-01-12 16:30:39 -------- d-----r- C:\Program Files (x86)\Skype 2013-01-12 16:07:45 -------- d-----w- C:\Users\User\AppData\Local\{07A04745-D1FA-4651-BE17-719188063C7D} 2013-01-11 02:05:34 -------- d-----w- C:\Users\User\AppData\Local\{2D6F19C2-9A03-45F9-9EFD-88230EAC0719} 2013-01-10 14:05:09 -------- d-----w- C:\Users\User\AppData\Local\{1EF444D1-966B-459F-B0BC-AECF5B738BEF} 2013-01-10 00:09:30 -------- d-----w- C:\Users\User\AppData\Local\{0FA099CB-F938-4349-92E7-144AEDF6F1F0} 2013-01-09 13:04:36 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-01-08 14:08:56 -------- d-----w- C:\Users\User\AppData\Local\{A0833307-6690-444D-BC42-B7970F64E0C7} 2013-01-07 16:23:37 -------- d-----w- C:\Users\User\AppData\Local\{F44B7A29-160A-4A71-A917-E2E4D5A86CE9} 2013-01-06 15:57:51 -------- d-----w- C:\Users\User\AppData\Local\{7FB594EB-34B1-4EA5-9AB1-D731E3E29BB7} 2013-01-06 02:33:06 -------- d-----w- C:\Users\User\AppData\Local\{9BDBA586-A756-4CBB-8996-1D0D8B16769B} 2013-01-05 05:27:11 -------- d-----w- C:\Users\User\AppData\Local\{65A010D9-AC60-4C3B-B742-90DC9951246A} 2013-01-04 14:12:15 -------- d-----w- C:\Users\User\AppData\Local\{05BCF4B9-FE3E-42C4-9CC6-0FFA7875A9C8} 2013-01-04 02:12:15 -------- d-----w- C:\Users\User\AppData\Local\{E6AC666E-CA97-4CBC-8237-C5FA8A8D6DB1} 2012-12-22 03:23:13 -------- d-----w- C:\Users\User\AppData\Local\{BDC1353D-E303-47B4-9776-6EBC17FBF3FB} 2012-12-21 16:09:59 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 16:09:59 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 16:09:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 16:09:58 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-20 15:56:02 -------- d-----w- C:\Users\User\AppData\Local\{BD2798A5-DE35-4400-A5A0-40137D8BFA7B} 2012-12-19 03:30:10 -------- d-----w- C:\Users\User\AppData\Local\{8D1F789B-8108-46AA-84EA-CB447558CCFE} 2012-12-18 21:45:57 -------- d-----w- C:\Users\User\AppData\Local\{6EE01091-8318-4EFF-926F-D01A24A15B10} 2012-12-18 21:29:19 -------- d-----w- C:\Users\User\AppData\Local\{34B93D06-2FF9-4ACF-AB61-5FA01C4A6303} 2012-12-17 17:01:03 -------- d-----w- C:\Users\User\AppData\Local\{241B2DA9-4989-4B7C-BD45-CBF81ACB95FE} 2012-12-17 02:39:38 -------- d-----w- C:\Users\User\AppData\Local\{E6606CD1-52C6-4B22-8E14-5E66DB9F948D} 2012-12-16 14:39:14 -------- d-----w- C:\Users\User\AppData\Local\{3B09E2B3-DFFD-425D-89F7-D7E407CAB09B} 2012-12-16 00:33:32 -------- d-----w- C:\Users\User\AppData\Local\{84BEC2CD-3EF2-4342-B7A5-B4BD6ACBBAC7} . ==================== Find3M ==================== . 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 18:34:54 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll 2012-11-23 18:34:53 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll 2012-11-23 18:01:42 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-23 18:01:40 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-11-23 18:01:40 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-10-23 13:18:19 249856 ------w- C:\Windows\Setup1.exe 2012-10-23 13:18:16 73216 ----a-w- C:\Windows\ST6UNST.EXE 2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll . ============= FINISH: 22:34:29.04 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 02/01/2011 6:25:27 PM System Uptime: 13/01/2013 10:18:44 PM (0 hours ago) . Motherboard: FUJITSU | | FJNB20B Processor: Intel® Core i5 CPU M 450 @ 2.40GHz | Onboard | 2400/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 5.772 GiB free. D: is FIXED (NTFS) - 225 GiB total, 11.189 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000A\8&18ED5183&0&A06CECCB91DB_C00000004 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000A\8&18ED5183&0&A06CECCB91DB_C00000004 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000A\8&18ED5183&0&A06CECCB91DB_C00000004 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000A\8&18ED5183&0&A06CECCB91DB_C00000004 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000A\8&18ED5183&0&A06CECCB91DB_C00000004 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000A\8&18ED5183&0&A06CECCB91DB_C00000004 Service: . ==== System Restore Points =================== . RP171: 21/12/2012 11:09:42 AM - Windows Update RP172: 29/12/2012 12:00:03 AM - Scheduled Checkpoint RP173: 10/01/2013 8:11:55 AM - Windows Update RP174: 13/01/2013 10:11:24 PM - Installed QuickTime . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 64 Bit HP CIO Components Installer Adobe Flash Player 11 ActiveX Adobe Photoshop Lightroom 3 64-bit Adobe Reader XI Anytime USB Charge Utility Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Client Installation Program Audacity 1.3.12 (Unicode) AuthenTec Fingerprint Software AVG 2011 AVG 2012 AVG 2013 Battery Utility BlackBerry Desktop Software 6.1 BlackBerry Device Software Updater Bluetooth Feature Pack 5.0 Bonjour Conduit Engine Coupon Printer for Windows CyberLink PowerDirector CyberLink PowerDVD 8 CyberLink YouCam D3DX10 Dropbox EndNote X5 Facebook Messenger 2.1.4651.0 FJ Camera Fujitsu Display Manager Fujitsu Hardware Diagnostics Tool Fujitsu Hotkey Utility Fujitsu MobilityCenter Extension Utility Fujitsu System Extension Utility Google Talk (remove only) Google Talk Plugin GoToMeeting 5.1.0.880 GraphPad Prism 5 HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 HP Update IBM SPSS Statistics 21 Inst5657 Intel® Management Engine Components Intel® Turbo Boost Technology Driver iTunes Java 7 Update 9 Java 6 Update 31 Junk Mail filter update LAME v3.98.3 for Audacity LifeBook Application Panel LSI HDA Modem Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Mozilla Firefox 18.0 (x86 en-US) Mozilla Maintenance Service MSN Toolbar MSN Toolbar Platform MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network64 Norton Internet Security NVIDIA Drivers O2Micro Flash Memory Card Windows Driver O2Micro PCIe SCR Driver OmniPass Picasa 3 Power Saving Utility PS - Power and Sample Size Calculation PS_AIO_07_D110_SW_Min QuickTime Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader ResearchSoft Direct Export Helper Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Creator LJ SAS 9.2 SAS BI Web Services for .Net SAS Client Connection Profile Configuration 9.2 SAS Deployment Tester - Client 1.3 SAS Deployment Tester - Server 1.3 SAS Deployment Tester 1.3 for SAS Management Console SAS Drivers for JDBC 9.2 SAS Drivers for ODBC SAS Enterprise Guide 4.3 SAS Foundation Services 9.2 SAS Help Viewer for the Web SAS Intelligence Platform Object Framework 9.2 SAS Locale Setup Manager 2.1 SAS Management Console 9.2 SAS OnlineDoc 9.2 for the Web SAS OnlineDoc 9.2 for Windows SAS Package Reader 9.2 SAS PC Files Server 9.2 SAS Personal Login Manager 9.2 SAS Power and Sample Size 3.1 SAS Remote Browser Server SAS SQL Library for C 9.2 SAS Universal Viewer 1.1 SAS Versioned Jar Repository 9.2 SAS Web Application Themes 9.2 SAS Web Infrastructure Client 4.2 SAS Web Infrastructure Platform 9.2 SAS XML Mapper 9.2 SAS/ETS Model Editor 9.2 SAS/Graph Java Applets for 9.2 SAS/GRAPH NV Workshop 2.1 SAS/GRAPH ODS Graphics Editor 9.2 SAS/IML Studio 3.2 SAS/SECURE Java 9.2 Scalable Performance Data Server Plug-in 4.5 for SAS Management Console Scan Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype™ 6.0 Synaptics Pointing Device Driver Toolbox Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Navi VD64Inst Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 1.1.7 VoiceOver Kit WHO Anthro WHO AnthroPlus Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Mobile Device Center WinRAR 4.01 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 13/01/2013 6:41:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80038d0090, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011313-47627-01. 13/01/2013 2:14:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa8589db81b0, 0x0000000000000001, 0xfffff8000377b86b, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011313-55551-01. 13/01/2013 2:04:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0x0000000019e21001, 0x000000000000f873, 0xfffff70001080000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011313-54459-01. 13/01/2013 10:21:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running. 13/01/2013 10:20:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running. 13/01/2013 10:19:26 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13/01/2013 10:19:26 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 13/01/2013 10:19:26 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 13/01/2013 10:19:26 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13/01/2013 10:19:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP 13/01/2013 10:19:18 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 13/01/2013 10:19:16 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753636. 13/01/2013 10:19:08 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost. 13/01/2013 10:18:51 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver. 13/01/2013 10:18:51 PM, Error: SRTSP [4] - Error loading virus definitions. 12/01/2013 11:57:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service. 12/01/2013 11:57:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service. 10/01/2013 8:19:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 10/01/2013 8:19:34 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 08/01/2013 1:50:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. . ==== End Of File =========================== Thanks for your help! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by User at 22:33:59 on 2013-01-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6003.4059 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Fingerprint Sensor\ATService.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Softex\OmniPass\OmniServ.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files\Fujitsu\PSUtility\PSUService.exe c:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files\SAS\PCFilesServer\9.2\pcfservice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Fujitsu\updnavi\updnvsrv.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k NetworkService C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe c:\Program Files\Softex\OmniPass\opvapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe C:\Program Files\Fujitsu\updnavi\updatenv.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe c:\Program Files\Softex\OmniPass\hook\OpHook32BitProcess.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\vsnp2uvc.exe C:\Windows\snuvcdsm.exe C:\Windows\WindowsMobile\wmdc.exe C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Users\User\Downloads\mbam-setup-1.70.0.1100.exe C:\Users\User\AppData\Local\Temp\is-50RGV.tmp\mbam-setup-1.70.0.1100.tmp C:\Users\User\Downloads\mbam-setup-1.70.0.1100.exe C:\Users\User\AppData\Local\Temp\is-4G597.tmp\mbam-setup-1.70.0.1100.tmp C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://hk.fujitsu.com/pc uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned> BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - <orphaned> BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned> BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned> BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - <orphaned> BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned> BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned> BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned> EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned> uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [googletalk] C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver mRun: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" mRun: [updatePDRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe mRun: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(1583).ini uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned> IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - <orphaned> IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned> IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned> IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned> IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\35471627265736B6370275966496 : DHCPNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\35C4 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\363636F6C6C6567656 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\46C696E6B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\65944454F44525F4E483336393 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{0161F69B-E0B6-47E3-9B22-88D9CF373FF0}\8445 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{0986B670-9564-4652-9241-A286EA7A40C5} : DHCPNameServer = 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> SSODL: WebCheck - <orphaned> CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [ConMgr] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" x64-Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe x64-Run: [bthSyncServ] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" x64-Run: [FDM7] c:\Program Files\Fujitsu\FDM7\FdmDaemon.exe x64-Run: [PSUTility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe x64-Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe x64-Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe x64-Run: [FJBATAID2] c:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup x64-Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe x64-Run: [OmniPass] c:\Program Files\Softex\OmniPass\scureapp.exe x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe x64-Run: [sNUVCDSM] C:\Windows\snuvcdsm.exe x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zyqva02y.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zyqva02y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zyqva02y.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\System32\drivers\FBIOSDRV.sys [2010-4-22 21104] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-2 55280] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2009-12-27 2704704] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-13 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-13 682344] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2010-4-22 126392] R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-29 63336] R2 SAS PC Files Server;SAS PC Files Server;C:\Program Files\SAS\PCFilesServer\9.2\pcfservice.exe [2011-9-8 345368] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-7 2314240] R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\updnavi\updnvsrv.exe [2009-9-30 14336] R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-8-20 145792] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-28 736840] R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-20 34656] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2010-4-22 7296] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-25 151936] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-15 321064] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-6 24176] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-10-29 244736] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-14 6952960] S3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-7-20 72352] S3 O2SDGRDR;O2SDGRDR;C:\Windows\System32\drivers\o2sdgx64.sys [2009-7-15 49696] S3 PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0;PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Fujitsu Hardware Diagnostics Tool\pcdsrvc_x64.pkms [2010-3-24 24560] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-7 225280] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-1 1255736] . =============== Created Last 30 ================ . 2013-01-14 03:17:39 710504 ----a-w- C:\Windows\isRS-000.tmp 2013-01-14 03:17:05 -------- d-----w- C:\Users\User\AppData\Local\Programs 2013-01-14 02:18:17 -------- d-----w- C:\Users\User\AppData\Local\{0D5B817A-2432-4A2B-8677-3488715E23A6} 2013-01-13 12:46:24 -------- d-----w- C:\Users\User\AppData\Local\{12FA19D4-C2C3-44ED-8870-BB3669F3273A} 2013-01-12 16:30:39 -------- d-----r- C:\Program Files (x86)\Skype 2013-01-12 16:07:45 -------- d-----w- C:\Users\User\AppData\Local\{07A04745-D1FA-4651-BE17-719188063C7D} 2013-01-11 02:05:34 -------- d-----w- C:\Users\User\AppData\Local\{2D6F19C2-9A03-45F9-9EFD-88230EAC0719} 2013-01-10 14:05:09 -------- d-----w- C:\Users\User\AppData\Local\{1EF444D1-966B-459F-B0BC-AECF5B738BEF} 2013-01-10 00:09:30 -------- d-----w- C:\Users\User\AppData\Local\{0FA099CB-F938-4349-92E7-144AEDF6F1F0} 2013-01-09 13:04:36 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-01-08 14:08:56 -------- d-----w- C:\Users\User\AppData\Local\{A0833307-6690-444D-BC42-B7970F64E0C7} 2013-01-07 16:23:37 -------- d-----w- C:\Users\User\AppData\Local\{F44B7A29-160A-4A71-A917-E2E4D5A86CE9} 2013-01-06 15:57:51 -------- d-----w- C:\Users\User\AppData\Local\{7FB594EB-34B1-4EA5-9AB1-D731E3E29BB7} 2013-01-06 02:33:06 -------- d-----w- C:\Users\User\AppData\Local\{9BDBA586-A756-4CBB-8996-1D0D8B16769B} 2013-01-05 05:27:11 -------- d-----w- C:\Users\User\AppData\Local\{65A010D9-AC60-4C3B-B742-90DC9951246A} 2013-01-04 14:12:15 -------- d-----w- C:\Users\User\AppData\Local\{05BCF4B9-FE3E-42C4-9CC6-0FFA7875A9C8} 2013-01-04 02:12:15 -------- d-----w- C:\Users\User\AppData\Local\{E6AC666E-CA97-4CBC-8237-C5FA8A8D6DB1} 2012-12-22 03:23:13 -------- d-----w- C:\Users\User\AppData\Local\{BDC1353D-E303-47B4-9776-6EBC17FBF3FB} 2012-12-21 16:09:59 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 16:09:59 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 16:09:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 16:09:58 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-20 15:56:02 -------- d-----w- C:\Users\User\AppData\Local\{BD2798A5-DE35-4400-A5A0-40137D8BFA7B} 2012-12-19 03:30:10 -------- d-----w- C:\Users\User\AppData\Local\{8D1F789B-8108-46AA-84EA-CB447558CCFE} 2012-12-18 21:45:57 -------- d-----w- C:\Users\User\AppData\Local\{6EE01091-8318-4EFF-926F-D01A24A15B10} 2012-12-18 21:29:19 -------- d-----w- C:\Users\User\AppData\Local\{34B93D06-2FF9-4ACF-AB61-5FA01C4A6303} 2012-12-17 17:01:03 -------- d-----w- C:\Users\User\AppData\Local\{241B2DA9-4989-4B7C-BD45-CBF81ACB95FE} 2012-12-17 02:39:38 -------- d-----w- C:\Users\User\AppData\Local\{E6606CD1-52C6-4B22-8E14-5E66DB9F948D} 2012-12-16 14:39:14 -------- d-----w- C:\Users\User\AppData\Local\{3B09E2B3-DFFD-425D-89F7-D7E407CAB09B} 2012-12-16 00:33:32 -------- d-----w- C:\Users\User\AppData\Local\{84BEC2CD-3EF2-4342-B7A5-B4BD6ACBBAC7} . ==================== Find3M ==================== . 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 18:34:54 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll 2012-11-23 18:34:53 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll 2012-11-23 18:01:42 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-23 18:01:40 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-11-23 18:01:40 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-10-23 13:18:19 249856 ------w- C:\Windows\Setup1.exe 2012-10-23 13:18:16 73216 ----a-w- C:\Windows\ST6UNST.EXE 2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll . ============= FINISH: 22:34:29.04 ===============
  11. Hello I'm new to using Malwarebytes and to this forum. I knew my system was probably infected since I could not run Malwarebytes, but I had no problem installing it. I've followed the CMD trick, coming up with DIVIDE OVERFLOW which didn't work. I scanned my computer multiple times with no prevail. I am not infected with the Antivirus 2009 infection and I do not have ZoneAlarm, just Norton 360 and SUPERAntiSpyware. Here is my DDS log: FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\system32\drivers\SMR210.SYS [2012-1-22 83064] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-11-20 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-11-20 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-11-20 136312] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-11-20 130008] R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-20 106104] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120120.002\IDSXpx86.sys [2012-1-21 356280] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-15 40776] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120121.009\NAVENG.SYS [2012-1-21 86136] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120121.009\NAVEX15.SYS [2012-1-21 1576312] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-6-17 20744] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-6-17 29192] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-8-29 17149] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-6-17 25480] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111.sys --> c:\windows\system32\drivers\WPN111.sys [?] . =============== Created Last 30 ================ . 2012-01-22 16:51:24 83064 ----a-w- c:\windows\system32\drivers\SMR210.SYS 2012-01-22 05:32:20 -------- d-sh--r- c:\windows\system32\MSDCSC 2012-01-21 19:46:47 -------- d-----w- c:\program files\ASIO4ALL v2 2012-01-21 19:46:07 225280 ----a-w- c:\windows\system32\rewire.dll 2012-01-21 19:46:07 -------- d-----w- c:\program files\VstPlugins 2012-01-21 19:45:51 1554944 ----a-w- c:\windows\system32\vorbis.acm 2012-01-21 19:45:42 -------- d-----w- c:\program files\Outsim 2012-01-21 19:43:00 -------- d-----w- c:\program files\Image-Line 2012-01-21 19:41:44 -------- d--h--w- c:\windows\PIF 2012-01-21 01:39:20 -------- d-----w- c:\documents and settings\nimda\application data\Antares 2012-01-21 01:34:30 -------- d-----w- c:\program files\Steinberg 2012-01-21 01:34:30 -------- d-----w- c:\program files\common files\Digidesign 2012-01-21 01:34:29 -------- d-----w- c:\program files\Antares Audio Technologies 2012-01-21 00:52:55 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2012-01-19 06:02:11 -------- d-----w- c:\documents and settings\nimda\local settings\application data\TechSmith 2012-01-16 18:13:12 -------- d-----w- c:\documents and settings\nimda\application data\DriverCure 2012-01-16 18:13:11 -------- d-----w- c:\documents and settings\nimda\application data\SpeedyPC Software 2012-01-16 18:12:56 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software 2012-01-16 18:09:36 -------- d-----w- c:\documents and settings\nimda\local settings\application data\SvchostViewer 2012-01-15 21:17:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-01-15 21:17:34 -------- d-----w- c:\documents and settings\nimda\application data\Malwarebytes 2012-01-15 21:17:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-01-15 21:17:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-15 21:17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-15 20:30:27 -------- dcsha-r- C:\cmdcons 2012-01-15 20:20:05 98816 ----a-w- c:\windows\sed.exe 2012-01-15 20:20:05 518144 ----a-w- c:\windows\SWREG.exe 2012-01-15 20:20:05 256000 ----a-w- c:\windows\PEV.exe 2012-01-15 20:20:05 208896 ----a-w- c:\windows\MBR.exe 2012-01-15 19:30:54 -------- d-----w- c:\documents and settings\nimda\application data\SUPERAntiSpyware.com 2012-01-15 19:30:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-01-15 19:30:16 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2012-01-08 22:21:10 -------- d-----w- c:\program files\Sanny Builder 3 2012-01-07 02:49:26 -------- d-----w- c:\program files\Windows Resource Kits 2012-01-05 02:32:43 -------- d-----w- c:\documents and settings\all users\application data\Facebook Password Cracker 2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll 2011-12-25 23:12:43 -------- d-----w- c:\documents and settings\all users\application data\PACE Anti-Piracy . ==================== Find3M ==================== . 2011-12-20 03:29:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 18:50:27 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-11-20 18:50:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-10 13:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 11:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-04 10:08:16 443448 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 9:20:50.56 =============== Here is my attach.zip: attach.zip Any type of help is appreciated. Thank you.
  12. Hello, I'm new to using Malwarebytes, and I have a problem running it. I've followed other posts like doing the command prompt trick like "regsvr32 mbamext.dll" and it said "DIVIDE OVERFLOW". It didn't work. I've installed SUPERAntiSpyware and fixed 42 threats, still didn't work. I did the .bat trick "MBAM Fix.bat" but that didn't work. I've uninstalled multiple times and reinstalled but it did not work. I also renamed "mbam.exe" to "explorer.exe" but no luck. I am not affected by the Antivirus 2009 infection but I just can't seem to get Malwarebytes to run. I have plenty of space by the way, like 319 GB so I don't know why DIVIDE OVERFLOW came up on CMD. Any ideas? Any type of help is apreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.