pup.optional.opencandy from Windows updates?

[Rugby2003]

My son's laptop died on him completely before he bothered mentioning something had been going on ie his mouse was uncontrolable.

 

I had to fully format & re-install the drivers.

 

I put Malwarebytes straight on & ran a full scan which was clear, then microsoft essentials & ran that, still clear.

 

The problem started when I did a Microsoft up-date - 117 altogether.

 

Straight away the mouse started to play up.

 

A quick scan with Malwarebytes & this came up - pup.optional.opencandy

 

I've googled & even on Microsoft people are asking if it's their up-dates causing the problem nut they are denying it but it only came back on a clean computer when I up-dated.

 

I'm not so bothered about Microsoft as I don't expect them to admit. I just want to clean it but it keeps popping back on.

 

The mouse is now being a nightmare & either doesn't move or moves like crazy.

 

Please help.

 

[gringo_pr]

Hello Rugby2003

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-Download DDS-

• Please download DDS from one of the links below and save it to your desktop:

  

  Download DDS and save it to your desktop

  Link1

  Link2

  Link3

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Gringo

[Rugby2003]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Luke's Laptop at 23:00:26 on 2013-08-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4009.2343 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{18FAB54A-B3D7-4BB5-879B-BAAC2CF3966C} : DHCPNameServer = 194.168.4.100 194.168.8.100
SSODL: WebCheck - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Luke's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\4tdeyf0q.default\

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - ExtSQL: 2013-08-20 04:08; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-3-12 24496]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-1 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Sierra Wireless QDL Service;Sierra Wireless QDL Service;C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-2-16 308592]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-19 2656280]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2006-11-1 7296]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-19 412776]
S3 iaStorS;iaStorS;C:\Windows\System32\drivers\iaStorS.sys [2012-3-12 638896]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-1 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-1 786200]
S3 megasas2;megasas2;C:\Windows\System32\drivers\megasas2.sys [2011-11-23 51280]
S3 megasr1;megasr1;C:\Windows\System32\drivers\megasr1.sys [2012-2-21 806696]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-3-14 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-3-14 181248]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2011-11-30 313448]
S3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-1-20 136000]
S3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-1-20 410944]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-20 1255736]
.
=============== Created Last 30 ================
.
2013-08-20 21:09:48    --------    d-----w-    C:\Windows\System32\MRT
2013-08-20 03:27:06    --------    d-----w-    C:\Program Files\Enigma Software Group
2013-08-20 03:26:21    --------    d-----w-    C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-20 03:26:21    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-08-20 03:11:46    --------    d-----w-    C:\Program Files (x86)\SpeedBit Video Accelerator
2013-08-20 03:08:41    --------    d-----w-    C:\Users\Luke's Laptop\AppData\Roaming\RealNetworks
2013-08-20 03:08:20    --------    d-----w-    C:\Program Files (x86)\RealNetworks
2013-08-20 03:08:18    --------    d-----w-    C:\ProgramData\RealNetworks
2013-08-20 03:08:12    --------    d-----w-    C:\Program Files (x86)\Common Files\xing shared
2013-08-20 03:07:54    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-08-20 03:07:54    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-08-20 02:53:04    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-08-20 02:53:04    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-08-20 02:42:15    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-08-20 02:42:15    --------    d-----w-    C:\Windows\System32\Wat
2013-08-20 01:19:46    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-08-20 01:19:46    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-08-20 01:19:45    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-08-20 01:19:45    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-08-20 01:05:41    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-20 00:58:09    294912    ----a-w-    C:\Windows\System32\browserchoice.exe
2013-08-20 00:49:10    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-08-20 00:49:10    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-08-20 00:49:10    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-08-20 00:49:10    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-08-20 00:49:10    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-08-20 00:49:10    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-08-20 00:48:10    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-08-20 00:48:10    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-08-20 00:48:10    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-08-20 00:48:10    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-08-20 00:48:09    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-08-20 00:48:09    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-08-20 00:48:09    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-08-20 00:43:35    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-08-20 00:43:35    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-08-20 00:43:35    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-08-20 00:43:34    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-08-20 00:43:34    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-08-20 00:33:30    --------    d-----w-    C:\Program Files\PhotoDeluxe Home Edition 4.0
2013-08-20 00:27:08    --------    d-----w-    C:\Program Files (x86)\Microsoft ActiveSync
2013-08-20 00:24:46    --------    d-----w-    C:\Windows\PCHEALTH
2013-08-19 23:51:48    --------    d-----w-    C:\Users\Luke's Laptop\AppData\Local\Mozilla
2013-08-19 23:48:13    --------    d-----w-    C:\Program Files (x86)\MyPC Backup
2013-08-19 23:47:44    --------    d-----w-    C:\Windows\SysWow64\searchplugins
2013-08-19 23:47:44    --------    d-----w-    C:\Windows\SysWow64\Extensions
2013-08-19 23:46:57    --------    d-----w-    C:\Users\Luke's Laptop\AppData\Roaming\Systweak
2013-08-19 23:46:56    20312    ----a-w-    C:\Windows\System32\roboot64.exe
2013-08-19 23:46:47    --------    d-----w-    C:\ProgramData\Babylon
2013-08-19 23:41:00    941720    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{988A7B7D-4ACB-4986-9BA0-02BEAF7AE179}\gapaengine.dll
2013-08-19 23:40:56    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75B90F75-3C27-45B8-BF4B-7DA5D034E18A}\mpengine.dll
2013-08-19 23:39:56    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-08-19 23:39:53    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-08-19 23:31:52    2871808    ----a-w-    C:\Windows\explorer.exe
2013-08-19 23:30:59    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2013-08-19 23:29:21    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-08-19 23:29:21    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2013-08-19 23:29:20    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-08-19 23:29:20    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-08-19 23:29:18    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-08-19 23:29:18    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-08-19 23:29:15    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-19 23:29:14    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-19 23:29:14    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-19 23:29:14    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-19 23:29:14    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-19 23:29:14    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-19 23:29:10    245760    ----a-w-    C:\Windows\System32\OxpsConverter.exe
2013-08-19 23:27:53    498688    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-08-19 23:26:34    95744    ----a-w-    C:\Windows\System32\synceng.dll
2013-08-19 23:25:59    376688    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-08-19 23:24:40    805376    ----a-w-    C:\Windows\SysWow64\cdosys.dll
2013-08-19 23:20:27    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-08-19 23:20:18    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BADB4DB3-A1E9-4D1F-8E88-09DF19231643}\mpengine.dll
2013-08-19 23:19:50    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-08-19 23:19:50    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-08-19 23:09:32    --------    d-----w-    C:\Users\Luke's Laptop\AppData\Roaming\Malwarebytes
2013-08-19 23:09:24    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-08-19 23:09:24    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-08-19 23:09:24    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 23:09:05    --------    d-----w-    C:\Users\Luke's Laptop\AppData\Local\Programs
2013-08-19 23:08:13    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-08-19 23:08:13    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-08-19 23:08:13    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-08-19 23:01:58    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-08-19 23:01:53    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-08-19 23:01:44    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-08-19 23:01:44    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-08-19 22:51:40    --------    d-----w-    C:\Users\Luke's Laptop\Roaming
2013-08-19 22:51:40    --------    d-----w-    C:\ProgramData\Roaming
2013-08-19 22:51:32    --------    d-----w-    C:\Users\Luke's Laptop\AppData\Roaming\Intel
2013-08-19 22:50:24    --------    d-----w-    C:\Program Files (x86)\Cisco
2013-08-19 22:47:01    662016    ----a-w-    C:\Windows\vsnp2uvc.exe
2013-08-19 22:47:01    375808    ----a-w-    C:\Windows\System32\vsnp2uvc.dll
2013-08-19 22:47:01    35456    ----a-w-    C:\Windows\System32\drivers\sncduvc.sys
2013-08-19 22:47:01    306176    ----a-w-    C:\Windows\SysWow64\vsnp2uvc.dll
2013-08-19 22:47:01    245760    ----a-w-    C:\Windows\SysWow64\rsnp2uvc.dll
2013-08-19 22:47:01    24576    ----a-w-    C:\Windows\snuvcdsm.exe
2013-08-19 22:47:01    242176    ----a-w-    C:\Windows\System32\csnp2uvc.dll
2013-08-19 22:47:01    240640    ----a-w-    C:\Windows\System32\rsnp2uvc.dll
2013-08-19 22:47:01    1801216    ----a-w-    C:\Windows\System32\drivers\snp2uvc.sys
2013-08-19 22:47:01    --------    d-----w-    C:\Program Files (x86)\Common Files\SNP2UVC
2013-08-19 22:46:08    --------    d-----w-    C:\Program Files (x86)\Sierra Wireless Inc
2013-08-19 22:46:06    --------    d-----w-    C:\Users\Luke's Laptop\AppData\Roaming\Sierra Wireless
2013-08-19 22:45:15    --------    d-----w-    C:\Program Files\Synaptics
2013-08-19 22:42:25    74272    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2013-08-19 22:42:25    412776    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2013-08-19 22:42:25    107552    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2013-08-19 22:41:45    --------    d-----w-    C:\Program Files\Common Files\Intel
2013-08-19 22:41:43    --------    d-----w-    C:\Program Files (x86)\Common Files\Intel
2013-08-19 22:40:42    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2013-08-19 22:38:45    --------    d-sh--w-    C:\Windows\Installer
2013-08-19 22:35:38    8192    ----a-w-    C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-08-19 22:35:34    --------    d-----w-    C:\Program Files (x86)\Common Files\postureAgent
2013-08-19 22:35:21    --------    d-----w-    C:\Intel
2013-08-19 20:54:31    --------    d-----w-    C:\Drivers
2013-08-16 17:58:26    --------    d-sh--w-    C:\Boot
2013-08-16 17:58:10    --------    d-----w-    C:\Windows\System32\OEM
2013-08-16 17:58:10    --------    d-----w-    C:\Windows\panther
2013-08-16 10:26:53    --------    d-----w-    C:\Users\Luke's Laptop\AppData\Local\ElevatedDiagnostics
2013-08-16 09:33:39    --------    d-----w-    C:\Users\Luke's Laptop\AppData\Local\Diagnostics
2013-08-16 09:30:25    --------    d-sh--w-    C:\Recovery
.
==================== Find3M  ====================
.
2013-08-20 01:05:41    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-18 20:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 20:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 23:01:09.02 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/08/2013 10:30:59
System Uptime: 20/08/2013 22:06:54 (1 hours ago)
.
Motherboard: FUJITSU |  | FJNBB0F
Processor: Intel® Pentium® CPU B950 @ 2.10GHz | Onboard | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 432.413 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 19/08/2013 21:22:12 - Scheduled Checkpoint
RP4: 19/08/2013 22:51:17 - Installed Intel® PROSet/Wireless Software for Bluetooth® Technology
RP5: 19/08/2013 23:21:40 - Restore Operation
RP6: 19/08/2013 23:39:00 - Installed Intel® PROSet/Wireless Software for Bluetooth® Technology
RP7: 19/08/2013 23:42:14 - Installed Realtek Ethernet Controller Driver
RP8: 19/08/2013 23:46:51 - Installed FJ Camera
RP9: 19/08/2013 23:50:12 - Installed Intel® PROSet/Wireless WiFi Software.
RP10: 20/08/2013 00:01:29 - Windows Update
RP11: 20/08/2013 00:19:50 - Windows Update
RP12: 20/08/2013 00:55:41 - Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
RP13: 20/08/2013 01:24:27 - Installed Microsoft Office Professional Edition 2003
RP14: 20/08/2013 01:37:49 - Windows Update
RP15: 20/08/2013 03:49:02 - All bits added
RP16: 20/08/2013 04:03:04 - After malwarebytes
RP17: 20/08/2013 04:26:42 - Installed SpyHunter
RP18: 20/08/2013 04:56:16 - Removed SpyHunter
RP19: 20/08/2013 12:27:18 - Windows Update
RP20: 20/08/2013 22:09:09 - Windows Update
.
==== Installed Programs ======================
.
FJ Camera
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Sierra Wireless QMI Driver Package
Synaptics Pointing Device Driver
.
==== Event Viewer Messages From Past Week ========
.
20/08/2013 04:11:50, Error: Service Control Manager [7030]  - The VideoAcceleratorService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
20/08/2013 03:50:02, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2834140).
20/08/2013 03:50:01, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
20/08/2013 03:47:31, Error: Service Control Manager [7023]  -
20/08/2013 03:44:35, Error: Service Control Manager [7034]  - The Sierra Wireless QDL Service service terminated unexpectedly.  It has done this 1 time(s).
20/08/2013 03:44:35, Error: Service Control Manager [7034]  - The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).
20/08/2013 03:43:49, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.
20/08/2013 03:43:49, Error: Service Control Manager [7001]  - The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
20/08/2013 03:43:49, Error: Service Control Manager [7000]  - The Intel® Management and Security Application Local Management Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
20/08/2013 03:43:41, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The process cannot access the file because it is being used by another process.
20/08/2013 03:43:40, Error: Microsoft-Windows-WMPNSS-Service [14324]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80004002'. If possible, reinstall Windows Media Player.
20/08/2013 03:43:35, Error: Service Control Manager [7023]  - The Windows Font Cache Service service terminated with the following error:  The process cannot access the file because it is being used by another process.
20/08/2013 03:43:26, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/08/2013 03:04:18, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
20/08/2013 00:51:21, Error: Service Control Manager [7031]  - The Update WK service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
19/08/2013 22:30:49, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {48DA6741-1BF0-4A44-8325-293086C79077}  and APPID  {48DA6741-1BF0-4A44-8325-293086C79077}  to the user LukesLaptop-PC\Luke's Laptop SID (S-1-5-21-494090157-479765519-193648577-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 

[gringo_pr]

Hello Rugby2003

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

[Rugby2003]

I've just had to pop out to pick up the teenagers, left the laptop running whilst gone & have lost the laptop again!.

Get start up screen, then blank screen then, blue crytical error screen.

Re-start & no operating system, just the page that asks if you want to boot from CD.

This is where it was when he first gave it me and said it didn't work.

Looks like I will have to go through the full format & re-installation again.

I'm wondering whether you know which Microsoft up-date is the problem?

[Rugby2003]

I keep re-starting.

Somethimes it is re-booting with out me turning it on, sometimes not.

This time it has said fatal system error The verification of a knowndll had failed.

[Rugby2003]

Repair won't work.

Defo looks like another format to get it all back.

Off to bed now, it can wait until tomorrow!!!

[gringo_pr]

Hello

something don't sound right - is it possible the hardrive is going bad?

the fact that it seems to make it to different stages bothers me

Gringo

[Rugby2003]

I think you maybe right.

It is now starting differently each time & getting to different stages.

Also sometimes slow for the cd drive to boot up or slow on a reaction.

 

What does bother me is this laptop is only a year & a half old. Fujitsu lifebook AH531

 

Although out of guarantee, I feel I should contact Fujitsu as this is far too short a time for it to fail.

 

Has anyone else had problems with this model as it may help my case?

 

Thanks.

[gringo_pr]

Hello

I don't know much about hardware problems as it is out of my area - but if there is anything important on the computer I would leave it alone for now and take it to a shop and see if they can take off anything you want to keep.

I may be wrong but it is better to be safe now than sorry later

Gringo

[Rugby2003]

Thanks for all your help.

 

We keep all important stuff on external hard drives, so no worries there.

 

I still think I have beef with Fujitsu on a hard drive going after a year & a half, so will mail them first.

[gringo_pr]

Hello Rugby2003

You are more than welcome

I would be interested when you do get things fixed what it did turn out to be (mainly to find out if my hunch is correct)

William

[gringo_pr]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.