Jump to content

PUPs and Windows going to bluescreen after opening F-secure


ura
 Share

Recommended Posts

Hi,

Second time I have to post here to help my girlfriend. Hopefully there wont be a third time :) She told me that she had downloaded a software when trying to convert .wmv to .mp3. Most likely there is the reason.

Anyway, I am now using her laptop and using the safe mode since normal Windows mode is super slow and I get the blue screen when I tried to run Malwarebytes, F-Secure or task manager.

Here are the logs.Thanks a lot for your help!

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27.5.2013 19:58:02
System Uptime: 31.10.2013 23:40:17 (1 hours ago)
.
Motherboard: FUJITSU |  | FJNBB24  
Processor: Intel® Core i7-3517U CPU @ 1.90GHz | CPU Socket - U3E1 | 2394/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 14,824 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1,022 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP86: 22.10.2013 16:10:30 - Windows Update
RP87: 29.10.2013 14:22:40 - Windows Update
.
==== Installed Programs ======================
.
????? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
???????? ?????????? Windows Live
?????????? Windows Live
2007 Office Systemin yhteensopivuuspaketti
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8) - Suomi
Atheros Bluetooth Suite (64)
Atheros WLAN and Bluetooth Client Installation Program
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam 5
D3DX10
DeskUpdate
DirectVobSub 2.41.7259 (5d3641a) Beta
EPSON SX235 Series Printer Uninstall
ExpressCache
F-Secure Client Security - Browsing protection
F-Secure Client Security - DeepGuard
F-Secure Client Security - Device control
F-Secure Client Security - E-Mail Scanning
F-Secure Client Security - Internet Shield
F-Secure Client Security - Web traffic scanning
F-Secure Client Security - Virus & Spy Protection
FJ Camera
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Google Toolbar for Internet Explorer
Google Update Helper
ifolor Designer
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Start Technology
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
LIFEBOOK Application Panel
Malwarebytes Anti-Malware versio 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 365 Home Premium - fi-fi
Microsoft Office Starter 2010 - suomi
Microsoft Office Word Viewer 2003
Microsoft Officen pika-asennus 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Tallenna PDF-muodossa -apuohjelma 2007 Microsoft Office -ohjelmiin
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 24.0 (x86 fi)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OpenOffice 4.0.1
Plugfree NETWORK
Power Saving Utility
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Skype™ 6.5
Spotify
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
VLC media player 2.0.8
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
 

&

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Aura at 0:03:01 on 2013-11-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1035.18.3956.3085 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: F-Secure Client Security 10.00 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 10.00 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: F-Secure Client Security 10.00 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [spotify Web Helper] "C:\Users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [spotify] "C:\Users\Aura\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [EPSON2F1349 (Epson Stylus SX235)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU "C:\Users\Aura\AppData\Local\Temp\E_S43D4.tmp" /EF "HKCU"
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [FJ Camera_Monitor] C:\Program Files (x86)\FJ Camera\monitor.exe
mRun: [indicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"
mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Aura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LHETON~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} -
TCP: NameServer = 86.50.64.3 86.50.64.35
TCP: Interfaces\{8F4172CB-8BCA-468E-B3BF-CB6BAC4CFC2D} : DHCPNameServer = 86.50.64.3 86.50.64.35
TCP: Interfaces\{8F4172CB-8BCA-468E-B3BF-CB6BAC4CFC2D}\464656436613 : DHCPNameServer = 62.241.198.246 62.241.198.245
TCP: Interfaces\{8F4172CB-8BCA-468E-B3BF-CB6BAC4CFC2D}\A554E49445F5C4943524F414 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{8F4172CB-8BCA-468E-B3BF-CB6BAC4CFC2D}\E4F4B4941402C457D69616028303031405F523236343 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{8F4172CB-8BCA-468E-B3BF-CB6BAC4CFC2D}\E4F4B4941402C457D696160283030314572716F513733303 : DHCPNameServer = 192.168.33.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [LoadFUJ02E3] "C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe"
x64-Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
x64-Run: [LoadFujitsuQuickTouch] "C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe"
x64-Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} -
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aura\AppData\Roaming\Mozilla\Firefox\Profiles\bkxtzo2d.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\drivers\excsd.sys [2013-5-28 95024]
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\System32\drivers\FBIOSDRV.sys [2011-1-13 21104]
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-7-29 56016]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-14 16152]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 30368]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2010-10-12 7296]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2013-5-27 26504]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-14 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-14 787736]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-20 251496]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
S1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\drivers\excfs.sys [2013-5-28 23344]
S1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2013-10-31 69296]
S1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2013-7-29 45480]
S1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2013-7-29 96168]
S1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2013-7-29 14504]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe [2012-2-23 106144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-3-20 225280]
S2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
S2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2013-7-29 225448]
S2 fsdevcon;F-Secure Device Control Daemon;C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe [2013-7-29 516776]
S2 FUJ02E3Service;FUJ02E3Service;C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2012-1-17 76104]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
S2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-5-27 192856]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-5-28 161560]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-31 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-31 701512]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
S2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-9-18 1907896]
S2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2011-12-22 2213376]
S2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2012-3-20 63856]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-28 363800]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-23 36000]
S3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;C:\Windows\System32\drivers\ax88772b.sys [2012-2-9 98816]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-23 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-23 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-23 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-23 550560]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2013-5-27 31216]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\Windows\Temp\F-Secure\Anti-Virus\fsblsrv.exe [2013-10-31 167936]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2013-7-29 203120]
S3 F-Secure Network Request Broker;F-Secure Network Request Broker;C:\Program Files (x86)\F-Secure\common\FNRB32.exe [2013-7-29 218280]
S3 fsni;fsni;C:\Program Files (x86)\F-Secure\NIF\bin\fsni64.sys [2013-7-29 82880]
S3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2013-7-29 60352]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-8 331264]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-31 25928]
S3 NisSrv;Microsoftin verkon tarkastus;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 SPUVCbv;SPUVCb Driver Service;C:\Windows\System32\drivers\SPUVCBv_x64.sys [2012-2-8 2613368]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-3 1255736]
S3 WSDScan;WSD Scan -tuki UMB:n välityksellä;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys [2013-7-29 41512]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys [2013-7-29 26792]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-10-31 20:59:36    965000    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85725841-1736-4B7D-B62A-4C16404B42DC}\gapaengine.dll
2013-10-31 20:59:33    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DB77B0-E718-4E1D-8601-42BE8011073E}\mpengine.dll
2013-10-31 20:56:16    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-10-31 20:56:11    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-10-31 20:10:24    --------    d-----w-    C:\Users\Aura\AppData\Roaming\Malwarebytes
2013-10-31 20:10:21    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-10-31 20:10:20    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-10-31 20:10:20    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 20:05:14    --------    d-----w-    C:\Program Files\office.tmp
2013-10-29 13:08:51    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6AAE2D22-B4C3-4EA3-A17E-5707BCE4F1F9}\offreg.dll
2013-10-29 12:22:46    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6AAE2D22-B4C3-4EA3-A17E-5707BCE4F1F9}\mpengine.dll
2013-10-27 14:36:34    --------    d-----w-    C:\Users\Aura\AppData\Local\{AFD77737-70EA-4C9B-81BB-F54E8BF52EB6}
2013-10-17 16:42:06    --------    d-----w-    C:\ProgramData\Oracle
2013-10-17 16:41:56    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-16 21:06:42    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-11 17:12:17    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2013-10-11 17:11:59    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-10-07 07:51:16    --------    d-----w-    C:\Users\Aura\AppData\Roaming\OpenOffice
2013-10-07 07:49:43    --------    d-----w-    C:\Program Files (x86)\OpenOffice 4
2013-10-07 07:11:22    --------    d-----w-    C:\Users\Aura\AppData\Local\{BA9269B4-710C-4E5E-B6E4-FFF748A45805}
2013-10-07 07:11:21    --------    d-----w-    C:\Users\Aura\AppData\Local\{2F6741ED-865C-4C09-BC6F-09D464E896E2}
.
==================== Find3M  ====================
.
2013-10-09 16:19:09    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 16:19:09    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-04 01:37:55    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 01:37:36    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 01:37:29    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 01:37:25    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 01:37:22    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 01:37:22    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 01:37:18    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
.
============= FINISH:  0:03:08,56 ===============
 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

There are two security systems running with anti-virus components F-Secure and Microsoft Security Essentials, That is not good, you must remove one asap.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

Hi,

I found only uTorrent from this laptop and I unstalled it before I posted. What do you refer to? This is my girlfriends laptop so I don't know if she has installed something illegal. uTorrent was the one I knew about and I uninstalled it before the first post. I just went to Programs -> Uninstall a progam and uninstalled it from there. Now I found some more Utorrent files and removed them too.

What comes to 2 Antivirus softwares, I tried to run Security Essentials before posting for the first time  but it didnt install succesfully. Now I am not able to uninstall it as it is not shown in Programs->Uninstall a program and when I try to run it, I get an error message. If I am not in safe mode and try to run it, I get a blue screen. Any tips how to uninstall it?

logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Aura (administrator) on AURA-PC on 01-11-2013 02:24:47
Running from C:\Users\Aura\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: 040B
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-06] (Synaptics Incorporated)
HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2012-01-17] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe [1020576 2012-02-23] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe [800416 2012-02-23] (Atheros Commnucations)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-27] (Google Inc.)
HKCU\...\Run: [spotify Web Helper] - C:\Users\Aura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-12] (Spotify Ltd)
HKCU\...\Run: [spotify] - C:\Users\Aura\AppData\Roaming\Spotify\spotify.exe [4752384 2013-10-12] (Spotify Ltd)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [EPSON2F1349 (Epson Stylus SX235)] - C:\Users\Aura\AppData\Local\Temp\E_S43D4.tmp [234 2013-09-25] ()
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [FJ Camera_Monitor] - C:\Program Files (x86)\FJ Camera\Monitor.exe [275320 2011-04-29] ()
HKLM-x32\...\Run: [indicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DeskUpdateNotifier] - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-05-17] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.)
HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\F-Secure\common\FSM32.EXE [349864 2013-02-04] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure TNB] - C:\Program Files (x86)\F-Secure\FSGUI\tnbutil.exe [1826984 2013-02-04] (F-Secure Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Aura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lähetä OneNoteen.lnk
ShortcutTarget: Lähetä OneNoteen.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsu.com/fts
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu.com/fts
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH;
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH;
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 86.50.64.3 86.50.64.35

FireFox:
========
FF ProfilePath: C:\Users\Aura\AppData\Roaming\Mozilla\Firefox\Profiles\bkxtzo2d.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bookplus-fi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-fi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-fi.xml

==================== Services (Whitelisted) =================

S2 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations)
S2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S3 F-Secure BlackLight Sensor; C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [167936 2013-10-31] (F-Secure Corporation)
S2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [225448 2013-02-04] (F-Secure Corporation)
S3 F-Secure Network Request Broker; C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE [218280 2013-02-04] (F-Secure Corporation)
S2 fsdevcon; C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe [516776 2013-02-04] (F-Secure Corporation)
S3 FSDFWD; C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe [850088 2013-02-04] (F-Secure Corporation)
S2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [188584 2013-02-04] (F-Secure Corporation)
S3 FSORSPClient; C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [60352 2013-07-29] (F-Secure Corporation)
S2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2012-01-17] (FUJITSU LIMITED)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-03-07] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
S2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED)
S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)

==================== Drivers (Whitelisted) ====================

S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [98816 2010-12-31] (ASIX Electronics Corp.)
S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S4 F-Secure Filter; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41512 2013-02-04] ()
S3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [203120 2013-10-31] (F-Secure Corporation)
S1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [69296 2013-10-31] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [26792 2013-02-04] ()
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-07-29] ()
S1 FSES; C:\Windows\System32\drivers\fses.sys [45480 2013-02-04] (F-Secure Corporation)
S1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [96168 2013-02-04] (F-Secure Corporation)
S3 fsni; C:\Program Files (x86)\F-Secure\NIF\bin\fsni64.sys [82880 2013-09-25] (F-Secure Corporation)
S1 fsvista; C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [14504 2013-02-04] ()
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-07] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2613368 2012-02-08] (Sunplus Technology)
S3 fsbl; \??\C:\Program Files (x86)\F-Secure\Anti-Virus\fsbldrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-01 02:20 - 2013-11-01 02:20 - 00029419 _____ C:\Users\Aura\Desktop\Addition.txt
2013-11-01 02:19 - 2013-11-01 02:19 - 00000000 ____D C:\FRST
2013-11-01 02:04 - 2013-11-01 02:04 - 01957098 _____ (Farbar) C:\Users\Aura\Desktop\FRST64.exe
2013-11-01 01:42 - 2013-11-01 01:42 - 00007132 _____ C:\Windows\system32\PerfStringBackup.TMP
2013-11-01 01:39 - 2013-11-01 01:39 - 00000000 ___RD C:\Users\Aura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-01 00:02 - 2013-11-01 00:03 - 00022260 _____ C:\Users\Aura\Desktop\dds.txt
2013-11-01 00:02 - 2013-11-01 00:03 - 00007532 _____ C:\Users\Aura\Desktop\attach.txt
2013-11-01 00:01 - 2013-11-01 00:01 - 00688992 ____R (Swearware) C:\Users\Aura\Desktop\dds.scr
2013-10-31 22:56 - 2013-10-31 22:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-31 22:56 - 2013-10-31 22:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-31 22:52 - 2013-11-01 01:41 - 00002052 _____ C:\Windows\epplauncher.mif
2013-10-31 22:52 - 2013-10-31 22:52 - 13835448 _____ (Microsoft Corporation) C:\Users\Aura\Downloads\mseinstall.exe
2013-10-31 22:10 - 2013-10-31 22:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Aura\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-31 22:10 - 2013-10-31 22:10 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-31 22:10 - 2013-10-31 22:10 - 00000000 ____D C:\Users\Aura\AppData\Roaming\Malwarebytes
2013-10-31 22:10 - 2013-10-31 22:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-31 22:10 - 2013-10-31 22:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 22:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-31 22:05 - 2013-10-31 22:05 - 00000000 ____D C:\Program Files\office.tmp
2013-10-31 21:41 - 2013-10-31 21:41 - 00281440 _____ C:\Windows\Minidump\103113-8845-01.dmp
2013-10-31 21:41 - 2013-10-31 21:41 - 00000000 ____D C:\Windows\Minidump
2013-10-27 16:36 - 2013-10-27 16:36 - 00000000 ____D C:\Users\Aura\AppData\Local\{AFD77737-70EA-4C9B-81BB-F54E8BF52EB6}
2013-10-27 16:35 - 2013-10-27 16:35 - 01241584 _____ (Microsoft Corporation) C:\Users\Aura\Downloads\wlsetup-web(1).exe
2013-10-27 16:33 - 2013-10-27 16:33 - 01241584 _____ (Microsoft Corporation) C:\Users\Aura\Downloads\wlsetup-web.exe
2013-10-22 18:30 - 2013-10-29 18:30 - 00000000 ____D C:\Users\Aura\AppData\Roaming\Audacity
2013-10-22 18:25 - 2013-10-22 18:27 - 22180353 _____ (Audacity Team                                               ) C:\Users\Aura\Downloads\audacity-win-2.0.5.exe
2013-10-20 18:56 - 2013-10-20 19:03 - 1131295672 _____ (Microsoft Corporation) C:\Users\Aura\Downloads\X17-75161.exe
2013-10-17 18:42 - 2013-10-17 18:42 - 00000000 ____D C:\ProgramData\Sun
2013-10-17 18:42 - 2013-10-17 18:42 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 18:42 - 2013-10-17 18:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-17 18:41 - 2013-10-17 18:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-17 18:41 - 2013-10-17 18:41 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 18:41 - 2013-10-17 18:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 18:41 - 2013-10-17 18:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 18:39 - 2013-10-17 18:39 - 00915368 _____ (Oracle Corporation) C:\Users\Aura\Downloads\jxpiinstall.exe
2013-10-13 00:27 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-13 00:27 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-13 00:27 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-13 00:27 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-13 00:27 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-13 00:27 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-13 00:27 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-13 00:27 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-13 00:27 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-13 00:27 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-13 00:27 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-13 00:27 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 19:12 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 19:12 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 19:12 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 19:12 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 19:12 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 19:12 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 19:12 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 19:12 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 19:12 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 19:12 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-11 19:12 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 19:12 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 19:12 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 19:12 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 19:12 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 19:12 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 19:12 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 19:12 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 19:12 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 19:12 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 19:12 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 19:12 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 19:12 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 19:12 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 19:12 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 19:12 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 19:12 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 19:12 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 19:12 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 19:12 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 19:11 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 19:11 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 19:11 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 19:11 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 19:11 - 2013-09-04 03:37 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-11 19:11 - 2013-09-04 03:37 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-11 19:11 - 2013-09-04 03:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-11 19:11 - 2013-09-04 03:37 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-11 19:11 - 2013-09-04 03:37 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-11 19:11 - 2013-09-04 03:37 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-11 19:11 - 2013-09-04 03:37 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 19:11 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 19:11 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 19:11 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 19:11 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 19:11 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 19:11 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 19:11 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 19:11 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 19:11 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 19:11 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 19:11 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 19:11 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 19:11 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:50 - 2013-10-09 14:50 - 16777216 _____ C:\Users\Aura\Downloads\3ade1cb7-b61e-4c73-b0a8-b0305b3f927b
2013-10-07 09:51 - 2013-10-07 09:51 - 00000000 ____D C:\Users\Aura\AppData\Roaming\OpenOffice
2013-10-07 09:50 - 2013-10-07 09:50 - 00001094 _____ C:\Users\Aura\Desktop\OpenOffice 4.0.1.lnk
2013-10-07 09:50 - 2013-10-07 09:50 - 00000000 ___SD C:\Users\Aura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2013-10-07 09:49 - 2013-10-07 09:49 - 00000000 ____D C:\Users\Aura\Downloads\OpenOffice 4.0.1 (fi) Installation Files
2013-10-07 09:49 - 2013-10-07 09:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-10-07 09:31 - 2013-10-07 09:48 - 138523539 _____ C:\Users\Aura\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_fi.exe
2013-10-07 09:11 - 2013-10-07 09:11 - 00000000 ____D C:\Users\Aura\AppData\Local\{BA9269B4-710C-4E5E-B6E4-FFF748A45805}
2013-10-07 09:11 - 2013-10-07 09:11 - 00000000 ____D C:\Users\Aura\AppData\Local\{2F6741ED-865C-4C09-BC6F-09D464E896E2}
2013-10-02 09:48 - 2013-10-02 09:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-11-01 02:20 - 2013-11-01 02:20 - 00029419 _____ C:\Users\Aura\Desktop\Addition.txt
2013-11-01 02:19 - 2013-11-01 02:19 - 00000000 ____D C:\FRST
2013-11-01 02:04 - 2013-11-01 02:04 - 01957098 _____ (Farbar) C:\Users\Aura\Desktop\FRST64.exe
2013-11-01 01:42 - 2013-11-01 01:42 - 00007132 _____ C:\Windows\system32\PerfStringBackup.TMP
2013-11-01 01:42 - 2012-01-07 06:26 - 00499744 _____ C:\Windows\system32\perfh00B.dat
2013-11-01 01:42 - 2012-01-07 06:26 - 00108146 _____ C:\Windows\system32\perfc00B.dat
2013-11-01 01:41 - 2013-10-31 22:52 - 00002052 _____ C:\Windows\epplauncher.mif
2013-11-01 01:40 - 2013-05-28 03:55 - 01180344 _____ C:\Windows\WindowsUpdate.log
2013-11-01 01:40 - 2013-05-27 19:06 - 00000000 ____D C:\Users\Aura\Documents\Youcam
2013-11-01 01:39 - 2013-11-01 01:39 - 00000000 ___RD C:\Users\Aura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-01 01:39 - 2013-08-01 18:24 - 00000000 ____D C:\Users\Aura\AppData\Roaming\Spotify
2013-11-01 01:39 - 2013-05-27 19:04 - 00003316 _____ C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2013-11-01 01:39 - 2013-05-27 18:57 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-01 01:37 - 2013-07-29 11:58 - 00000512 _____ C:\Windows\Tasks\Scheduled scanning task.job
2013-11-01 01:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-01 01:37 - 2009-07-14 06:51 - 00092382 _____ C:\Windows\setupact.log
2013-11-01 01:28 - 2013-07-29 11:58 - 00003288 _____ C:\Windows\System32\Tasks\Scheduled scanning task
2013-11-01 00:03 - 2013-11-01 00:02 - 00022260 _____ C:\Users\Aura\Desktop\dds.txt
2013-11-01 00:03 - 2013-11-01 00:02 - 00007532 _____ C:\Users\Aura\Desktop\attach.txt
2013-11-01 00:01 - 2013-11-01 00:01 - 00688992 ____R (Swearware) C:\Users\Aura\Desktop\dds.scr
2013-10-31 23:38 - 2010-11-21 05:47 - 00366590 _____ C:\Windows\PFRO.log
2013-10-31 22:59 - 2009-07-14 07:13 - 01371204 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 22:56 - 2013-10-31 22:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-31 22:56 - 2013-10-31 22:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-31 22:52 - 2013-10-31 22:52 - 13835448 _____ (Microsoft Corporation) C:\Users\Aura\Downloads\mseinstall.exe
2013-10-31 22:10 - 2013-10-31 22:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Aura\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-31 22:10 - 2013-10-31 22:10 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-31 22:10 - 2013-10-31 22:10 - 00000000 ____D C:\Users\Aura\AppData\Roaming\Malwarebytes
2013-10-31 22:10 - 2013-10-31 22:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-31 22:10 - 2013-10-31 22:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 22:05 - 2013-10-31 22:05 - 00000000 ____D C:\Program Files\office.tmp
2013-10-31 21:41 - 2013-10-31 21:41 - 00281440 _____ C:\Windows\Minidump\103113-8845-01.dmp
2013-10-31 21:41 - 2013-10-31 21:41 - 00000000 ____D C:\Windows\Minidump
2013-10-31 21:21 - 2013-08-27 18:52 - 00000000 ____D C:\Users\Aura\Desktop\juttuja
2013-10-31 21:03 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 21:03 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 20:56 - 2013-08-01 18:24 - 00000000 ____D C:\Users\Aura\AppData\Local\Spotify
2013-10-30 08:08 - 2013-06-03 00:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 08:08 - 2013-05-27 18:57 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 01:24 - 2013-06-22 18:12 - 00000000 ____D C:\Users\Aura\AppData\Roaming\vlc
2013-10-30 00:28 - 2013-06-22 18:06 - 00000000 ____D C:\Users\Aura\Tavaraa
2013-10-29 21:47 - 2013-07-11 05:18 - 00037888 _____ C:\Users\Aura\Desktop\Palleroiden budjetti.xls
2013-10-29 18:30 - 2013-10-22 18:30 - 00000000 ____D C:\Users\Aura\AppData\Roaming\Audacity
2013-10-27 16:36 - 2013-10-27 16:36 - 00000000 ____D C:\Users\Aura\AppData\Local\{AFD77737-70EA-4C9B-81BB-F54E8BF52EB6}
2013-10-27 16:36 - 2013-05-27 18:58 - 00000000 ____D C:\Users\Aura\AppData\Local\Windows Live
2013-10-27 16:35 - 2013-10-27 16:35 - 01241584 _____ (Microsoft Corporation) C:\Users\Aura\Downloads\wlsetup-web(1).exe
2013-10-27 16:33 - 2013-10-27 16:33 - 01241584 _____ (Microsoft Corporation) C:\Users\Aura\Downloads\wlsetup-web.exe
2013-10-27 15:07 - 2013-07-19 23:19 - 00000000 ____D C:\Users\Aura\AppData\Local\CrashDumps
2013-10-22 18:27 - 2013-10-22 18:25 - 22180353 _____ (Audacity Team                                               ) C:\Users\Aura\Downloads\audacity-win-2.0.5.exe
2013-10-22 15:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-20 19:03 - 2013-10-20 18:56 - 1131295672 _____ (Microsoft Corporation) C:\Users\Aura\Downloads\X17-75161.exe
2013-10-20 11:49 - 2013-09-18 20:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-18 23:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-17 21:37 - 2013-06-19 13:19 - 00000000 ____D C:\Users\Aura\Desktop\Kouluhommat
2013-10-17 18:42 - 2013-10-17 18:42 - 00000000 ____D C:\ProgramData\Sun
2013-10-17 18:42 - 2013-10-17 18:42 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 18:41 - 2013-10-17 18:42 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-17 18:41 - 2013-10-17 18:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-17 18:41 - 2013-10-17 18:41 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 18:41 - 2013-10-17 18:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 18:41 - 2013-10-17 18:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 18:39 - 2013-10-17 18:39 - 00915368 _____ (Oracle Corporation) C:\Users\Aura\Downloads\jxpiinstall.exe
2013-10-13 00:54 - 2013-06-08 08:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 00:54 - 2013-06-08 08:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-13 00:54 - 2009-07-14 06:45 - 00468936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-13 00:24 - 2012-03-20 08:48 - 01349108 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-13 00:18 - 2013-08-13 14:00 - 00000000 ____D C:\Windows\system32\MRT
2013-10-13 00:16 - 2013-06-02 23:13 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-12 11:44 - 2013-05-27 18:57 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 11:44 - 2013-05-27 18:57 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-09 18:19 - 2013-06-03 00:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 18:19 - 2013-06-03 00:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 18:19 - 2013-06-03 00:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 14:50 - 2013-10-09 14:50 - 16777216 _____ C:\Users\Aura\Downloads\3ade1cb7-b61e-4c73-b0a8-b0305b3f927b
2013-10-07 23:19 - 2013-06-11 10:16 - 00000000 ____D C:\Users\Aura\AppData\Roaming\SoftGrid Client
2013-10-07 13:18 - 2013-05-27 18:58 - 00117456 _____ C:\Users\Aura\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-07 09:51 - 2013-10-07 09:51 - 00000000 ____D C:\Users\Aura\AppData\Roaming\OpenOffice
2013-10-07 09:50 - 2013-10-07 09:50 - 00001094 _____ C:\Users\Aura\Desktop\OpenOffice 4.0.1.lnk
2013-10-07 09:50 - 2013-10-07 09:50 - 00000000 ___SD C:\Users\Aura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2013-10-07 09:49 - 2013-10-07 09:49 - 00000000 ____D C:\Users\Aura\Downloads\OpenOffice 4.0.1 (fi) Installation Files
2013-10-07 09:49 - 2013-10-07 09:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-10-07 09:48 - 2013-10-07 09:31 - 138523539 _____ C:\Users\Aura\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_fi.exe
2013-10-07 09:11 - 2013-10-07 09:11 - 00000000 ____D C:\Users\Aura\AppData\Local\{BA9269B4-710C-4E5E-B6E4-FFF748A45805}
2013-10-07 09:11 - 2013-10-07 09:11 - 00000000 ____D C:\Users\Aura\AppData\Local\{2F6741ED-865C-4C09-BC6F-09D464E896E2}
2013-10-02 22:52 - 2013-06-02 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-02 21:06 - 2013-06-02 22:19 - 00000000 ____D C:\Users\Aura\AppData\Local\Mozilla
2013-10-02 09:48 - 2013-10-02 09:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Aura\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Aura\AppData\Local\Temp\Setup.X86.fi-FI_O365HomePremRetail_981c62e4-7374-4160-b9aa-31b1858406b5_TX_DB_.exe
C:\Users\Aura\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Aura\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_8545.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-25 14:46

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Aura at 2013-11-01 02:20:21
Running from C:\Users\Aura\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: F-Secure Client Security 10.00 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: F-Secure Client Security 10.00 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: F-Secure Client Security 10.00 (Disabled) {2D7AC0A6-6241-D774-E168-461178D9686C}

==================== Installed Programs ======================

2007 Office Systemin yhteensopivuuspaketti (x32 Version: 12.0.6612.1000)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Suomi (x32 Version: 10.1.8)
Atheros Bluetooth Suite (64) (Version: 7.4.0.125)
Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 10.0)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
CyberLink YouCam 5 (x32 Version: 5.0.1521)
D3DX10 (x32 Version: 15.4.2368.0902)
DeskUpdate (x32 Version: 4.14.0122)
DirectVobSub 2.41.7259 (5d3641a) Beta (x32 Version: 2.41.7259)
EPSON SX235 Series Printer Uninstall
ExpressCache (Version: 1.0.86)
FJ Camera (x32 Version: 3.3.6.11)
F-Secure Client Security - Browsing protection (x32 Version: 2.00.349)
F-Secure Client Security - DeepGuard (x32 Version: 4.10.210)
F-Secure Client Security - Device control (x32 Version: 1.00.17478)
F-Secure Client Security - E-Mail Scanning (x32 Version: 6.00.525)
F-Secure Client Security - Internet Shield (x32 Version: 6.29)
F-Secure Client Security - Web traffic scanning (x32 Version: 3.00.339)
F-Secure Client Security - Virus & Spy Protection (x32 Version: 9.50.19031)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.002)
Fujitsu MobilityCenter Extension Utility (x32 Version: 3.01.00.002)
Fujitsu System Extension Utility (Version: 3.4.5.0)
Fujitsu System Extension Utility (x32 Version: 3.4.5.0)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
ifolor Designer (x32 Version: 3.2.8.0)
Intel® Management Engine Components (x32 Version: 8.0.3.1427)
Intel® OpenCL CPU Runtime (x32)
Intel® Processor Graphics (x32 Version: 8.15.10.2696)
Intel® Rapid Start Technology (x32 Version: 1.0.0.1022)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LIFEBOOK Application Panel (Version: 8.3.2.0)
LIFEBOOK Application Panel (x32 Version: 8.3.2.0)
Malwarebytes Anti-Malware versio 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - fi-fi (Version: 15.0.4535.1511)
Microsoft Office Starter 2010 - suomi (x32 Version: 14.0.4763.1007)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Officen pika-asennus 2010 (Version: 14.0.4763.1007)
Microsoft Officen pika-asennus 2010 (x32 Version: 14.0.4763.1007)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Tallenna PDF-muodossa -apuohjelma 2007 Microsoft Office -ohjelmiin (x32 Version: 12.0.4518.1021)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 fi) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1511)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511)
OpenOffice 4.0.1 (x32 Version: 4.01.9714)
Plugfree NETWORK (Version: 6.2.0.1)
Plugfree NETWORK (Version: 6.2.001)
Power Saving Utility (x32 Version: 32.01.10.039)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6505)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30129)
Skype™ 6.5 (x32 Version: 6.5.158)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
Synaptics Pointing Device Driver (Version: 15.3.44.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

22-10-2013 13:10:30 Windows Update
29-10-2013 12:22:40 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {34915FCD-FAFC-450F-B4B6-5BAD18F04E32} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: {353C79F2-2710-47EE-9EAC-3A04F0D6A2EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.)
Task: {35EF3362-319D-4FA6-9986-3882D3C7A000} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {4A5DDF55-3C2F-4145-BA3D-79BCD3C6A819} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-03-07] (Intel)
Task: {55CDC98B-69A1-47F8-95B5-818EBB8B2AE9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7637CEFD-0A3A-4C1F-8064-4BA61379C4EC} - System32\Tasks\Fujitsu\DeskUpdate => C:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-05-17] (Fujitsu Technology Solutions)
Task: {8BC5A12B-F548-4B61-917D-4CA55461105A} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\F-Secure\Anti-Virus\fsav.exe [2013-02-04] (F-Secure Corporation)
Task: {A42B4098-58B8-4016-9213-3A69D76482DA} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {C082F87D-D3A8-45C3-A8F4-160887E3F1F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {CD9D890E-6E39-45C3-AAAC-4041665D8A5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\F-Secure\ANTI-V~1\fsav.exe

==================== Loaded Modules (whitelisted) =============

2013-10-02 09:48 - 2013-10-02 09:48 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-09 18:19 - 2013-10-09 18:19 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2013 01:46:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 01:41:58 AM) (Source: Application Error) (User: )
Description: Viallisen sovelluksen nimi: fsdfwd.exe, versio: 6.29.134.0, aikaleima: 0x510fa1ea
Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.18247, aikaleima: 0x521eaf24
Poikkeuskoodi: 0xc0000005
Virhepoikkeama: 0x0000000000018e4b
Viallisen prosessin tunnus: 0x124c
Viallisen sovelluksen käynnistysaika: 0xfsdfwd.exe0
Viallisen sovelluksen polku: fsdfwd.exe1
Viallisen moduulin polku: fsdfwd.exe2
Raportin tunnus: fsdfwd.exe3

Error: (11/01/2013 01:41:49 AM) (Source: Microsoft Security Client Setup) (User: Aura-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (11/01/2013 01:39:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 01:37:58 AM) (Source: Application Error) (User: )
Description: Windows ei voi käyttää tiedostoa C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dll jostakin seuraavista syistä:
verkkoyhteydessä, tiedoston tallennuslevyssä tai tietokoneeseen asennetuissa
tallennusohjaimissa on ilmennyt ongelma, tai levy puuttuu.
Windows on sulkenut ohjelman F-Secure Internet Shield daemon (64 bit) tämän virheen vuoksi.

Ohjelma: F-Secure Internet Shield daemon (64 bit)
Tiedosto: C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dll

Virhearvo on nähtävissä Lisätiedot-osan luettelossa.
Käyttäjän toimi
1. Avaa tiedosto uudelleen.
Tämä tilanne saattaa olla tilapäinen ongelma, joka korjautuu itsestään, kun ohjelma suoritetaan uudelleen.
2.
Jos tiedostoa ei edelleenkään voi käyttää ja
    - se on verkossa,
järjestelmänvalvojasi tulee vahvistaa, että ongelma ei liity verkkoon ja että yhteyden muodostaminen palvelimeen onnistuu.
    - se on siirrettävässä tallennusvälineessä, esimerkiksi levykkeellä tai CD-levyllä, tarkista, että tallennusväline on asetettu tietokoneeseen oikein.
3. Tarkista ja korjaa tiedostojärjestelmä suorittamalla CHKDSK. Suorita CHKDSK napsauttamalla Käynnistä-painiketta ja valitsemalla Suorita, kirjoittamalla CMD ja valitsemalla sitten OK. Kirjoita komentokehotteeseen CHKDSK /F ja paina ENTER-näppäintä.
4. Jos ongelma ei poistu, palauta tiedosto varmuuskopiosta.
5. Tarkista, voiko saman levyn muita tiedostoja avata. Jos avaaminen ei onnistu, levy saattaa olla vioittunut. Jos kyseessä on kiintolevy, ota yhteyttä järjestelmänvalvojaan tai tietokoneen toimittajaan
lisätietojen saamiseksi.

Lisätiedot
Virhearvo: C0000185
Levyn tyyppi: 3

Error: (11/01/2013 01:37:58 AM) (Source: Application Error) (User: )
Description: Viallisen sovelluksen nimi: fsdfwd.exe, versio: 6.29.134.0, aikaleima: 0x510fa1ea
Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.18247, aikaleima: 0x521eaf24
Poikkeuskoodi: 0xc0000006
Virhepoikkeama: 0x0000000000018f56
Viallisen prosessin tunnus: 0xe08
Viallisen sovelluksen käynnistysaika: 0xfsdfwd.exe0
Viallisen sovelluksen polku: fsdfwd.exe1
Viallisen moduulin polku: fsdfwd.exe2
Raportin tunnus: fsdfwd.exe3

Error: (11/01/2013 01:35:46 AM) (Source: Microsoft Security Client Setup) (User: Aura-PC)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (11/01/2013 01:31:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 01:28:15 AM) (Source: Application Error) (User: )
Description: Windows ei voi käyttää tiedostoa C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dll jostakin seuraavista syistä:
verkkoyhteydessä, tiedoston tallennuslevyssä tai tietokoneeseen asennetuissa
tallennusohjaimissa on ilmennyt ongelma, tai levy puuttuu.
Windows on sulkenut ohjelman F-Secure Internet Shield daemon (64 bit) tämän virheen vuoksi.

Ohjelma: F-Secure Internet Shield daemon (64 bit)
Tiedosto: C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dll

Virhearvo on nähtävissä Lisätiedot-osan luettelossa.
Käyttäjän toimi
1. Avaa tiedosto uudelleen.
Tämä tilanne saattaa olla tilapäinen ongelma, joka korjautuu itsestään, kun ohjelma suoritetaan uudelleen.
2.
Jos tiedostoa ei edelleenkään voi käyttää ja
    - se on verkossa,
järjestelmänvalvojasi tulee vahvistaa, että ongelma ei liity verkkoon ja että yhteyden muodostaminen palvelimeen onnistuu.
    - se on siirrettävässä tallennusvälineessä, esimerkiksi levykkeellä tai CD-levyllä, tarkista, että tallennusväline on asetettu tietokoneeseen oikein.
3. Tarkista ja korjaa tiedostojärjestelmä suorittamalla CHKDSK. Suorita CHKDSK napsauttamalla Käynnistä-painiketta ja valitsemalla Suorita, kirjoittamalla CMD ja valitsemalla sitten OK. Kirjoita komentokehotteeseen CHKDSK /F ja paina ENTER-näppäintä.
4. Jos ongelma ei poistu, palauta tiedosto varmuuskopiosta.
5. Tarkista, voiko saman levyn muita tiedostoja avata. Jos avaaminen ei onnistu, levy saattaa olla vioittunut. Jos kyseessä on kiintolevy, ota yhteyttä järjestelmänvalvojaan tai tietokoneen toimittajaan
lisätietojen saamiseksi.

Lisätiedot
Virhearvo: C0000185
Levyn tyyppi: 3

Error: (11/01/2013 01:28:14 AM) (Source: Application Error) (User: )
Description: Viallisen sovelluksen nimi: fsdfwd.exe, versio: 6.29.134.0, aikaleima: 0x510fa1ea
Viallisen moduulin nimi: ntdll.dll, versio: 6.1.7601.18247, aikaleima: 0x521eaf24
Poikkeuskoodi: 0xc0000006
Virhepoikkeama: 0x0000000000018f56
Viallisen prosessin tunnus: 0xe04
Viallisen sovelluksen käynnistysaika: 0xfsdfwd.exe0
Viallisen sovelluksen polku: fsdfwd.exe1
Viallisen moduulin polku: fsdfwd.exe2
Raportin tunnus: fsdfwd.exe3


System errors:
=============
Error: (11/01/2013 02:19:52 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068

Error: (11/01/2013 02:19:52 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068

Error: (11/01/2013 02:19:32 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068

Error: (11/01/2013 02:19:32 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068

Error: (11/01/2013 02:19:32 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068

Error: (11/01/2013 02:19:32 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068

Error: (11/01/2013 02:18:32 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068

Error: (11/01/2013 02:18:32 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068

Error: (11/01/2013 02:18:32 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068

Error: (11/01/2013 02:18:32 AM) (Source: Service Control Manager) (User: )
Description: Palvelu Tietokoneiden selaus on riippuvainen palvelusta Palvelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/01/2013 01:46:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 01:41:58 AM) (Source: Application Error)(User: )
Description: fsdfwd.exe6.29.134.0510fa1eantdll.dll6.1.7601.18247521eaf24c00000050000000000018e4b124c01ced6923bc8921eC:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exeC:\Windows\SYSTEM32\ntdll.dll07adde78-4286-11e3-80b2-24ec99395ac6

Error: (11/01/2013 01:41:49 AM) (Source: Microsoft Security Client Setup)(User: Aura-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (11/01/2013 01:39:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 01:37:58 AM) (Source: Application Error)(User: )
Description: C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dllF-Secure Internet Shield daemon (64 bit)C00001853

Error: (11/01/2013 01:37:58 AM) (Source: Application Error)(User: )
Description: fsdfwd.exe6.29.134.0510fa1eantdll.dll6.1.7601.18247521eaf24c00000060000000000018f56e0801ced6922927a460C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exeC:\Windows\SYSTEM32\ntdll.dll787b2c82-4285-11e3-80b2-24ec99395ac6

Error: (11/01/2013 01:35:46 AM) (Source: Microsoft Security Client Setup)(User: Aura-PC)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (11/01/2013 01:31:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2013 01:28:15 AM) (Source: Application Error)(User: )
Description: C:\Program Files (x86)\F-Secure\Scanner-Interface\fsgkiapi_x64.dllF-Secure Internet Shield daemon (64 bit)C00001853

Error: (11/01/2013 01:28:14 AM) (Source: Application Error)(User: )
Description: fsdfwd.exe6.29.134.0510fa1eantdll.dll6.1.7601.18247521eaf24c00000060000000000018f56e0401ced690d70c38dcC:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exeC:\Windows\SYSTEM32\ntdll.dll1cf1b006-4284-11e3-afb4-24ec99395ac6


CodeIntegrity Errors:
===================================
  Date: 2013-11-01 01:37:31.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-01 01:28:04.368
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-31 23:05:02.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-31 22:54:36.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-31 22:06:00.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-31 21:49:15.700
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-31 21:42:04.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-31 21:38:16.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-31 21:30:09.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-31 21:23:27.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3956.1 MB
Available physical RAM: 3136.18 MB
Total Pagefile: 7910.38 MB
Available Pagefile: 7154.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100 GB) (Free:14.72 GB) NTFS
Drive d: (Data) (Fixed) (Total:2.23 GB) (Free:1.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 82186852)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=117 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 30 GB) (Disk ID: 984CEDD0)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
Partition 2: (Not Active) - (Size=22 GB) - (Type=73)

==================== End Of Log ============================

Link to post
Share on other sites

Removal tool for Microsoft Security Essentials is here: http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 

 

  •  

         

  • Internet access

     

         

  • Windows Update

     

         

  • Windows Firewall

     

     

 

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

I couldnt remove security essentials in safe mode so I tried in normal mode. I think I managed but after doing the removal I got a blue screen so I am not sure if it is removed or not.

Also I was running the other things you requested in safe mode.
 

Logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Aura at 2013-11-01 18:55:49 Run:1
Running from C:\Users\Aura\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
Start
C:\Users\Aura\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Aura\AppData\Local\Temp\Setup.X86.fi-FI_O365HomePremRetail_981c62e4-7374-4160-b9aa-31b1858406b5_TX_DB_.exe
C:\Users\Aura\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Aura\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_8545.exe
End



*****************

C:\Users\Aura\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\Aura\AppData\Local\Temp\Setup.X86.fi-FI_O365HomePremRetail_981c62e4-7374-4160-b9aa-31b1858406b5_TX_DB_.exe => Moved successfully.
C:\Users\Aura\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.
C:\Users\Aura\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_8545.exe => Moved successfully.

==== End of Fixlog ====

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4148269056, free: 3299512320

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4148269056, free: 3320721408

Downloaded database version: v2013.11.01.04
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     11/01/2013 19:01:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\Drivers\FBIOSDRV.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\Drivers\fsbts.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\iusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\FUJ02B1.sys
\SystemRoot\system32\drivers\FUJ02E3.sys
\SystemRoot\system32\DRIVERS\irstrtdv.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\iusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006109060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004f13050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006108060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8004f0f050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006108060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005ffd8d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006108060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004f0e950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004f0f050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 82186852

Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 4194304
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 4198400  Numsec = 245868544

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006109060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80061089a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006109060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004f10e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004f13050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 984CEDD0

Partition information:

    Partition 0 type is Other (0x84)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 16777216

    Partition 1 type is Other (0x73)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16779264  Numsec = 45750272

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 32017047552 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.01.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16721
Aura :: AURA-PC [administrator]

1.11.2013 19:01:23
mbar-log-2013-11-01 (19-01-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 221697
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

I wasnt able to run windows update in the safe mode but maybe it is not possible in the safe mode? I will try now to go to normal mode and see if I can run it.

Link to post
Share on other sites

I tried to run Windows Update in normal mode. Seems that everything is super laggy in normal mode. Cursor jams for a while and nothing works, then after couple secs, it works again and then jams again. Windows was able to download the updates but in some part of the install I got the blue screen.

When I go to the normal mode, Windows informs me quite soon that F-Secure Internet Daemon has stopped working.

I will now try to run the removal tool for MS Security Essentials again to make sure it is removed. I will have to do this in normal mode so hopefully I manage to do it.

Link to post
Share on other sites

I will now try to run the removal tool for MS Security Essentials again to make sure it is removed. I will have to do this in normal mode so hopefully I manage to do it.

Didnt work. Whole laptop jammed. Seems there isnt pretty much anything I can do in normal mode.

Link to post
Share on other sites

When you have unseen problems that are not related to Malware often it can be a software issue. When running in a clean boot state all none Microsoft services are on hold, not running.

 

If your system responds well in that state it is a matter of finding the service that caused the  problem, do you understand that reasoning? If so go back to the clean boot instructions and follow them,

 

If the clean boot fixes the issue do the following:

 

Repeat as you did to set a Clean boot, ensure all MS services are hidden, enable half of the non MS services then re-boot. If the issue does not return do exactly the same again, this time only enable the bottom half of non MS services.

If the issue returns we know the issue is in the bottom half, so you now repeat again but only enable half of the bottom half. Keep doing that until you isolate the rogue service.

 

Do you understand what is needed,

 

Kevin...

Link to post
Share on other sites

In normal boot everything seems to work fine but F-Secure still doesnt open. It is a legit version for sure.

I also run windows update again and all of the updates were installed except one, I got error message 80246002 but Windows said the update will be installed when I reboot so I rebooted. Now I opened Windows Update again and there is still one important update not installed (the same there was be268fore the reboot): KB2687456: Service Pack 2 - Microsoft PoerPoint Viewer. I clicked again to install it and now it started to download it so maybe it had to install the other updates first... After that it installed the update succesfully.

Anyway, now when I open msconfig this happens: On the General tab -> Selective startup option, I clicked  Load startup items check box and rebooted. Still works fine but fsecure doesnt load no matter what I try. Then I open msconfig again and go to Services. When I uncheck Hide all Microsoft services nothing is left. When I did the clean boot for the first time there was kind of a lot of non-Microsoft services.

When I browse the names of the services, it all seems good. Everything is from Microsoft Corporation. Still, there aren't any other services. Any idea what that is about?

Should I try to uninstall F-Secure and re-install it?

PS. The problems started before I installed Microsoft Security Essentials as I installed it when nothing else was working and I tried if I could scan viruses with it.

 

Link to post
Share on other sites

Ohh and Microsoft complains that I dont have any anti-virus running and it shows that F-Secure Client Security & Microsoft Security Essentials are both installed. I have run the fixit you gave me for 2 times so it should be unistalled for sure. I did a search with words security essentials and only found the shortcut. When I click the shortcut, I get the following error:

Microsoft Client Security
An error has occurred in the program during initialization. If this problem continues, please contact your system administrator.

Error code: 0x80070002

Link to post
Share on other sites

To return your computer to a Normal startup mode when complete, follow these steps:

 

  • Open msconfig...
  • On the General tab, click Normal Startup - load all device drivers and services, and then click OK.
  • When you are prompted, click Restart.

 

As you`ve uninstalled MSE just delete the short cut, is no use....

 

Regarding F-Secure, i`d recommend that you uninstall and reinstall, see if that helps..

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Kevin..

Link to post
Share on other sites

For some reason there is still a folder C:\Program Files\Microsoft Security Client full of stuff. I run the removal tool again but the folder is full of files. I found the folder when I was looking where the shortcut was which I found with search feature. Should I just delete the whole folder and hope for the best?

About this: "

To return your computer to a Normal startup mode when complete, follow these steps:

 

  •  
  • Open msconfig...
  • On the General tab, click Normal Startup - load all device drivers and services, and then click OK.
  • When you are prompted, click Restart."
     

I did like that before me previous post. I did it again but still I have this problem: "I open msconfig again and go to Services. When I uncheck Hide all Microsoft services nothing is left. When I did the clean boot for the first time there was kind of a lot of non-Microsoft services."

I will uninstall F-Secure now but wait for your response before re-installing it.

Log after uninstalling F-secure (I didnt re-boot after uninstall as Windows didnt ask to do that):

Farbar Service Scanner Version: 24-10-2013
Ran by Aura (administrator) on 02-11-2013 at 21:18:33
Running from "C:\Users\Aura\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-11 19:11] - [2013-09-14 03:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-11 19:11] - [2013-09-08 04:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Link to post
Share on other sites

Can you reinstall F-Secure, reboot then run the following:

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

Link to post
Share on other sites

I did the scan and nothing was found. I will copy-paste this part of the F-secure scan raport if you need it:

Files not scanned

    Cannot open file (click here for more info) CPAGEFILE.SYS
    Cannot open file (click here for more info) CHIBERFIL.SYS
    Cannot open file (click here for more info) CWINDOWSSERVICEPROFILESLOCALSERVICEAPPDATAROAMINGPEERNETWORKING(*some codes[numbers and letters], deleted them if they happen to be important*)HOMEGROUPCLASSIFIER(*some codes [numbers and letters], deleted them if they happen to be important*)GROUPINGDB.MDB

The logs you asked:
 

OTL Extras logfile created on: 3.11.2013 1:47:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aura\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
 
3,86 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 54,80% Memory free
7,72 Gb Paging File | 5,91 Gb Available in Paging File | 76,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 11,87 Gb Free Space | 11,87% Space Free | Partition Type: NTFS
Drive D: | 2,23 Gb Total Space | 1,02 Gb Free Space | 45,82% Space Free | Partition Type: NTFS
 
Computer Name: AURA-PC | User Name: Aura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3885904128-3305184429-1650825724-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{DBAD9C83-C409-43FC-8BC5-84F7E19ECD80}C:\users\aura\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\aura\appdata\roaming\spotify\spotify.exe |
"UDP Query User{36D67776-F2E9-46D4-89B4-A0E4D5D861C0}C:\users\aura\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\aura\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LIFEBOOK Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-040B-1000-0000000FF1CE}" = Microsoft Officen pika-asennus 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E1C056BE-ACC9-4FCF-B37D-55A46648B369}" = Plugfree NETWORK
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"O365HomePremRetail - fi-fi" = Microsoft Office 365 Home Premium - fi-fi
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN and Bluetooth Client Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-040B-0000-0000000FF1CE}" = 2007 Office Systemin yhteensopivuuspaketti
"{90120000-00B0-040B-0000-0000000FF1CE}" = Microsoft Tallenna PDF-muodossa -apuohjelma 2007 Microsoft Office -ohjelmiin
"{90140011-0066-040B-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - suomi
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-040B-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9085040B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-040B-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{955C3F64-C693-41E6-B9D5-A505A5C41B52}" = OpenOffice 4.0.1
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1035-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Suomi
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DeskUpdate_is1" = DeskUpdate
"F-Secure Anti-Virus" = F-Secure Client Security - Virus & Spy Protection
"F-Secure Browsing Protection" = F-Secure Client Security - Browsing protection
"F-Secure Device Control" = F-Secure Client Security - Device control
"F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail Scanning
"F-Secure HIPS" = F-Secure Client Security - DeepGuard
"F-Secure Internet Shield" = F-Secure Client Security - Internet Shield
"F-Secure Protocol Scanner" = F-Secure Client Security - Web traffic scanning
"ifolor-Designer" = ifolor Designer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LIFEBOOK Application Panel
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versio 1.75.0.1300
"Mozilla Firefox 24.0 (x86 fi)" = Mozilla Firefox 24.0 (x86 fi)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Officen pika-asennus 2010
"Sunplus SPUVCb" = FJ Camera
"WinLiveSuite" = Windows Live Essentials
"VLC media player" = VLC media player 2.0.8
"vsfilter_is1" = DirectVobSub 2.41.7259 (5d3641a) Beta
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3885904128-3305184429-1650825724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1.11.2013 15:03:41 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 1.11.2013 15:10:20 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 1.11.2013 15:59:51 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2.11.2013 13:33:05 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2.11.2013 13:35:45 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2.11.2013 13:38:23 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2.11.2013 13:49:28 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2.11.2013 15:06:49 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2.11.2013 19:19:33 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2.11.2013 19:41:44 | Computer Name = Aura-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 31.10.2013 19:42:41 | Computer Name = Aura-PC | Source = iaStor | ID = 262153
Description = Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa.
 
Error - 31.10.2013 19:42:42 | Computer Name = Aura-PC | Source = iaStor | ID = 262153
Description = Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa.
 
Error - 31.10.2013 19:42:43 | Computer Name = Aura-PC | Source = iaStor | ID = 262153
Description = Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa.
 
Error - 31.10.2013 19:42:44 | Computer Name = Aura-PC | Source = iaStor | ID = 262153
Description = Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa.
 
Error - 31.10.2013 19:42:45 | Computer Name = Aura-PC | Source = iaStor | ID = 262153
Description = Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa.
 
Error - 31.10.2013 19:42:50 | Computer Name = Aura-PC | Source = iaStor | ID = 262153
Description = Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa.
 
Error - 31.10.2013 19:42:51 | Computer Name = Aura-PC | Source = iaStor | ID = 262153
Description = Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa.
 
Error - 31.10.2013 19:42:52 | Computer Name = Aura-PC | Source = iaStor | ID = 262153
Description = Laite \Device\Ide\iaStor0 ei vastannut aikakatkaisuajan kuluessa.
 
Error - 31.10.2013 19:44:37 | Computer Name = Aura-PC | Source = EventLog | ID = 6008
Description = Edellinen järjestelmän sammutus (1:42:18, ?1.?11.?2013) oli odottamaton.
 
Error - 31.10.2013 19:44:37 | Computer Name = Aura-PC | Source = Service Control Manager | ID = 7023
Description = Palvelu Microsoft Antimalware Service lopetettiin virheen takia. Virhe:
   %%-2147024894
 
 
< End of report >
 

Link to post
Share on other sites

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

 


  •  

     


  • Re-open otlDesktopIcon.png to run it. (Vista and Win 7 users accept UAC alert)

     

     


  • Click on the btnCleanUp.png button.

     

     


  • Click Yes to begin the cleanup process and remove tools, including this application

     

     


  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

     

     



 

 

Any tools/logs left on the desktop or downloads folders can be deleted

 

Next,

 

Download and install CCleaner from here:

 

] Ensure to select Slim version. (No Toolbar)

 

 Then select the items you wish to clean up.

 

In the Windows Tab:

 

 


 

 

 

In the Applications Tab

 


 

 

4. Click the "Run Cleaner" button.

5. A pop up box will appear advising this process will permanently delete files from your system.

6. Click "OK" and it will scan and clean your system.

7. Click "exit" when done.

 

CCleaner is an excellent Utility and well worth keeping, bottom left hand corner of main interface is link "Online Help" use that link to get the full instructions for this very handy application.

 

Next,

 

Re-open CCleaner > select > tools > start up, The start up entry list will populate, look to the bottom right hand corner, Select "save to text file" button. Copy paste that file to next reply. Also let me know if there are any remaining issues/concerns..

 

Kevin

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.