Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Member
    Join Date
    May 2015
    Posts
    7
    Points
    0

    Default problem with Content.IE5 file

    Hello, first of all, excuse my bad english, but i try.
    JRT has eliminated many times these:Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 7 Ultimate x86
    Ran by x (Administrator) on ti 19.01.2016 at 9:58:01,52
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    File System: 2
    Successfully deleted: C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJX2BFFR (Folder)
    Successfully deleted: C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XW0BKDQW (Folder)
    Registry: 0
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ti 19.01.2016 at 10:00:07,28
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    but they always reappear. Maybe you can help me, thank you?
    Here is the logs:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/18/2016 at 09:53 AM

    Application Version : 6.0.1210
    Database Version : 12338

    Scan type : Complete Scan
    Total Scan Time : 00:16:42

    Operating System Information
    Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 581
    Memory threats detected : 0
    Registry items scanned : 31773
    Registry threats detected : 0
    File items scanned : 15485
    File threats detected : 0

    ============
    End of Log
    ============

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Tarkistuksen päivämäärä: 19.1.2016
    Tarkistuksen kellonaika: 10:14
    Lokitiedosto:
    Järjestelmänvalvoja: Kyllä

    Versio: 2.2.0.1024
    Haittaohjelmien tietokanta: v2016.01.19.02
    Rootkittien tietokanta: v2016.01.09.01
    Lisenssi: Ilmainen
    Haittaohjelmasuoja: Pois käytöstä
    Haitallisten verkkosivujen esto: Pois käytöstä
    Itsepuolustus: Pois käytöstä

    Käyttöjärjestelmä: Windows 7 Service Pack 1
    Prosessori: x86
    Tiedostojärjestelmä: NTFS
    Käyttäjä: x

    Tarkistuksen tyyppi: Kattava tarkistus
    Tulos: Valmis
    Kohteita tarkistettu: 295410
    Aikaa kulunut: 11 minuutti(a), 57 sekuntti(a)

    Muisti: Käytössä
    Käynnistys: Käytössä
    Tiedostojärjestelmä: Käytössä
    Pakkaukset: Käytössä
    Rootkitit: Käytössä
    Heuristiikka: Käytössä
    Mahdollisesti haitalliset ohjelmat: Käytössä
    Mahdollisesti haitalliset muutokset: Käytössä

    Prosessit: 0
    (Haitallisia kohteita ei löydetty)

    Moduulit: 0
    (Haitallisia kohteita ei löydetty)

    Rekisteriavain: 0
    (Haitallisia kohteita ei löydetty)

    Rekisteriarvot: 0
    (Haitallisia kohteita ei löydetty)

    Reksiteritiedot: 0
    (Haitallisia kohteita ei löydetty)

    Kansiot: 0
    (Haitallisia kohteita ei löydetty)

    Tiedostot: 0
    (Haitallisia kohteita ei löydetty)

    Fyysiset sektorit: 0
    (Haitallisia kohteita ei löydetty)

    (end)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:12:33, on 19.1.2016
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18124)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\trendmicro\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\UtcResources.dll,-3001 (DiagTrack) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
    O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Google Päivitä-palvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Päivitä-palvelu (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
    O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
    O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
    O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

    --
    End of file - 20265 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi! My name is zep516 and Welcome to Help2Go!
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #3
    Member
    Join Date
    May 2015
    Posts
    7
    Points
    0

    Default

    Hello zep516!
    Avast prevented the download from bleepingcomputer, so i downloaded it from techspot. But when i try to run it, avast told, there is "win32 evo gen" and stop it.

    O.K. it succeeded in Safe Mode, here is the logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-11-2015
    Ran by x (administrator) on X-PC (20-01-2016 13:05:18)
    Running from C:\Users\x\Desktop
    Loaded Profiles: x (Available Profiles: x)
    Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: suomi (Suomi)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Safe Mode (minimal)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-08] (AVAST Software)
    HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1505144 2009-11-11] (Microsoft Corporation)
    HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\MountPoints2: {3edd47d2-46cb-11e4-9953-002215d1dd84} - E:\AutoRun.exe
    HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\MountPoints2: {8f149d84-4659-11e4-b34d-002215d1dd84} - E:\AutoRun.exe
    HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\MountPoints2: {af464eec-4eab-11e4-ac1e-002215d1dd84} - E:\application\Setup.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-03] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-08] (AVAST Software)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{76D60322-D022-4218-9F52-0D0F4A2C3636}: [DhcpNameServer] 192.168.1.1 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.fi/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-13] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\03wqsq52.default
    FF DefaultSearchEngine: Wikipedia (fi)
    FF SelectedSearchEngine: Wikipedia (fi)
    FF Homepage: www.google.com/firefox
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
    FF Extension: NoScript - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\03wqsq52.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-30]
    FF Extension: Malware Search - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\03wqsq52.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2015-12-29]
    FF Extension: WOT - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\03wqsq52.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-29]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-08]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-08]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:fifficial
    CHR StartupUrls: Default -> "hxxp://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:fifficial"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\x\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
    CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll => No File
    CHR Profile: C:\Users\x\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google-presentaatiot) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
    CHR Extension: (Google-dokumentit) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-19]
    CHR Extension: (YouTube) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Adblock Plus) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]
    CHR Extension: (Google-haku) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google-taulukot) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
    CHR Extension: (Google Docsin offline-tila) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
    CHR Extension: (Chrome Web Storen maksut) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
    CHR Extension: (ScriptSafe) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-01-17]
    CHR Extension: (Gmail) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-13]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-08] (AVAST Software)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
    S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-12-08] (AVAST Software)
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-12-19] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-12-08] (AVAST Software)
    S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-12-08] (AVAST Software)
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-12-08] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436360 2015-12-19] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117712 2015-12-08] (AVAST Software)
    S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2014-07-06] (The OpenVPN Project)
    S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-12-08] (AVAST Software)
    S3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [179200 2012-01-10] (Dexetek )
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-20 13:05 - 2016-01-20 13:05 - 00014664 _____ C:\Users\x\Desktop\FRST.txt
    2016-01-20 12:57 - 2016-01-20 12:57 - 01378816 _____ (Farbar) C:\Users\x\Desktop\FRST.exe
    2016-01-20 09:25 - 2016-01-20 09:25 - 01600184 _____ (Malwarebytes) C:\Users\x\Desktop\JRT.exe
    2016-01-20 09:01 - 2016-01-20 13:05 - 00000000 ____D C:\FRST
    2016-01-20 08:58 - 2016-01-20 08:58 - 00000047 _____ C:\Users\x\Desktop\lataus ei onnistunut.txt
    2016-01-19 19:20 - 2016-01-19 19:20 - 00000412 _____ C:\Users\x\Desktop\esetloki.txt
    2016-01-19 16:15 - 2016-01-19 16:15 - 00000000 ____D C:\Program Files\ESET
    2016-01-19 16:14 - 2016-01-19 16:14 - 00000798 _____ C:\Windows\PFRO.log
    2016-01-19 15:37 - 2016-01-19 15:38 - 02870984 _____ (ESET) C:\Users\x\Desktop\esetsmartinstaller_enu.exe
    2016-01-19 09:56 - 2016-01-19 09:56 - 01505280 _____ C:\Users\x\Downloads\7B18.tmp
    2016-01-18 12:27 - 2016-01-18 12:32 - 00000000 ____D C:\Users\x\AppData\Local\Dropbox
    2016-01-18 12:27 - 2016-01-18 12:27 - 00000000 ____D C:\ProgramData\Dropbox
    2016-01-18 09:35 - 2016-01-18 09:35 - 00000000 ____D C:\Users\x\AppData\Roaming\SUPERAntiSpyware.com
    2016-01-18 09:34 - 2016-01-18 09:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-01-18 09:34 - 2016-01-18 09:34 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2016-01-18 09:34 - 2016-01-18 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2016-01-18 08:38 - 2016-01-20 12:41 - 00000728 _____ C:\Windows\setupact.log
    2016-01-18 08:38 - 2016-01-18 08:38 - 00000000 _____ C:\Windows\setuperr.log
    2016-01-17 15:36 - 2016-01-20 09:27 - 00001040 _____ C:\Users\x\Desktop\JRT.txt
    2016-01-17 12:31 - 2016-01-17 12:32 - 93054816 _____ (Kaspersky Lab ZAO) C:\Users\x\Desktop\KVRT.exe
    2016-01-14 11:47 - 2016-01-14 11:47 - 00000000 ____D C:\Users\x\AppData\Roaming\Novicorp
    2016-01-14 11:47 - 2016-01-14 11:47 - 00000000 ____D C:\Users\x\AppData\Local\Novicorp
    2016-01-14 11:47 - 2016-01-14 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novicorp WinToFlash Lite
    2016-01-14 11:47 - 2016-01-14 11:47 - 00000000 ____D C:\Program Files\Novicorp WinToFlash
    2016-01-14 10:31 - 2016-01-14 10:32 - 00000000 ____D C:\Users\x\AppData\Local\Apps\Windows 7 USB DVD Download Tool
    2016-01-14 10:31 - 2016-01-14 10:31 - 00000000 ____D C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
    2016-01-13 08:37 - 2015-10-09 01:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2016-01-13 08:37 - 2015-10-09 01:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2016-01-13 08:37 - 2015-10-09 01:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2016-01-13 08:37 - 2015-10-09 01:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2016-01-13 08:37 - 2015-10-08 21:13 - 00419928 _____ C:\Windows\system32\locale.nls
    2016-01-13 08:37 - 2015-09-18 19:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-01-13 08:37 - 2015-09-18 19:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-01-13 08:37 - 2015-09-18 19:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-01-13 08:37 - 2015-09-18 19:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-01-13 08:37 - 2015-09-18 19:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-01-13 08:37 - 2015-09-18 19:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-01-13 08:37 - 2015-09-18 19:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-01-11 10:51 - 2016-01-11 14:28 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
    2016-01-03 16:46 - 2016-01-03 16:46 - 00005766 _____ C:\Users\x\Downloads\Eset-export.txt
    2016-01-03 16:45 - 2016-01-03 16:45 - 00017209 _____ C:\Users\x\Downloads\AdwCleaner[C1].txt
    2016-01-03 16:45 - 2016-01-03 16:45 - 00004707 _____ C:\Users\x\Downloads\JRT (2).txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-20 13:01 - 2015-11-02 08:46 - 01982445 _____ C:\Windows\WindowsUpdate.log
    2016-01-20 12:50 - 2009-07-14 06:34 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-01-20 12:50 - 2009-07-14 06:34 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-01-20 12:46 - 2014-05-11 11:29 - 01355114 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-01-20 12:42 - 2014-12-15 17:01 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-20 12:42 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-01-20 12:41 - 2014-05-15 16:26 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-20 08:39 - 2015-10-20 08:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-01-20 08:39 - 2014-12-15 17:01 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-19 11:10 - 2014-05-16 15:13 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-01-19 09:57 - 2014-05-20 11:10 - 00000000 ____D C:\AdwCleaner
    2016-01-19 09:52 - 2015-12-19 08:41 - 00041094 __RSH C:\ProgramData\ntuser.pol
    2016-01-18 12:28 - 2014-06-23 16:36 - 00000000 ____D C:\Users\x\AppData\Roaming\Dropbox
    2016-01-18 12:27 - 2014-05-14 10:23 - 00000000 ____D C:\Windows\pss
    2016-01-18 12:26 - 2014-05-16 11:28 - 00000000 ____D C:\Users\x\AppData\Roaming\Spotify
    2016-01-18 12:26 - 2014-05-16 11:28 - 00000000 ____D C:\Users\x\AppData\Local\Spotify
    2016-01-18 12:25 - 2014-06-23 16:43 - 00000000 ___RD C:\Users\x\Dropbox
    2016-01-18 09:05 - 2015-05-16 07:10 - 00000000 ____D C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2016-01-17 12:14 - 2014-05-15 12:01 - 00000000 ____D C:\Users\x\AppData\Roaming\vlc
    2016-01-17 09:57 - 2014-05-12 11:23 - 00000000 ____D C:\ProgramData\TEMP
    2016-01-16 08:33 - 2015-11-11 08:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-01-14 08:28 - 2009-07-14 06:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-01-13 14:11 - 2009-07-14 06:33 - 03773776 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-01-13 10:49 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
    2016-01-13 08:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
    2016-01-13 08:38 - 2015-04-16 11:37 - 00000000 ____D C:\Windows\system32\appraiser
    2016-01-13 08:38 - 2014-05-17 08:35 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-01-11 14:28 - 2014-06-12 08:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-01-06 15:30 - 2014-05-12 16:23 - 00000000 ____D C:\Users\x\Documents\Oma teksti
    2016-01-02 09:39 - 2014-05-14 11:19 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-01-02 09:39 - 2014-05-14 11:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-12-26 09:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\SchCache
    2015-12-22 09:21 - 2014-05-11 11:24 - 00000000 ____D C:\Users\x

    ==================== Files in the root of some directories =======

    2015-05-27 14:34 - 2015-05-27 14:34 - 0000132 _____ () C:\Users\x\AppData\Roaming\Adobe BMP Format CS5 Prefs
    2015-04-25 09:24 - 2015-04-25 09:24 - 0087608 _____ () C:\Users\x\AppData\Roaming\inst.exe
    2015-04-25 09:24 - 2015-04-25 09:24 - 0007887 _____ () C:\Users\x\AppData\Roaming\pcouffin.cat
    2015-04-25 09:24 - 2015-04-25 09:24 - 0001144 _____ () C:\Users\x\AppData\Roaming\pcouffin.inf
    2015-04-25 09:25 - 2015-04-25 09:25 - 0000034 _____ () C:\Users\x\AppData\Roaming\pcouffin.log
    2015-04-25 09:24 - 2015-04-25 09:24 - 0047360 _____ (VSO Software) C:\Users\x\AppData\Roaming\pcouffin.sys
    2015-04-25 09:25 - 2015-05-21 07:38 - 0001059 _____ () C:\Users\x\AppData\Roaming\vso_ts_preview.xml
    2015-02-26 08:30 - 2015-02-26 08:30 - 0000017 _____ () C:\Users\x\AppData\Local\resmon.resmoncfg
    2014-05-13 16:45 - 2014-05-13 16:45 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some files in TEMP:
    ====================
    C:\Users\x\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaur86f.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-19 14:57

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-11-2015
    Ran by x (2016-01-20 13:05:51)
    Running from C:\Users\x\Desktop
    Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-05-11 09:24:50)
    Boot Mode: Safe Mode (minimal)
    ==========================================================


    ==================== Accounts: =============================

    Järjestelmänvalvoja (S-1-5-21-2108276197-3227350303-2984276041-500 - Administrator - Disabled)
    Vieras (S-1-5-21-2108276197-3227350303-2984276041-501 - Limited - Disabled)
    x (S-1-5-21-2108276197-3227350303-2984276041-1000 - Administrator - Enabled) => C:\Users\x

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
    Adobe Acrobat Reader DC - Suomi (HKLM\...\{AC76BA86-7AD7-1035-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
    Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Flash Player 20 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
    Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
    CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)
    Cobian Backup 10 (HKLM\...\CobBackup10) (Version: - )
    Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
    ConvertXtoDVD 4.2.0.0 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.2.0.0 - )
    CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3815b - CyberLink Corp.)
    Dropbox (HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
    Easy CD-DA Extractor 16 (HKLM\...\Easy CD-DA Extractor 16) (Version: 16.0.8 - Poikosoft)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
    EZ CD Audio Converter Free (32-bit) (HKLM\...\EZ CD Audio Converter Free (32-bit)) (Version: 1.6.1 - Poikosoft)
    FlickFetch versio 2.6.9.0 (HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\{E71BF983-5AF5-419C-8ACA-21D133567457}_is1) (Version: 2.6.9.0 - )
    FormatFactory 3.5.1.0 (HKLM\...\FormatFactory) (Version: 3.5.1.0 - Format Factory)
    Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
    Guitar Pro 5.2 (HKLM\...\Guitar Pro 5_is1) (Version: - Arobas Music)
    HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    HP Photosmart 5520 series -laitteen perusohjelmisto (HKLM\...\{BF919D53-E722-4124-8E2A-72FCDFF64534}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 5520 series -laitteen tuotekehitystutkimus (HKLM\...\{DFB1AEFB-255B-44E8-8790-0C50E64EC14A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    Malwarebytes Anti-Malware versio 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (suomi) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliType Pro 7.1 (HKLM\...\{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}) (Version: 7.10.344.0 - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
    Microsoft Office Language Pack 2010 - Finnish/suomi (HKLM\...\Office14.OMUI.fi-fi) (Version: 14.0.4763.1007 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{9085040B-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 43.0.3 (x86 fi) (HKLM\...\Mozilla Firefox 43.0.3 (x86 fi)) (Version: 43.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.3.5835 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - )
    Novicorp WinToFlash Lite versio 1.4.0000 (HKLM\...\{A1A1FF24-34C6-4B77-BDB7-A689979F018C}_is1) (Version: 1.4.0000 - Novicorp)
    NVIDIA 3D Vision -ohjain 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
    NVIDIA 3D Vision -ohjain 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
    NVIDIA Grafiikkaohjain 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
    NVIDIA PhysX-järjestelmäohjelmisto 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    OLYMPUS CAMEDIA Master 4.2 (HKLM\...\{30BB4D60-81DB-11D5-BB77-00400536ABAC}) (Version: - )
    PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickTime (HKLM\...\QuickTime) (Version: - )
    Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
    RT 7 Lite (32-Bit) (HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\RT 7 Lite x86) (Version: 2.6.0 - Rockers Team)
    RT 7 Lite x86 (Version: 2.6.0 - Rockers Team) Hidden
    Spotify (HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
    SpywareBlaster 5.4 (HKLM\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
    UltraISO 8.0 Premium Edition (HKLM\...\UltraISO_is1) (Version: - )
    Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
    Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
    Windowsin ohjainpaketti - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    vLite (HKLM\...\vLite_is1) (Version: 1.1.6 - Dino Nuhagic (nuhi))

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    14-01-2016 10:31:30 Installed Windows 7 USB/DVD Download Tool
    16-01-2016 09:51:16 JRT Pre-Junkware Removal
    17-01-2016 12:27:47 JRT Pre-Junkware Removal
    17-01-2016 15:34:36 JRT Pre-Junkware Removal
    18-01-2016 11:14:01 JRT Pre-Junkware Removal
    19-01-2016 09:58:04 JRT Pre-Junkware Removal
    20-01-2016 09:25:46 JRT Pre-Junkware Removal

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:04 - 2014-05-18 11:03 - 00002041 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0BC57CC1-3854-4136-B220-ED79DF4EF06C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {4BE9F158-C904-42A1-BF41-02DAB0C8625B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
    Task: {5D29E38E-674A-407B-B3F8-0C12B094787D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
    Task: {67FDCC74-6AD2-4D18-8BA3-3B8E2D73AA87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {A4D9CE08-46A6-4186-9BAC-430341A44EA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
    Task: {B69643AF-F8A5-472A-824B-FD90FB0C9B57} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-11] (Microsoft Corporation)
    Task: {C59BF83D-C668-407E-87EB-4F9D19C576CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
    Task: {E05F111E-BE78-475B-AD7B-577DCC16C3B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
    Task: {E41D259F-E220-4655-BDAF-8E8FB1C865BC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-08] (AVAST Software)
    Task: {FEE2A392-6FD4-4A58-B7B5-0A828F2E58ED} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\ProgramData\TEMP:B3ED3AFF

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\...\1001movie.com -> 1001movie.com

    There are 6091 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\x\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^x^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Seuraa mustehälytyksiä - HP Photosmart 5520 series.lnk => C:\Windows\pss\Seuraa mustehälytyksiä - HP Photosmart 5520 series.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_0DD987A1035D7802942B4006FF646164 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: NetWorx => "C:\Program Files\NetWorx\networx.exe" /auto
    MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
    MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
    MSCONFIG\startupreg: Spotify => "C:\Users\x\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\x\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{3616A783-C87A-4F1C-A088-E0AF0A429446}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [TCP Query User{2C218BAF-F6A4-41CF-BDCB-826EAFBE716F}C:\users\x\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{9B09C060-87C9-403D-BDA9-D0A7AC5BE789}C:\users\x\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{1878EAA0-E7B3-4A78-BE65-1D77B3CD6A5B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [UDP Query User{2B8FEDA2-84C6-4132-A5E1-7D7DC5A4D6CA}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
    FirewallRules: [{206F5961-162F-4360-BFFE-098408122B88}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
    FirewallRules: [{852153F7-0849-4E04-8896-9109A6BABD76}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{DBE6EDB6-FF9A-417B-8B26-F837B374CF1C}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{6E23E598-9590-4C01-ACF3-5D23727B7540}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR9.EXE
    FirewallRules: [{64DB74DF-04F9-4FEB-9C42-82CE2C88929C}] => (Allow) C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{9FC7D1FD-F25B-44D2-A19A-D7877B9CBFBB}] => (Allow) C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{482C6EEF-05EF-4192-80DC-D12FBDE2ADCA}C:\program files\mozilla firefox.bak\firefox.exe] => (Allow) C:\program files\mozilla firefox.bak\firefox.exe
    FirewallRules: [UDP Query User{76CEA817-1002-4D13-BE04-5BDE1F131274}C:\program files\mozilla firefox.bak\firefox.exe] => (Allow) C:\program files\mozilla firefox.bak\firefox.exe
    FirewallRules: [{5CB44A70-4690-4C5C-B75B-94D9172B4752}] => (Allow) C:\Program Files\Mozilla Firefox.bak\firefox.exe
    FirewallRules: [{111A3CB3-7351-42D5-B67B-265F51B98D2E}] => (Allow) C:\Program Files\Mozilla Firefox.bak\firefox.exe
    FirewallRules: [{18A0DB1C-A09E-46DC-A91A-A77BC3B415DE}] => (Allow) C:\Program Files\Mozilla Firefox.bak\firefox.exe
    FirewallRules: [{076D84B6-C56B-43DF-BBF0-AABFD39F9BBB}] => (Allow) C:\Program Files\Mozilla Firefox.bak\firefox.exe
    FirewallRules: [{1C8B3F78-3CFD-456F-A347-7D8F48BA717B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: avast! Revert
    Description: avast! Revert
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: aswRvrt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: avast! VM Monitor
    Description: avast! VM Monitor
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: aswVmm
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/18/2016 08:38:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: Indeksiä ei voi alustaa.

    Lisätietoja:
    Sisältöindeksiluettelo on viallinen. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/18/2016 08:38:44 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: Sovellusta ei voi alustaa.

    Konteksti: Sovellus Windows

    Lisätietoja:
    Sisältöindeksiluettelo on viallinen. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/18/2016 08:38:44 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: Keräysobjektia ei voi alustaa.

    Konteksti: Sovellus Windows, luettelo SystemIndex

    Lisätietoja:
    Sisältöindeksiluettelo on viallinen. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/18/2016 08:38:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: Laajennusta <Search.TripoliIndexer> ei voi alustaa.

    Konteksti: Sovellus Windows, luettelo SystemIndex

    Lisätietoja:
    Elementtiä ei löydy. (HRESULT : 0x80070490) (0x80070490)

    Error: (01/18/2016 08:38:43 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: Laajennusta <Search.JetPropStore> ei voi alustaa.

    Konteksti: Sovellus Windows, luettelo SystemIndex

    Lisätietoja:
    Sisältöindeksiluettelo on viallinen. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/18/2016 08:38:43 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
    Description: Windows Search -palvelu ei voi ladata ominaisuussäilön tietoja.

    Konteksti: Sovellus Windows, luettelo SystemIndex

    Lisätietoja:
    Sisältöindeksin tietokanta on viallinen. (HRESULT : 0xc0041800) (0xc0041800)

    Error: (01/18/2016 08:38:43 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: Windows Search -palvelua pysäytetään indeksoijan virheen vuoksi, The catalog is corrupt.

    Lisätietoja:
    Sisältöindeksiluettelo on viallinen. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/18/2016 08:38:43 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: Hakupalvelu on havainnut indeksissä {tunnus = 4700} vioittuneita tietotiedostoja. Palvelu yrittää korjata tämän ongelman automaattisesti muodostamalla indeksin uudelleen.

    Lisätietoja:
    Sisältöindeksiluettelo on viallinen. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/18/2016 08:38:43 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
    Description: Windows Search -palvelu ei voi avata Jet-ominaisuussäilöä.

    Lisätietoja:
    0x%08x (0xc0041800 - Sisältöindeksin tietokanta on viallinen. (HRESULT : 0xc0041800))

    Error: (01/18/2016 08:38:43 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: Windows (3192) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00381.log.


    System errors:
    =============
    Error: (01/20/2016 01:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus (Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:
    %%1068

    Error: (01/20/2016 01:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus (Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:
    %%1068

    Error: (01/20/2016 01:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus (Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:
    %%1068

    Error: (01/20/2016 01:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus (Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:
    %%1068

    Error: (01/20/2016 01:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus (Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:
    %%1068

    Error: (01/20/2016 01:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus (Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:
    %%1068

    Error: (01/20/2016 01:03:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus (Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:
    %%1068

    Error: (01/20/2016 01:03:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Palvelu Verkkoluettelopalvelu on riippuvainen palvelusta NLA-nimiavaruus (Network Location Awareness), jonka käynnistyminen epäonnistui virheen vuoksi:
    %%1068

    Error: (01/20/2016 01:03:09 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (01/20/2016 01:03:09 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) 9950 Quad-Core Processor
    Percentage of memory in use: 24%
    Total physical RAM: 3327.11 MB
    Available physical RAM: 2511.75 MB
    Total Virtual: 6652.53 MB
    Available Virtual: 5879.99 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:195.31 GB) (Free:129.33 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (Uusi asema) (Fixed) (Total:503.32 GB) (Free:292.11 GB) NTFS
    Drive e: (Musa) (Fixed) (Total:1862.89 GB) (Free:1024.48 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: FBE3FBE3)
    Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=503.3 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
    Last edited by joopa; 01-20-2016 at 06:18 AM.

  5. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Moi Mitä kuuluu,

    Sometimes you need to disable Anti Virus as it blocks some of the tools we use. Anti Virus does not run in safemode that's why you were able to work in the safemode.
    ****************************************************************************************************************
    Are you using a proxy server?
    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    If not we can fix it.
    *****************************************************************************************************************

    A few items to fix, left over junk so lets clean that up first, we will also empty temp files.
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\ProgramData\TEMP:B3ED3AFF
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Kiitos.
    Last edited by zep516; 01-20-2016 at 08:15 PM.

  6. The Following User Says Thank You to zep516 For This Useful Post:


  7. #5
    Member
    Join Date
    May 2015
    Posts
    7
    Points
    0

    Default

    Hello again!

    Quote Originally Posted by zep516 View Post
    Are you using a proxy server?
    No, maybe because I tried Avast VPN trial.

    Here is the fixlog:
    Fix result of Farbar Recovery Scan Tool (x86) Version:18-11-2015
    Ran by x (2016-01-21 08:50:57) Run:1
    Running from C:\Users\x\Desktop
    Loaded Profiles: x (Available Profiles: x)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\ProgramData\TEMP:B3ED3AFF
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    ew_hwusbdev => service removed successfully.
    ew_usbenumfilter => service removed successfully.
    huawei_cdcacm => service removed successfully.
    huawei_enumerator => service removed successfully.
    huawei_ext_ctrl => service removed successfully.
    huawei_wwanecm => service removed successfully.
    nvvad_WaveExtensible => service removed successfully.
    Synth3dVsc => service removed successfully.
    tsusbhub => service removed successfully.
    VGPU => service removed successfully.
    C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully..
    C:\ProgramData\TEMP => ":B3ED3AFF" ADS removed successfully..

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP-m��ritykset

    DNS-tulkintatoiminnon v�limuistin tyhjent�minen onnistui.

    ========= End of CMD: =========

    EmptyTemp: => 350.5 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 08:51:28 ====

  8. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Lets fix the proxy Malware can set these too.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

  9. The Following User Says Thank You to zep516 For This Useful Post:


  10. #7
    Member
    Join Date
    May 2015
    Posts
    7
    Points
    0

    Default hello again!

    Quote Originally Posted by zep516 View Post
    Lets fix the proxy Malware can set these too.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.



    Fix result of Farbar Recovery Scan Tool (x86) Version:18-11-2015
    Ran by x (2016-01-21 16:51:59) Run:2
    Running from C:\Users\x\Desktop
    Loaded Profiles: x (Available Profiles: x)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50815;https=127.0.0.1:50815
    RemoveProxy:
    hosts:
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.

    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
    HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
    HKU\S-1-5-21-2108276197-3227350303-2984276041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 124.6 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 16:52:24 ====

    Thank you very much!

  11. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Ole hyvä,

    Can you rerun JRT and adwCleaner and post the log files from those scans.

  12. The Following User Says Thank You to zep516 For This Useful Post:


  13. #9
    Member
    Join Date
    May 2015
    Posts
    7
    Points
    0

    Default Here you have requested logs

    Quote Originally Posted by zep516 View Post
    Ole hyvä,

    Can you rerun JRT and adwCleaner and post the log files from those scans.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 7 Ultimate x86
    Ran by x (Administrator) on pe 22.01.2016 at 8:17:01,21
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    File System: 0

    Registry: 0

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on pe 22.01.2016 at 8:19:12,53
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    # AdwCleaner v5.030 - Logfile created 22/01/2016 at 08:22:00
    # Updated 17/01/2016 by Xplode
    # Database : 2016-01-19.2 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x86)
    # Username : x - X-PC
    # Running from : C:\AdwCleaner\AdwCleaner.exe
    # Option : Cleaning
    # Support : Forum - ToolsLib

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [-] [C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : seekacover.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C27].txt - [769 bytes] ##########


    Kiitos avusta!

  14. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hyvää huomenta,


    -- This (Delfix) will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


    Why we need to remove some of our tools:
    Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.


    Download DelFix by Xplode and save it to your desktop.
    • Run the tool by right click on the icon and Run as administrator option.
    • Make sure that these ones are checked:
      • Remove disinfection tools
      • Purge system restore
      • Reset system settings
    • Push Run.
    • The program will run for a few seconds and display a notepad report.
      Paste it for my review.


    Kiitos.
    Joe

  15. The Following User Says Thank You to zep516 For This Useful Post:


Page 1 of 2 12 LastLast