Koneen epämääräinen käytös epäilyttää // HJT-loki

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:09:31, on 6.1.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)


Boot mode: Normal

Running processes:
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\Users\Tomi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Tomi\AppData\Local\Facebook\Games\FacebookGameroom.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
C:\Users\Tomi\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
C:\Users\Tomi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Users\Tomi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera_crashreporter.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
C:\Users\Tomi\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fi.search.yahoo.com/yhs/web...7464&a=wbf_ir_16_40&os_ver=6.3&os=Windows+8.1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fi.search.yahoo.com/yhs/web...7464&a=wbf_ir_16_40&os_ver=6.3&os=Windows+8.1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Paduhedekeso] C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Tomi\AppData\Roaming\Celaki"
O4 - HKLM\..\RunOnce: [DXTempFolder] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Tomi\AppData\Local\Temp\DX3198.tmp\"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Tomi\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Tomi\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [Chromium] "c:\users\tomi\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Facebook Gameroom.lnk = C:\Users\Tomi\AppData\Local\Facebook\Games\FacebookGameroom.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\AppReadiness.dll,-1000 (AppReadiness) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\appxdeploymentserver.dll,-1 (AppXSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%windir%\system32\bisrv.dll,-100 (BrokerInfrastructure) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\BthHFSrv.dll,-103 (BthHFSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @combase.dll,-5012 (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\das.dll,-100 (DeviceAssociationService) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (DeviceInstall) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\UtcResources.dll,-3001 (DiagTrack) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\DeviceSetupManager.dll,-1000 (DsmSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (Eaphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (EventLog) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fhsvc.dll,-101 (fhsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Service Installer TrueKey (InstallerService) - Unknown owner - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\GeofenceMonitorService.dll,-1 (lfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%windir%\system32\lsm.dll,-1001 (LSM) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: LsvUIService - Lenovo - C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: Maxthon Core Update Service (MaxthonUpdateSvc) - Maxthon - C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ncasvc.dll,-3009 (NcaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ncbservice.dll,-500 (NcbService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\NcdAutoSetup.dll,-100 (NcdAutoSetup) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofmsvc.dll,-202 (netprofm) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\WINDOWS\SysWow64\perfhost.exe
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-200 (PlugPlay) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll,-1 (PrintNotify) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @combase.dll,-5010 (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: ByteFence Security Real-time Protection (rtop) - Unknown owner - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\System32\ScDeviceEnum.dll,-100 (ScDeviceEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\smphost.dll,-102 (smphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\svsvc.dll,-101 (svsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%windir%\system32\SystemEventsBrokerServer.dll,-1001 (SystemEventsBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%windir%\system32\TimeBrokerServer.dll,-1001 (TimeBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: Intel Security True Key Helper Service (TrueKeyServiceHelper) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\WINDOWS\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-801 (vmicguestinterface) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-101 (vmicheartbeat) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-201 (vmickvpexchange) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-601 (vmicrdv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-301 (vmicshutdown) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-401 (vmictimesync) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-501 (vmicvss) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wcmsvc.dll,-4097 (Wcmsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wephostsvc.dll,-100 (WEPHOSTSVC) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiarpc.dll,-2 (WiaRpc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (WlanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wlidsvc.dll,-100 (wlidsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\workfolderssvc.dll,-102 (workfolderssvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe
O23 - Service: @%SystemRoot%\system32\WSService.dll,-103 (WSService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 27987 bytes

 

Tiedossa on, että ylikuumenemiset sun muut johtuvat luultavasti akun kestosta, mutta en pysty esimerkiksi asentamaan Windowsiin lainkaan pelejä (ei siis waretettuja, vaan levyltä asennettavia). Lisäksi Java ei suostu toimimaan millään selaimella. Torrentteja on tullut harrastettua, vaan eipä ole enää mielessä. Automaattisen lokianalysaattorin mukaan tässä lokissa oli vaikka kuinka epämääräisyyttä, mutta en uskalla sörkkiä ihan itsekseni...

 

Nuo voisit hyvinkin vielä ajaa:
https://www.bleepingcomputer.com/download/adwcleaner/
https://www.bleepingcomputer.com/download/junkware-removal-tool/
Samaten tämän freeware version joka on tarkoitettu winukan korjauksiin.
http://www.tweaking.com/content/page/windows_repair_all_in_one.html

 

Tweaking.com - Windows Repair ohjelmaa ei tässä tapauksessa / vaiheessa tarvitse ajaa.
+
Lisäystä edelliseen
------------------
Käynnistä Ohjauspaneeli > Ohjelmat ja toiminnot ( Programs and features ). ja Etsi ja Poista

ByteFence
------------------


Lataa Junkware Removal Tool tästä.

• Kun lataus on valmis käynnistä ohjelma ( JRT.exe ) . HUOM ( Jos käytössä on Windows Vista, 7 tai 8; valitse oikealla " Suorita järjestelmänvalvojana ". )
• Ohjelma avautuu ja aloittaa järjestelmän tarkastuksen.
• Kun tarkistus on valmis, Se tallentaa lokitiedoston ( JRT.txt ) työpöydällesi ja avautuu automaattisesti.
• Lähetä JRT.txt sisältö seuraavassa viestissäsi.

----------------------
Lataa AdwCleaner tästä. v 6.0.4.1

• Ennen ohjelman ajoa > Sulje kaikki avoimet ohjelmat ja Internet-selain tarkistuksen ajaksi.
• Tuplaklikkaa AdwCleaner.exe auki ja valitse " Scan ".
• Kun tarkistus on valmis, Valitse " Clean ".
• Tietokone käynnistyy automaattisesti ohjelman valmistuttua.

----------------------

Tehdään korjaukset Farbar ohjelmalla.

----------------------

Lataa FarBar Recovery Scan Tool. [ FRST ]
32-Bit / 64-Bit Versio tästä.

• Tallenna ohjelma työpöydällesi ja käynnistä se.
• Aloita tarkistus painamalla " Scan " -painiketta.
• Kun ohjelman tarkistus on valmis, se tekee lokitiedoston (FRST.txt) samaan hakemistoon johon se on asennettu.
• Ensimmäisellä tarkistuskerralla ohjelma luo myös toisen lokitiedoston ( Addition.txt ).
• Lähetä lokitiedostot seuraavassa viestissäsi. ( FRST.txt ja Addition.txt)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 x64
Ran by Tomi (Administrator) on ma 09.01.2017 at 18:59:10,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 14

Successfully deleted: C:\ProgramData\Start Menu\Programs\driverupdate (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\pc app store.lnk (Shortcut)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Users\Tomi\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\Tomi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\pc app store.lnk (Shortcut)
Successfully deleted: C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pc app store.lnk (Shortcut)
Successfully deleted: C:\WINDOWS\system32\drivers\swdumon.sys (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\DriverUpdate Scan (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\DriverUpdate Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SlimDrivers Startup (Task)
Successfully deleted: C:\WINDOWS\Tasks\DriverUpdate Scan.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\DriverUpdate Startup.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\SlimDrivers Startup.job (Task)
Successfully deleted: C:\Program Files (x86)\driverupdate (Folder)



Registry: 3

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)





Tällaisen lykkäsi. Skannattu ja puhdistettu nyt myös Malwarebytesilla, kyllähän sieltä jotain torakkaa taisi löytyä. Myös ByteFence on poistettu. Laitan seuraavaan viestiin nuo FRST-tiedostot.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Tomi (administrator) on MACHINAE (09-01-2017 19:09:54)
Running from C:\Users\Tomi\Downloads
Loaded Profiles: Tomi (Available Profiles: Tomi & Järjestelmänvalvoja)
Platform: Windows 8.1 (Update) (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Pokki) C:\Users\Tomi\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Arobas Music) C:\Program Files (x86)\Guitar Pro 5\GP5.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Tomi\Downloads\adwcleaner_6.042(1).exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2014-02-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-07-17] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-07-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-07-17] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\Run: [Spotify Web Helper] => C:\Users\Tomi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-22] (Spotify Ltd)
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\Run: [Spotify] => C:\Users\Tomi\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-22] (Spotify Ltd)
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\Run: [Chromium] => c:\users\tomi\appdata\local\chromium\application\chrome.exe [1035264 2016-03-17] (The Chromium Authors)
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\Run: [World of Warships] => C:\Games\World_of_Warships\WargamingGameUpdater.exe [3134216 2016-12-05] (Wargaming.net)
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\MountPoints2: {454deb1c-c4bf-11e6-82b2-18cf5eea202a} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\MountPoints2: {ac729dbd-3db3-11e6-827b-18cf5eea202a} - "F:\HiSuiteDownLoader.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-03] (AVAST Software)
Startup: C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-10-23]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Tomi\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{535157F9-41A8-44D5-9059-0A96EDDA8DD6}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{5CA75733-1F3B-44C6-84D7-411DD34FD2CD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{97BE8886-4BCD-4E04-9070-6098B12531FA}: [DhcpNameServer] 150.210.1.3

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fi.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_40_rps_b2_rps&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfi%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0DtByEyE0BtByCtBtCyDtCyE0DzytN0D0Tzu0StCyBtAyBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtC0E0Ezz0FtGtA0EyEtBtGtAyCyDzytGtDyBtBzztGyE0CzyzytC0CtCyE0AyE0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtA0Czyzz0AyDzytGtByCyBzztGyEzz0F0BtGzy0E0BzztGtAtC0D0ByCzytByDtAyE0EtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1432047464%26a%3Dwbf_ir_16_40%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fi.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_40_rps_b2_rps&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfi%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0DtByEyE0BtByCtBtCyDtCyE0DzytN0D0Tzu0StCyBtAyBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtC0E0Ezz0FtGtA0EyEtBtGtAyCyDzytGtDyBtBzztGyE0CzyzytC0CtCyE0AyE0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtA0Czyzz0AyDzytGtByCyBzztGyEzz0F0BtGzy0E0BzztGtAtC0D0ByCzytByDtAyE0EtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1432047464%26a%3Dwbf_ir_16_40%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fi.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_40_rps_b2_rps&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfi%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0DtByEyE0BtByCtBtCyDtCyE0DzytN0D0Tzu0StCyBtAyBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtC0E0Ezz0FtGtA0EyEtBtGtAyCyDzytGtDyBtBzztGyE0CzyzytC0CtCyE0AyE0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtA0Czyzz0AyDzytGtByCyBzztGyEzz0F0BtGzy0E0BzztGtAtC0D0ByCzytByDtAyE0EtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1432047464%26a%3Dwbf_ir_16_40%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://fi.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_opnsb_16_16&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfi%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0DtByEyE0BtByCtBtCyDtCyE0DzytN0D0Tzu0StCyDyCzytN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDyByDyCtCtA0C0BtGyByEyCzztGzytC0B0CtGtC0BtDtDtGzytC0F0DyE0EtAyDzz0F0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0E0FtByBtC0FtG0C0CzyyCtGyEtDyByCtG0ByDtCtBtGyEyCtDyBtDyE0AtD0BtC0Ezz2QtN0A0LzuyE%26cr%3D2034789984%26a%3Dwbf_opnsb_16_16%26os_ver%3D6.3%26os%3DWindows%2B8.1
hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {520C1267-351F-4D4A-A413-2BF8488E84B4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0c26ff12&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://fi.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_40_rps_b2_rps&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfi%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0DtByEyE0BtByCtBtCyDtCyE0DzytN0D0Tzu0StCyBtAyBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtC0E0Ezz0FtGtA0EyEtBtGtAyCyDzytGtDyBtBzztGyE0CzyzytC0CtCyE0AyE0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtA0Czyzz0AyDzytGtByCyBzztGyEzz0F0BtGzy0E0BzztGtAtC0D0ByCzytByDtAyE0EtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1432047464%26a%3Dwbf_ir_16_40%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {520C1267-351F-4D4A-A413-2BF8488E84B4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0c26ff12&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {520C1267-351F-4D4A-A413-2BF8488E84B4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0c26ff12&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://fi.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_40_rps_b2_rps&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfi%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0DtByEyE0BtByCtBtCyDtCyE0DzytN0D0Tzu0StCyBtAyBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtC0E0Ezz0FtGtA0EyEtBtGtAyCyDzytGtDyBtBzztGyE0CzyzytC0CtCyE0AyE0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtA0Czyzz0AyDzytGtByCyBzztGyEzz0F0BtGzy0E0BzztGtAtC0D0ByCzytByDtAyE0EtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1432047464%26a%3Dwbf_ir_16_40%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {520C1267-351F-4D4A-A413-2BF8488E84B4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0c26ff12&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2312945197-1059649812-2768281392-1002 -> DefaultScope {520C1267-351F-4D4A-A413-2BF8488E84B4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0c26ff12&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2312945197-1059649812-2768281392-1002 -> {082A46AA-E22F-4653-B444-1AD6AF0B230B} URL = hxxps://fi.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2312945197-1059649812-2768281392-1002 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://fi.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_40_rps_b2_rps&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfi%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0DtByEyE0BtByCtBtCyDtCyE0DzytN0D0Tzu0StCyBtAyBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtC0E0Ezz0FtGtA0EyEtBtGtAyCyDzytGtDyBtBzztGyE0CzyzytC0CtCyE0AyE0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtA0Czyzz0AyDzytGtByCyBzztGyEzz0F0BtGzy0E0BzztGtAtC0D0ByCzytByDtAyE0EtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1432047464%26a%3Dwbf_ir_16_40%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2312945197-1059649812-2768281392-1002 -> {520C1267-351F-4D4A-A413-2BF8488E84B4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0c26ff12&q={searchTerms}
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-12-10] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-06] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-12-10] (Intel Security)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tomi\AppData\Roaming\Mozilla\Firefox\Profiles\u3h7eg9y.default-1483910757165 [2017-01-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com/","hxxp://search.conduit.com/?gd=&ctid=CT3321541&octid=EB_ORIGINAL_CTID&ISID=M4F8AF882-ADE8-464D-A28A-6A2C425939D3&SearchSource=55&CUI=&UM=5&UP=SP73708A94-EF9A-4872-A553-9CCCF681EB8A&SSPV=","hxxp://mysearch.avg.com?cid={1E939BC9-A76C-4057-9925-C32612F8B4BD}&mid=3064a43c848a47d289d8d16e5558c95b-5bd17b245ac30cc5b530307e66453ac7df29932d&lang=en&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=2014-03-16 23:05:20&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://www.hohosearch.com/?mode=nnnb&ptid=epf1&uid=A55C24BBC61D81811CB696F914C0F6BD&v=20160415&ts=AHEqA3YkBn4nCE.."
CHR DefaultSearchURL: Default -> hxxp://www.hohosearch.com/chrome.php?q={searchTerms}&ts=AHEqA3YkBn4nCE..&v=20160415&uid=A55C24BBC61D81811CB696F914C0F6BD&ptid=epf1&mode=nnnb
CHR DefaultSearchKeyword: Default -> hohosearch
CHR Profile: C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default [2017-01-09]
CHR Extension: (Google-presentaatiot) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-06]
CHR Extension: (Google-dokumentit) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-06]
CHR Extension: (Google Drive) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-06]
CHR Extension: (Fotor Photo Editor) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2017-01-09]
CHR Extension: (Ponnahdusikkunoiden estäjä) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-01-09]
CHR Extension: (YouTube) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-06]
CHR Extension: (Foxtrick) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfbbngccefbbndginomofgpagkjckik [2017-01-09]
CHR Extension: (Adblock Plus) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-09]
CHR Extension: (Google-taulukot) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-06]
CHR Extension: (Google Docsin offline-tila) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-07]
CHR Extension: (AdBlock) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-09]
CHR Extension: (Zoho Clipboard) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijojlignnlclbadcdiecojeamghcfli [2017-01-09]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-06]
CHR Extension: (Gmail) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-06]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>
CHR HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>

Opera:
=======
OPR Extension: (Foxtrick (Beta)) - C:\Users\Tomi\AppData\Roaming\Opera Software\Opera Stable\Extensions\gpfggkkkmpaalfemiafhfobkfnadeegj [2016-10-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-02] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-03] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-07-17] (Lenovo)
S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2451880 2016-05-08] (Maxthon)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-07-17] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-07-17] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2016-11-30] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-11-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-11-30] (McAfee, Inc.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-07-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-10-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-10-03] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-10-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-10-03] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18816 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [223232 2016-05-25] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.) [File not signed]
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-09 19:09 - 2017-01-09 19:11 - 00024630 _____ C:\Users\Tomi\Downloads\FRST.txt
2017-01-09 19:09 - 2017-01-09 19:09 - 02419200 _____ (Farbar) C:\Users\Tomi\Downloads\FRST64.exe
2017-01-09 19:09 - 2017-01-09 19:09 - 00000000 ____D C:\FRST
2017-01-09 19:04 - 2017-01-09 19:04 - 03988944 _____ C:\Users\Tomi\Downloads\adwcleaner_6.042(1).exe
2017-01-09 19:04 - 2017-01-09 19:04 - 00002089 _____ C:\Users\Tomi\Desktop\JRT.txt
2017-01-09 18:59 - 2017-01-09 18:59 - 03988944 _____ C:\Users\Tomi\Downloads\adwcleaner_6.042.exe
2017-01-09 18:58 - 2017-01-09 18:58 - 01663040 _____ (Malwarebytes) C:\Users\Tomi\Downloads\JRT.exe
2017-01-09 17:43 - 2017-01-09 17:43 - 00075336 _____ C:\Users\Tomi\Downloads\Seolivitsivitunvammanen (2) (1).pdf
2017-01-09 17:36 - 2017-01-09 17:36 - 00075336 _____ C:\Users\Tomi\Downloads\Seolivitsivitunvammanen (2).pdf
2017-01-09 17:33 - 2017-01-09 17:33 - 00075340 _____ C:\Users\Tomi\Downloads\Seolivitsivitunvammanen (1).pdf
2017-01-09 17:30 - 2017-01-09 17:30 - 00075230 _____ C:\Users\Tomi\Downloads\Seolivitsivitunvammanen.pdf
2017-01-09 01:24 - 2017-01-09 01:24 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2017-01-08 23:26 - 2017-01-08 23:26 - 00000000 ____D C:\Users\Tomi\Desktop\Firefoxin vanhat tiedot
2017-01-08 23:25 - 2017-01-09 19:04 - 00000000 ____D C:\Users\Tomi\AppData\LocalLow\Mozilla
2017-01-08 23:24 - 2017-01-08 23:24 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-08 23:24 - 2017-01-08 23:24 - 00001174 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-08 23:24 - 2017-01-08 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-08 23:24 - 2017-01-08 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-08 23:22 - 2017-01-08 23:22 - 00243680 _____ C:\Users\Tomi\Downloads\Firefox Setup Stub 50.1.0.exe
2017-01-06 23:41 - 2017-01-06 23:41 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\.mono
2017-01-06 23:41 - 2017-01-06 23:41 - 00000000 ____D C:\Users\Tomi\AppData\LocalLow\Blizzard Entertainment
2017-01-06 23:41 - 2017-01-06 23:41 - 00000000 ____D C:\ProgramData\.mono
2017-01-06 23:40 - 2017-01-06 23:40 - 00000000 ____D C:\Users\Tomi\AppData\Local\Blizzard
2017-01-06 22:16 - 2017-01-06 22:16 - 00000978 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2017-01-06 22:16 - 2017-01-06 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2017-01-06 22:07 - 2017-01-06 22:07 - 00000818 _____ C:\Users\Tomi\Desktop\World of Warships.lnk
2017-01-06 22:07 - 2017-01-06 22:07 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2017-01-06 22:03 - 2017-01-06 22:03 - 06001536 _____ (Wargaming.net ) C:\Users\Tomi\Downloads\WoWS_internet_install_eu.exe
2017-01-06 22:02 - 2017-01-07 01:21 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-01-06 21:57 - 2017-01-06 21:57 - 03126768 _____ (Blizzard Entertainment) C:\Users\Tomi\Downloads\Battle.net-Setup.exe
2017-01-06 21:26 - 2017-01-08 23:02 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\dvdcss
2017-01-06 19:47 - 2017-01-06 21:22 - 00000000 ____D C:\Users\Tomi\Downloads\Shameless.US.S05.Season.5.720p.5.1Ch.BluRay.ReEnc-DeeJayAhmed
2017-01-06 19:39 - 2017-01-06 19:43 - 00000000 ____D C:\Users\Tomi\Downloads\SMLS4
2017-01-06 19:18 - 2017-01-06 19:18 - 00002011 _____ C:\Users\Public\Desktop\NHL® 09.lnk
2017-01-06 19:15 - 2017-01-06 19:19 - 02400456 _____ (BitTorrent Inc.) C:\Users\Tomi\Downloads\BitTorrent (1).exe
2017-01-06 19:00 - 2017-01-06 19:00 - 00000000 ____D C:\Users\Tomi\Downloads\NHL.09 RELOADED
2017-01-06 18:05 - 2017-01-06 18:05 - 00002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-06 18:05 - 2017-01-06 18:05 - 00002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-06 18:03 - 2017-01-06 18:08 - 00003440 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-06 18:03 - 2017-01-06 18:08 - 00003312 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-06 18:03 - 2017-01-06 18:03 - 01065376 _____ (Google Inc.) C:\Users\Tomi\Downloads\ChromeSetup (2).exe
2017-01-06 17:49 - 2017-01-06 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
2017-01-06 17:49 - 2017-01-06 17:49 - 00000000 ____D C:\Program Files (x86)\SlimDrivers
2017-01-06 17:47 - 2017-01-06 17:47 - 00991272 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Tomi\Downloads\DriverUpdate-setup.exe
2017-01-06 17:17 - 2017-01-09 19:07 - 00000000 ____D C:\AdwCleaner
2017-01-06 17:10 - 2017-01-06 17:10 - 00027989 _____ C:\Users\Tomi\Desktop\hjt.logfile.txt
2017-01-06 16:40 - 2017-01-06 16:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tomi\Desktop\HijackThis.exe
2017-01-06 16:39 - 2017-01-06 16:39 - 00000000 ____D C:\Users\Tomi\Documents\Elder Scrolls Online
2017-01-06 16:39 - 2017-01-06 16:39 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2017-01-06 16:24 - 2017-01-06 16:26 - 119339568 _____ (Flexera Software) C:\Users\Tomi\Downloads\Install_ESO.exe
2017-01-06 16:06 - 2017-01-06 16:31 - 00002176 _____ C:\Users\Tomi\Desktop\The Elder Scrolls Online.lnk
2017-01-06 16:06 - 2017-01-06 16:30 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2017-01-06 16:06 - 2017-01-06 16:06 - 00000000 ____D C:\WINDOWS\jre
2017-01-06 16:06 - 2017-01-06 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\The Elder Scrolls Online
2017-01-06 16:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-01-06 16:06 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-01-06 16:06 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-01-06 16:06 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-01-06 16:06 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-01-06 16:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-01-06 16:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-01-06 14:44 - 2017-01-06 14:44 - 00034739 _____ C:\Users\Tomi\Downloads\6103331955 (3).pdf
2017-01-06 14:19 - 2017-01-06 16:30 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2017-01-06 14:19 - 2017-01-06 16:06 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2017-01-06 14:08 - 2017-01-06 14:08 - 00000000 ___HD C:\Users\Tomi\InstallAnywhere
2017-01-06 11:44 - 2017-01-06 11:44 - 00002380 _____ C:\Users\Tomi\Desktop\Smartflix.lnk
2017-01-06 11:44 - 2017-01-06 11:44 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\Smartflix
2017-01-06 11:44 - 2017-01-06 11:44 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smartflix
2017-01-06 11:44 - 2017-01-06 11:44 - 00000000 ____D C:\Users\Tomi\AppData\Local\SquirrelTemp
2017-01-06 11:44 - 2017-01-06 11:44 - 00000000 ____D C:\Users\Tomi\AppData\Local\smartflix
2017-01-06 11:43 - 2017-01-06 11:44 - 44363008 _____ (Smartflix) C:\Users\Tomi\Downloads\SmartflixSetup.exe
2017-01-04 18:21 - 2017-01-09 18:52 - 00000284 _____ C:\WINDOWS\Tasks\{A761CCFD-DBE9-4D7E-BB0D-CA25FF8DED87}.job
2017-01-04 18:21 - 2017-01-04 18:21 - 00003108 _____ C:\WINDOWS\System32\Tasks\{A761CCFD-DBE9-4D7E-BB0D-CA25FF8DED87}
2017-01-04 17:35 - 2017-01-04 17:35 - 00102268 _____ C:\Users\Tomi\Downloads\kela.pdf
2017-01-03 08:54 - 2017-01-03 08:54 - 00034739 _____ C:\Users\Tomi\Downloads\6103331955 (2).pdf
2017-01-03 08:51 - 2017-01-03 08:51 - 00034739 _____ C:\Users\Tomi\Downloads\6103331955 (1).pdf
2016-12-28 21:00 - 2016-12-28 21:00 - 00160801 _____ C:\Users\Tomi\Downloads\fusk.png
2016-12-28 18:11 - 2016-12-28 18:11 - 00048790 _____ C:\Users\Tomi\Downloads\15727272_10153915034230882_3190793274249423423_n.jpg
2016-12-25 00:40 - 2016-12-25 00:40 - 00995116 _____ C:\Users\Tomi\Downloads\noniinjoo.jpg
2016-12-25 00:29 - 2016-12-25 00:30 - 00688354 _____ C:\Users\Tomi\Downloads\15696600_10211152271025554_1729952279_o.png
2016-12-25 00:20 - 2016-12-25 00:20 - 01051387 _____ C:\Users\Tomi\Downloads\igyf.jpg
2016-12-25 00:13 - 2016-12-25 00:13 - 00137210 _____ C:\Users\Tomi\Downloads\15725902_10211152008939002_1712207517_o.jpg
2016-12-24 15:18 - 2016-12-24 15:18 - 00000000 ___RD C:\Users\Tomi\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2016-12-24 15:09 - 2016-12-24 15:09 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-12-24 15:09 - 2016-12-24 15:09 - 00002507 _____ C:\Users\Public\Desktop\Safari.lnk
2016-12-24 15:09 - 2016-12-24 15:09 - 00000000 ____D C:\Program Files (x86)\Safari
2016-12-24 15:04 - 2016-12-24 15:04 - 00737344 _____ (Oracle Corporation) C:\Users\Tomi\Downloads\chromeinstall-8u111 (2).exe
2016-12-24 15:02 - 2016-12-24 15:03 - 24592606 _____ C:\Users\Tomi\Downloads\Windows8.1-KB2901549-x64.msu
2016-12-24 15:00 - 2016-12-24 15:00 - 00737344 _____ (Oracle Corporation) C:\Users\Tomi\Downloads\chromeinstall-8u111 (1).exe
2016-12-24 14:47 - 2016-12-24 14:47 - 00737344 _____ (Oracle Corporation) C:\Users\Tomi\Downloads\chromeinstall-8u111.exe
2016-12-24 13:55 - 2016-12-24 13:55 - 00045199 _____ C:\Users\Tomi\Downloads\whenever-someone-tells-a-bad-joke_o_723438.jpg
2016-12-22 21:19 - 2016-12-22 21:19 - 00112353 _____ C:\Users\Tomi\Downloads\15676041_10205860309146631_4087243454693438105_o.jpg
2016-12-22 18:07 - 2016-12-22 18:07 - 00047211 _____ C:\Users\Tomi\Downloads\14516442_558743554311322_8466669751261306923_n.jpg
2016-12-21 23:41 - 2016-12-21 23:41 - 00017528 _____ C:\Users\Tomi\Downloads\15621782_1212460815513444_6936643840296358988_n.jpg
2016-12-21 19:54 - 2016-12-21 19:54 - 00117848 _____ C:\Users\Tomi\Downloads\15675745_10207953024888445_7993941842934398037_o.jpg
2016-12-21 13:15 - 2016-12-21 13:15 - 00002279 _____ C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-12-21 13:15 - 2016-12-21 13:15 - 00002271 _____ C:\Users\Tomi\Desktop\Chromium.lnk
2016-12-21 13:15 - 2016-12-21 13:15 - 00000000 ____D C:\Users\Tomi\AppData\Local\Chromium
2016-12-21 13:14 - 2017-01-09 17:14 - 00001002 _____ C:\WINDOWS\Tasks\Bing Search Engine lonod.job
2016-12-21 13:14 - 2017-01-09 01:14 - 00000000 ____D C:\ProgramData\{C49901FA-4EDB-8B3C-C81D-157E525F9EB0}
2016-12-21 13:14 - 2016-12-21 13:15 - 00000000 ____D C:\Users\Tomi\AppData\Local\{6742511E-43EA-3DA6-2E72-184E0A1AE4D6}
2016-12-21 13:14 - 2016-12-21 13:14 - 00004002 _____ C:\WINDOWS\System32\Tasks\Bing Search Engine lonod
2016-12-21 13:00 - 2016-12-21 13:00 - 00036754 _____ C:\Users\Tomi\Downloads\Siis-anteeks-mitä (2).mid
2016-12-20 12:39 - 2016-12-20 12:39 - 00036078 _____ C:\Users\Tomi\Downloads\15666005_10153984957177385_108113825_n.jpg
2016-12-16 10:22 - 2016-12-16 10:22 - 00025619 _____ C:\Users\Tomi\Downloads\15492421_10154764398590912_3673451456721055296_n.jpg
2016-12-16 02:17 - 2016-12-12 01:00 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-16 02:17 - 2016-12-12 01:00 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-15 10:21 - 2016-12-15 10:21 - 00034739 _____ C:\Users\Tomi\Downloads\6103331955.pdf
2016-12-14 08:22 - 2016-12-01 16:13 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-14 08:22 - 2016-12-01 16:13 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-14 08:22 - 2016-12-01 16:11 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-14 08:22 - 2016-12-01 16:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-14 08:22 - 2016-10-20 15:14 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-14 08:22 - 2016-10-20 15:10 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-14 08:12 - 2016-11-19 23:24 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 08:12 - 2016-11-19 23:24 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 08:12 - 2016-11-19 21:29 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-14 08:12 - 2016-11-19 20:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-14 08:12 - 2016-11-19 19:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-14 08:12 - 2016-11-19 19:22 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 08:12 - 2016-11-16 23:49 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 08:12 - 2016-11-12 23:06 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-14 08:12 - 2016-11-12 21:38 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-14 08:12 - 2016-11-12 21:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-14 08:12 - 2016-11-12 21:08 - 25759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 08:12 - 2016-11-12 21:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-14 08:12 - 2016-11-12 20:53 - 06049280 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 08:12 - 2016-11-12 20:29 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-14 08:12 - 2016-11-12 20:23 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-14 08:12 - 2016-11-12 20:17 - 20302848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 08:12 - 2016-11-12 20:14 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-14 08:12 - 2016-11-12 20:10 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-14 08:12 - 2016-11-12 19:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-14 08:12 - 2016-11-12 19:41 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 08:12 - 2016-11-12 19:38 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-14 08:12 - 2016-11-12 19:37 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 08:12 - 2016-11-12 19:35 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-14 08:12 - 2016-11-12 19:21 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 08:12 - 2016-11-12 19:20 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-14 08:12 - 2016-11-12 19:11 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-14 08:12 - 2016-11-12 19:05 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-14 08:12 - 2016-11-12 19:02 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-14 08:12 - 2016-11-12 19:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-14 08:12 - 2016-11-11 04:33 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 08:12 - 2016-11-09 19:25 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 08:12 - 2016-11-05 22:46 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-14 08:12 - 2016-11-05 20:35 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 08:12 - 2016-11-05 19:57 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 08:12 - 2016-11-05 19:11 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 08:12 - 2016-11-05 17:56 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-14 08:12 - 2016-11-05 17:46 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-14 08:12 - 2016-10-28 04:56 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-14 08:12 - 2016-10-27 16:28 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-14 08:12 - 2016-10-12 23:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-14 08:12 - 2016-10-12 23:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-12-14 08:12 - 2016-10-11 18:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-14 08:12 - 2016-10-11 01:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-12-14 08:12 - 2016-10-10 20:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-14 08:12 - 2016-10-10 20:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-14 08:12 - 2016-10-09 16:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-14 08:12 - 2016-10-09 16:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-14 08:12 - 2016-10-09 16:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-12-14 08:12 - 2016-10-09 00:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-14 08:12 - 2016-10-08 23:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-12-14 08:12 - 2016-10-08 23:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-14 08:12 - 2016-10-05 16:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-14 08:12 - 2016-10-05 16:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-12-14 08:12 - 2016-10-05 16:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-14 08:12 - 2016-10-05 15:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-14 08:12 - 2016-10-05 15:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-12-14 08:12 - 2016-10-05 06:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-14 08:12 - 2016-10-05 06:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-12-14 08:12 - 2016-10-05 06:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-14 08:12 - 2016-10-05 06:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-14 08:12 - 2016-09-27 22:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-12-14 08:12 - 2016-09-21 00:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-14 08:12 - 2015-10-22 17:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-12-13 08:24 - 2016-12-13 08:24 - 00049618 _____ C:\Users\Tomi\Downloads\15380578_10154837080221248_3004023638054658012_n.jpg
2016-12-12 13:14 - 2016-12-12 13:14 - 00107241 _____ C:\Users\Tomi\Downloads\Tomi_TE.pdf
2016-12-12 12:31 - 2016-12-12 12:31 - 00058707 _____ C:\Users\Tomi\Downloads\15493315_10154859541314380_8130170183136810138_o.jpg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-09 19:08 - 2016-10-03 18:20 - 00000000 ____D C:\Program Files\ByteFence
2017-01-09 19:08 - 2016-04-24 01:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-09 19:07 - 2016-04-21 21:44 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2312945197-1059649812-2768281392-1002
2017-01-09 18:53 - 2016-06-01 05:52 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\Spotify
2017-01-09 18:50 - 2016-04-21 20:39 - 00000000 ____D C:\Users\Tomi\AppData\Local\SweetLabs App Platform
2017-01-09 18:48 - 2016-06-01 05:52 - 00000000 ____D C:\Users\Tomi\AppData\Local\Spotify
2017-01-09 18:47 - 2016-01-02 21:41 - 00000000 __RDO C:\Users\Tomi\OneDrive
2017-01-09 18:47 - 2014-07-17 05:02 - 00435530 _____ C:\WINDOWS\system32\perfh00B.dat
2017-01-09 18:47 - 2014-07-17 05:02 - 00081592 _____ C:\WINDOWS\system32\perfc00B.dat
2017-01-09 18:47 - 2014-03-18 11:53 - 01367966 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-09 18:47 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-09 17:21 - 2016-10-03 18:21 - 00000994 _____ C:\WINDOWS\Tasks\Yahoo! Powered lonod.job
2017-01-09 16:03 - 2016-05-03 06:52 - 00000000 ____D C:\Users\Tomi\AppData\Local\CrashDumps
2017-01-09 14:23 - 2016-08-19 11:46 - 00000000 ____D C:\Users\Tomi\AppData\Local\Battle.net
2017-01-09 01:21 - 2016-10-03 18:21 - 00000000 ____D C:\ProgramData\{2331E652-A973-6C94-2FB5-F2D6B5F77918}
2017-01-09 00:50 - 2016-05-23 19:49 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\vlc
2017-01-08 21:40 - 2016-08-19 11:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-08 17:16 - 2016-10-29 03:06 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-08 17:16 - 2016-04-24 01:29 - 00000000 ____D C:\Program Files\TrueKey
2017-01-08 17:16 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-08 15:46 - 2014-07-17 05:09 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-01-08 15:46 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-08 15:45 - 2016-04-21 20:39 - 00000000 ____D C:\Users\Tomi
2017-01-08 15:45 - 2014-07-17 05:55 - 00006656 _____ C:\WINDOWS\system32\VfService.trf
2017-01-08 13:02 - 2016-04-24 01:41 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-08 01:04 - 2016-10-09 17:48 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-07 23:28 - 2016-11-09 08:20 - 00016161 _____ C:\Users\Tomi\Downloads\Kent.gp5
2017-01-07 04:06 - 2016-05-16 13:47 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-07 04:06 - 2016-04-28 16:38 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\BitTorrent
2017-01-06 22:07 - 2016-01-24 21:01 - 00000000 ____D C:\Games
2017-01-06 22:00 - 2016-08-19 11:43 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\Battle.net
2017-01-06 19:05 - 2016-11-06 14:50 - 00001110 _____ C:\WINDOWS\SysWOW64\ealregsnapshot1.reg
2017-01-06 18:05 - 2016-04-22 10:01 - 00000000 ____D C:\Users\Tomi\AppData\Local\Google
2017-01-06 18:04 - 2016-04-22 10:02 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-06 16:41 - 2016-04-21 21:36 - 00000000 ____D C:\Users\Tomi\AppData\Local\VirtualStore
2017-01-06 16:09 - 2014-07-17 05:07 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-05 09:05 - 2016-10-03 18:26 - 00004180 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-04 18:21 - 2016-10-03 18:21 - 00000000 ____D C:\Users\Tomi\AppData\Local\UpdateTask
2016-12-24 15:23 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-24 15:16 - 2016-01-02 21:33 - 00000000 ____D C:\Users\Tomi\AppData\Local\Packages
2016-12-24 15:14 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-23 17:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\debug
2016-12-23 02:59 - 2016-07-03 09:55 - 00003852 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1467532516
2016-12-23 02:59 - 2016-07-03 09:55 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-23 02:59 - 2016-07-03 09:54 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-23 02:54 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-22 00:13 - 2016-12-04 17:49 - 00000152 _____ C:\Users\Tomi\AppData\Roaming\WB.CFG
2016-12-21 13:14 - 2016-10-03 18:20 - 00000286 __RSH C:\ProgramData\ntuser.pol
2016-12-20 12:38 - 2016-07-18 23:28 - 00000000 ____D C:\Users\Tomi\AppData\Local\Diagnostics
2016-12-20 12:37 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-18 03:58 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-12-18 03:45 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-18 03:16 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-17 04:07 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-16 02:16 - 2013-08-22 17:31 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-16 02:16 - 2013-08-22 16:44 - 00372696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-16 02:08 - 2014-07-17 04:17 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms
2016-12-16 02:08 - 2014-07-17 04:17 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf
2016-12-15 12:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\fi-FI
2016-12-15 12:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-15 12:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\fi-FI
2016-12-15 12:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-15 12:33 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-15 12:33 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-15 11:17 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-15 10:28 - 2016-01-02 21:28 - 00000000 ___RD C:\Users\Tomi\Pictures
2016-12-14 18:08 - 2016-10-09 17:48 - 00003854 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-14 18:08 - 2016-04-24 01:29 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-14 18:08 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 18:08 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-14 17:49 - 2016-04-24 19:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 17:48 - 2014-04-03 20:18 - 00524288 ___SH C:\Users\Administrator\NTUSER.DAT
2016-12-14 17:45 - 2016-04-24 19:05 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2016-12-04 17:49 - 2016-12-22 00:13 - 0000152 _____ () C:\Users\Tomi\AppData\Roaming\WB.CFG
2014-07-17 05:14 - 2014-07-17 05:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{A761CCFD-DBE9-4D7E-BB0D-CA25FF8DED87}.job


Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\PokkiPlatform.exe
C:\Users\Tomi\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Tomi\AppData\Local\Temp\libeay32.dll
C:\Users\Tomi\AppData\Local\Temp\msvcr120.dll
C:\Users\Tomi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-01 15:57

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Tomi (09-01-2017 19:12:42)
Running from C:\Users\Tomi\Downloads
Windows 8.1 (Update) (X64) (2016-04-21 18:44:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

HomeGroupUser$ (S-1-5-21-2312945197-1059649812-2768281392-1004 - Limited - Enabled)
Järjestelmänvalvoja (S-1-5-21-2312945197-1059649812-2768281392-500 - Administrator - Disabled) => C:\Users\Administrator
Tomi (S-1-5-21-2312945197-1059649812-2768281392-1002 - Administrator - Enabled) => C:\Users\Tomi
Vieras (S-1-5-21-2312945197-1059649812-2768281392-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{13B5A740-97D9-D810-F6F5-E43E2718FEC3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Chromium (HKLM-x32\...\{66A48E64-3624-5FE4-87A4-2F645724FCE4}) (Version: - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.7.3 - Slimware Utilities Holdings, Inc.)
DriverUpdate (x32 Version: 2.7.3 - Slimware Utilities Holdings, Inc.) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.17 - Lenovo)
Energy Manager (x32 Version: 1.5.0.17 - Lenovo) Hidden
Facebook Gameroom 1.0.0.2 (HKLM-x32\...\{F48C71C0-2162-4A4C-A52B-C4D10BE04C91}) (Version: 1.0.0.2 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Host App Service (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\SweetLabs_AP) (Version: 0.269.8.114 - Pokki)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.11.110.1 - Intel Security)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 1.2.0.2 - Lenovo) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.36.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo)
Lenovo Updates (x32 Version: 1.3.0.6 - Lenovo) Hidden
Lenovo Web Start (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.1.14.3211 - Lenovo)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.3.5000 - Maxthon International Limited)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 fi) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 fi)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
NHL® 09 (HKLM-x32\...\{F2B5A2A7-2DF9-4361-8BD5-362714528B51}) (Version: 2.0.1.0 - Electronic Arts)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{0F524843-3FEE-4FF7-BBE1-D718319D92F4}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Safari (HKLM-x32\...\{A08BAD08-9AA3-410F-98F3-C92C8EE37218}) (Version: 5.34.54.16 - Apple Inc.)
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
Smartflix (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\smartflix) (Version: 1.3.1 - Smartflix)
Spotify (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Start Menu (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\SweetLabs_Start_Menu) (Version: 0.269.8.114 - Pokki)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
World of Warships (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)
Yahoo! Powered (HKLM-x32\...\{FEE61626-AE66-C7A6-1FE6-B726CF6664A6}) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1AC7BCE2-7987-45F9-A01B-40CC6742DA28} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-04] ()
Task: {1C0FCDCA-E2E6-450B-A756-F236DFB9203D} - System32\Tasks\Opera scheduled Autoupdate 1467532516 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software)
Task: {2D35D72A-CB34-4129-A465-7EE7D804664F} - System32\Tasks\Bing Search Engine lonod => Wscript.exe "C:\ProgramData\{C49901FA-4EDB-8B3C-C81D-157E525F9EB0}\dole.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b43343939303146412d344544422d384233432d433831442d3135374535323546394542307d5c6d69726f6465" "433a5c50726f6772616d446174615c7b43343939303146412d344544422d384233432d43 (the data entry has 82 more characters).
Task: {2FA97DEF-6702-4A15-BE14-C6C8C5D3A1FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {3106A51E-49A4-4A43-BABB-DC04726898EB} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {355FF2ED-B1B4-4420-A271-7E9960FE0914} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.)
Task: {3B269853-EBC0-4374-9AAF-E28DECBC91AA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-03] (AVAST Software)
Task: {51E98A67-8E69-415C-9821-5E60FFC3F23C} - System32\Tasks\Yahoo! Powered lonod => Wscript.exe "C:\ProgramData\{2331E652-A973-6C94-2FB5-F2D6B5F77918}\dole.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b32333331453635322d413937332d364339342d324642352d4632443642354637373931387d5c6d69726f6465" "433a5c50726f6772616d446174615c7b32333331453635322d413937332d364339342d324642 (the data entry has 78 more characters).
Task: {73000B68-E543-4D6C-A553-4BCCFEC00918} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06] (Google Inc.)
Task: {7A847849-998B-480C-8E90-3E88A74CFD1E} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-10-14] (Maxthon International ltd.)
Task: {81486685-AF97-4DA4-8790-A5BE72F666CF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {8B2376AB-A1F4-4255-82DB-3533B60525C8} - System32\Tasks\{A761CCFD-DBE9-4D7E-BB0D-CA25FF8DED87} => C:\Users\Tomi\AppData\Local\UpdateTask\SyncVersion.exe [2017-01-04] ()
Task: {9339A29F-D046-4366-A958-6B982932BF64} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-07-17] (Lenovo)
Task: {94B0B669-C175-4031-96AF-A54215B062AF} - System32\Tasks\SweetLabs App Platform => C:\Users\Tomi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-11-16] (Pokki)
Task: {95F18531-9A70-42D5-897D-FDE8E169F6E6} - System32\Tasks\{256A0A5B-8368-4FE4-A58B-86315467206B} => c:\program files (x86)\opera\launcher.exe [2016-12-19] (Opera Software)
Task: {A6A6AC86-8B98-4336-A99C-15BFEC4C5C74} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E34E3C53-36CF-4D27-8D46-F53D3D624AE6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {F9FF703E-CF8B-4971-85A5-F12B29F960FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Bing Search Engine lonod.job => Wscript.exe C:\ProgramData\{C49901FA-4EDB-8B3C-C81D-157E525F9EB0}\dole.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered lonod.job => Wscript.exe C:\ProgramData\{2331E652-A973-6C94-2FB5-F2D6B5F77918}\dole.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\{A761CCFD-DBE9-4D7E-BB0D-CA25FF8DED87}.job => C:\Users\Tomi\AppData\Local\UPDATE~1\SYNCVE~1.EXE <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Maxthon Cloud Browser (1).lnk -> C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) -> "hxxp://trustedsurf.com/?ssid=1460907109&a=1003679&src=sh&uuid=7d877653-d529-48e6-bafd-1740583a8578"

==================== Loaded Modules (Whitelisted) ==============

2014-04-02 13:47 - 2014-04-02 13:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-08-26 11:08 - 2016-08-26 11:08 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2014-07-17 05:59 - 2012-04-25 04:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-07-17 05:55 - 2014-07-17 05:55 - 00068880 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-07-17 05:55 - 2014-07-17 05:55 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-07-17 06:03 - 2014-07-17 06:03 - 00815104 _____ () C:\Program Files\Lenovo PhoneCompanion\adb.exe
2016-04-15 20:07 - 2016-04-15 20:07 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1035.dll
2017-01-09 19:04 - 2017-01-09 19:04 - 03988944 _____ () C:\Users\Tomi\Downloads\adwcleaner_6.042(1).exe
2016-10-03 18:24 - 2016-10-03 18:24 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-03 18:24 - 2016-10-03 18:24 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-09 15:28 - 2017-01-09 15:28 - 03075072 _____ () C:\Program Files\AVAST Software\Avast\defs\17010901\algo.dll
2016-10-03 18:25 - 2016-10-03 18:25 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2017-01-09 19:08 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tomi\Downloads\the-cult_00397378.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{2A52949E-8216-41D8-860F-54915E59B5D7}] => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{226592F0-2A61-4DF3-9E55-E2F00124E53A}] => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{D7582D63-094E-45C1-B5FF-623F35E48A87}] => C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{0A8161AA-61FE-4D74-B70E-D0CFFC60B094}] => C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{EA362F44-998E-4CF3-A2AC-B5D5F2D6BD37}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D8C928F3-3822-4333-AF13-9860DCA9B88A}] => C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{064C1BB7-7FA7-42D3-A7BC-BA12C5515872}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{BFA92629-297E-4052-A8B1-BE02AB7388B0}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F5C6FA4E-AD47-4F5F-B0E2-D71C7C53F28F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{70D0493C-A5CA-4D0D-96AD-933FB96CA990}] => C:\Users\Tomi\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{24EA9D8E-B0DE-46E1-8AC8-416F892DC2FC}] => C:\Users\Tomi\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0484672A-C8CA-475B-A4A9-DBF084C37DD1}] => C:\Users\Tomi\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8A1A0AB4-F65F-4048-803E-B1D46B7D7C98}] => C:\Users\Tomi\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{21642C45-326E-4DC3-AA11-3389D3CA1BD8}] => C:\Users\Tomi\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{184A27C6-9D0A-4FBC-B04D-933C3DA4E01C}] => C:\Users\Tomi\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{0889ECDD-C6C7-425F-B1E6-ACD3F0B0C82D}C:\users\tomi\appdata\roaming\spotify\spotify.exe] => C:\users\tomi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{14AF6818-97D5-4B6A-9CF2-00969EDE5ECF}C:\users\tomi\appdata\roaming\spotify\spotify.exe] => C:\users\tomi\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B163CCBC-1A53-4102-8BC7-C96D29F7B93D}C:\users\tomi\appdata\roaming\spotify\spotify.exe] => C:\users\tomi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A19576E7-B095-47C0-BB74-B6E1119DBA55}C:\users\tomi\appdata\roaming\spotify\spotify.exe] => C:\users\tomi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5D256067-C95E-4A07-B35C-53BE86C84D1D}] => C:\Users\Tomi\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{9E05EE16-595E-4921-AE53-AC4FA9F4EBD6}C:\users\tomi\appdata\local\temp\i1483712889\windows\resource\jre\bin\javaw.exe] => C:\users\tomi\appdata\local\temp\i1483712889\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{35AEEF42-3967-4F20-94F2-5940F4E1DB07}C:\users\tomi\appdata\local\temp\i1483712889\windows\resource\jre\bin\javaw.exe] => C:\users\tomi\appdata\local\temp\i1483712889\windows\resource\jre\bin\javaw.exe
FirewallRules: [{1D937CB5-11E9-49B8-8B6E-930B01007300}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6FE485D4-860C-4B9F-A466-5446D96837F5}C:\users\tomi\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => C:\users\tomi\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [UDP Query User{B58BC3F1-EE74-47AD-9C45-35644227D341}C:\users\tomi\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => C:\users\tomi\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [{17E5012A-3172-4233-A650-853C64E4E431}] => C:\users\tomi\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [{8864169F-8126-4857-B54F-35B2647A3001}] => C:\users\tomi\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [{C5E66EC7-0BF9-4E27-81DA-6935CF4CB498}] => C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{2F838EDF-AB0A-4AE3-96BC-E92F12673FA3}] => C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{7BD15007-D2AC-45E7-B53B-98B78EFF6D47}] => C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{DF1BA81E-9BF9-4053-92D3-78C8032E05FB}] => C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [TCP Query User{75C9A3F1-C1F5-4C87-90C5-D34D5F223B42}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B6174330-805F-4C04-AD0E-0A1506DEA290}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe

==================== Restore Points =========================

24-12-2016 15:08:32 Installed Safari
31-12-2016 15:48:40 Ajoitettu tarkistuspiste
06-01-2017 16:05:04 Installed DirectX
06-01-2017 17:54:16 SlimDrivers Installing Drivers
06-01-2017 19:05:04 Installed EA Download Manager
09-01-2017 18:59:16 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2017 04:03:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Viallisen sovelluksen nimi: chrome.exe, versio: 51.0.2681.0, aikaleima: 0x56ea60f6
Viallisen moduulin nimi: ntdll.dll, versio: 6.3.9600.18233, aikaleima: 0x56bb4e1d
Poikkeuskoodi: 0xc0000018
Virhepoikkeama: 0x0009d3c2
Viallisen prosessin tunnus: 0xc84
Viallisen sovelluksen käynnistysaika: 0x01d26a8129ffa565
Viallisen sovelluksen polku: C:\Users\Tomi\AppData\Local\Chromium\Application\chrome.exe
Viallisen moduulin polku: C:\WINDOWS\SYSTEM32\ntdll.dll
Raportin tunnus: 67fd1a14-d674-11e6-82bb-18cf5eea202a
Viallisen paketin koko nimi:
Viallisen paketin suhteellinen sovellustunnus:

Error: (01/09/2017 12:33:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Ohjelman LiveComm.exe versio 17.5.9600.20911, lakkasi olemasta yhteydessä Windowsiin, joten se suljettiin. Voit tarkistaa, onko ongelmasta saatavilla lisätietoja, ohjauspaneelin Toimintokeskus-kohdasta.

Prosessin tunnus: a64

Alkamisaika: 01d26a379f627a7f

Päättymisaika: 4294967295

Sovelluksen polku: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Raportin tunnus: 09b32369-d657-11e6-82bb-18cf5eea202a

Viallisen paketin koko nimi: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Viallisen paketin suhteellinen sovellustunnus: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/09/2017 07:07:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Ohjelman LiveComm.exe versio 17.5.9600.20911, lakkasi olemasta yhteydessä Windowsiin, joten se suljettiin. Voit tarkistaa, onko ongelmasta saatavilla lisätietoja, ohjauspaneelin Toimintokeskus-kohdasta.

Prosessin tunnus: 1b74

Alkamisaika: 01d26a3586fc4b7d

Päättymisaika: 4294967295

Sovelluksen polku: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Raportin tunnus: 7bdaf9a3-d629-11e6-82bb-18cf5eea202a

Viallisen paketin koko nimi: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Viallisen paketin suhteellinen sovellustunnus: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/08/2017 06:06:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ongelma esti käyttömukavuuden kehitysohjelman tietojen lähettämisen Microsoftille (virhe 80070005).

Error: (01/08/2017 01:18:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ongelma esti käyttömukavuuden kehitysohjelman tietojen lähettämisen Microsoftille (virhe 80070005).

Error: (01/06/2017 05:54:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Ohjelman SlimDrivers.exe versio 2.3.1.0, lakkasi olemasta yhteydessä Windowsiin, joten se suljettiin. Voit tarkistaa, onko ongelmasta saatavilla lisätietoja, ohjauspaneelin Toimintokeskus-kohdasta.

Prosessin tunnus: 1e04

Alkamisaika: 01d268347973d245

Päättymisaika: 4294967295

Sovelluksen polku: C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

Raportin tunnus: 75822a82-d428-11e6-82ba-18cf5eea202a

Viallisen paketin koko nimi:

Viallisen paketin suhteellinen sovellustunnus:

Error: (01/06/2017 05:52:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Ohjelman SlimCleaner.exe versio 1.3.0.0, lakkasi olemasta yhteydessä Windowsiin, joten se suljettiin. Voit tarkistaa, onko ongelmasta saatavilla lisätietoja, ohjauspaneelin Toimintokeskus-kohdasta.

Prosessin tunnus: e4c

Alkamisaika: 01d26834a54d35c0

Päättymisaika: 4294967295

Sovelluksen polku: C:\Users\Tomi\AppData\Local\Temp\scoped_dir480_3617\SlimCleaner.exe

Raportin tunnus: 264dd81f-d428-11e6-82ba-18cf5eea202a

Viallisen paketin koko nimi:

Viallisen paketin suhteellinen sovellustunnus:

Error: (01/06/2017 05:04:51 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-hallinta)
Description: There was an error with the Windows Location Provider database

Error: (01/06/2017 04:38:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ongelma esti käyttömukavuuden kehitysohjelman tietojen lähettämisen Microsoftille (virhe 80070005).

Error: (01/06/2017 12:43:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ongelma esti käyttömukavuuden kehitysohjelman tietojen lähettämisen Microsoftille (virhe 80070005).


System errors:
=============
Error: (01/09/2017 05:44:21 PM) (Source: DCOM) (EventID: 10010) (User: MACHINAE)
Description: Palvelin {4545DEA0-2DFC-4906-A728-6D986BA399A9} ei rekisteröitynyt DCOM:n kanssa annetun ajan sisällä.

Error: (01/09/2017 05:44:21 PM) (Source: DCOM) (EventID: 10010) (User: MACHINAE)
Description: Palvelin {4545DEA0-2DFC-4906-A728-6D986BA399A9} ei rekisteröitynyt DCOM:n kanssa annetun ajan sisällä.

Error: (01/09/2017 12:48:47 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Virheellinen lohko laitteessa \Device\CdRom0.

Error: (01/09/2017 12:48:29 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Virheellinen lohko laitteessa \Device\CdRom0.

Error: (01/08/2017 05:16:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Palvelua Service Installer TrueKey ei voi käynnistää. Virhekoodi on
Määritettyä tiedostoa ei löydy.

Error: (01/08/2017 03:45:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Palvelu Superfetch lopetettiin virheen takia. Virhe:
Palvelua ei ole käynnistetty.

Error: (01/08/2017 03:45:39 PM) (Source: DCOM) (EventID: 10010) (User: MACHINAE)
Description: Palvelin {4545DEA0-2DFC-4906-A728-6D986BA399A9} ei rekisteröitynyt DCOM:n kanssa annetun ajan sisällä.

Error: (01/08/2017 03:45:39 PM) (Source: DCOM) (EventID: 10010) (User: MACHINAE)
Description: Palvelin {4545DEA0-2DFC-4906-A728-6D986BA399A9} ei rekisteröitynyt DCOM:n kanssa annetun ajan sisällä.

Error: (01/08/2017 03:45:34 PM) (Source: DCOM) (EventID: 10010) (User: MACHINAE)
Description: Palvelin {4545DEA0-2DFC-4906-A728-6D986BA399A9} ei rekisteröitynyt DCOM:n kanssa annetun ajan sisällä.

Error: (01/08/2017 03:45:34 PM) (Source: DCOM) (EventID: 10010) (User: MACHINAE)
Description: Palvelin {4545DEA0-2DFC-4906-A728-6D986BA399A9} ei rekisteröitynyt DCOM:n kanssa annetun ajan sisällä.


CodeIntegrity:
===================================
Date: 2016-10-03 17:45:33.122
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 17:45:32.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 17:45:32.058
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 17:45:31.625
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 17:45:31.118
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 17:45:30.699
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 17:45:30.039
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 17:45:29.622
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 17:45:29.101
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-03 17:45:28.602
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G
Percentage of memory in use: 32%
Total physical RAM: 7098.61 MB
Available physical RAM: 4762.49 MB
Total Virtual: 14266.61 MB
Available Virtual: 11846.86 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.76 GB) (Free:654.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS
Drive e: (HOUSE MD season2 disc1) (CDROM) (Total:7.55 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 079C02F3)

Partition: GPT.

==================== End of Addition.txt ============================

 

• Avaa muistio.
• Kopioi ja Liitä tekstilaatikon sisältö muistioon.
• Nimeä se ( fixlist.txt ) ja tallenna samaan hakemistoon johon FRST.exe on asennettu.

Code:

CloseProcesses:
CreateRestorePoint:

(Pokki) C:\Users\Tomi\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
Startup: C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-10-23]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Tomi\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
GroupPolicy: Restriction <======= ATTENTION
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
CHR DefaultSearchURL: Default -> hxxp://www.hohosearch.com/chrome.php?q={searchTerms}&ts=AHEqA3YkBn4nCE..&v=20160415&uid=A55C24BBC61D81811CB696F914C0F6BD&ptid=epf1&mode=nnnb
CHR DefaultSearchKeyword: Default -> hohosearch
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com/","hxxp://search.conduit.com/?gd=&ctid=CT3321541&octid=EB_ORIGINAL_CTID&ISID=M4F8AF882-ADE8-464D-A28A-6A2C425939D3&SearchSource=55&CUI=&UM=5&UP=SP73708A94-EF9A-4872-A553-9CCCF681EB8A&SSPV=","hxxp://mysearch.avg.com?cid={1E939BC9-A76C-4057-9925-C32612F8B4BD}&mid=3064a43c848a47d289d8d16e5558c95b-5bd17b245ac30cc5b530307e66453ac7df29932d&lang=en&ds=ad011&coid=avgtbdisad&cmpid=&pr=sa&d=2014-03-16 23:05:20&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://www.hohosearch.com/?
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2017-01-09 19:08 - 2016-10-03 18:20 - 00000000 ____D C:\Program Files\ByteFence
2017-01-09 01:24 - 2017-01-09 01:24 - 00000000 ____D C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2017-01-09 18:50 - 2016-04-21 20:39 - 00000000 ____D C:\Users\Tomi\AppData\Local\SweetLabs App Platform
2017-01-09 01:21 - 2016-10-03 18:21 - 00000000 ____D C:\ProgramData\{2331E652-A973-6C94-2FB5-F2D6B5F77918}
Start Menu (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\SweetLabs_Start_Menu) (Version: 0.269.8.114 - Pokki)
Task: {94B0B669-C175-4031-96AF-A54215B062AF} - System32\Tasks\SweetLabs App Platform => C:\Users\Tomi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-11-16] (Pokki)
Lenovo Web Start (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Host App Service (HKU\S-1-5-21-2312945197-1059649812-2768281392-1002\...\SweetLabs_AP) (Version: 0.269.8.114 - Pokki)
Task: {94B0B669-C175-4031-96AF-A54215B062AF} - System32\Tasks\SweetLabs App Platform => C:\Users\Tomi\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-11-16] (Pokki)
Task: {51E98A67-8E69-415C-9821-5E60FFC3F23C} - System32\Tasks\Yahoo! Powered lonod => Wscript.exe "C:\ProgramData\{2331E652-A973-6C94-2FB5-F2D6B5F77918}\dole.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b32333331453635322d413937332d364339342d324642352d4632443642354637373931387d5c6d69726f6465" "433a5c50726f6772616d446174615c7b32333331453635322d413937332d364339342d324642 (the data entry has 78 more characters).
Task: {2D35D72A-CB34-4129-A465-7EE7D804664F} - System32\Tasks\Bing Search Engine lonod => Wscript.exe "C:\ProgramData\{C49901FA-4EDB-8B3C-C81D-157E525F9EB0}\dole.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b43343939303146412d344544422d384233432d433831442d3135374535323546394542307d5c6d69726f6465" "433a5c50726f6772616d446174615c7b43343939303146412d344544422d384233432d43 (the data entry has 82 more characters).
Task: C:\WINDOWS\Tasks\Bing Search Engine lonod.job => Wscript.exe C:\ProgramData\{C49901FA-4EDB-8B3C-C81D-157E525F9EB0}\dole.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered lonod.job => Wscript.exe C:\ProgramData\{2331E652-A973-6C94-2FB5-F2D6B5F77918}\dole.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\{A761CCFD-DBE9-4D7E-BB0D-CA25FF8DED87}.job => C:\Users\Tomi\AppData\Local\UPDATE~1\SYNCVE~1.EXE <==== ATTENTION

CMD: bitsadmin /reset /allusers
Emptytemp:

• Käynnistä tämän jälkeen FRST ja paina Fix - painiketta.
• Kun ohjelma on valmis se luo lokitiedoston ( Fixlog.txt ) työpöydälle.

-------------
Käytät varmaan Avastia ennemmin kuin Mcafeeta

Käynnistä Ohjauspaneeli > Ohjelmat ja toiminnot ( Programs and features ). ja Etsi ja Poista

Mcafee
...
...

-------------