Solved V9 com hijacked Firefox, JRT download fails

P

Petri Kalervo

New Member
Thread author
Jun 30, 2015
8
# AdwCleaner v4.207 - Logfile created 01/07/2015 at 01:34:30
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Petri Kalervo - PETRIKALERVO-PC
# Running from : C:\Users\Petri Kalervo\Downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : iSafeKrnlMon

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\WinZipper
[!] Folder Deleted : C:\Program Files (x86)\Elex-tech
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\PETRIK~1\AppData\Local\Temp\Desk365
Folder Deleted : C:\Users\PETRIK~1\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Petri Kalervo\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Petri Kalervo\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Petri Kalervo\AppData\Roaming\eUpdate
Folder Deleted : C:\Users\Petri Kalervo\AppData\Roaming\WinZipper
[!] Folder Deleted : C:\Users\Petri Kalervo\AppData\Roaming\Elex-tech
Folder Deleted : C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Folder Deleted : C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\END
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\drivers\iSafeNetFilter.sys
File Deleted : C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Deleted : C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.v9.com_0.localstorage
File Deleted : C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.v9.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : Desk 365 RunAsStdUser

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Petri Kalervo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Petri Kalervo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Petri Kalervo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428A-92C9-0CFC28B9D1BF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CE0EA58-AC90-48A0-9A10-056CBD90C074}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CE0EA58-AC90-48A0-9A10-056CBD90C074}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\SpeeditUp
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\Desksvc
Key Deleted : HKLM\SOFTWARE\eSafeSecControl
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\portaldositesSoftware
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\Elex-tech
Key Deleted : HKU\.DEFAULT\Software\Elex-tech
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[3oaxtupa.default-1373869142202\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.v9.com?type=hp&ts=1435601441&from=mych123&uid=wdcxwd10ears-00y5b1_wd-wmav5186642166421&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q");
[3oaxtupa.default-1373869142202\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.v9.com/favicon.ico?t=1");
[3oaxtupa.default-1373869142202\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.v9.com/web?type=ds&ts=1432549024&from=zzgbkk123&uid=wdcxwd10ears-00y5b1_wd-wmav5186642166421&z=725e54eaf32dbca5369babcgczec5o8wezat0e3cee&q={se[...]
[3oaxtupa.default-1373869142202\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.v9.com?type=hp&ts=1435601441&from=mych123&uid=wdcxwd10ears-00y5b1_wd-wmav5186642166421&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q");

-\\ Google Chrome v43.0.2357.130

[C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.v9.com/web?type=ds&ts=1432549024&from=zzgbkk123&uid=wdcxwd10ears-00y5b1_wd-wmav5186642166421&z=725e54eaf32dbca5369babcgczec5o8wezat0e3cee&q={searchTerms}
[C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.v9.com?type=hp&ts=1435601441&from=mych123&uid=wdcxwd10ears-00y5b1_wd-wmav5186642166421&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
[C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 4B67AD413865FA65C64E8BCE566F7A4063F42A7B3DAC39ED7B639E295FBAE5BA"},"software_reporter":{"prompt_reason":"08F8CE76D2BA93FC76DF9BAA188C4AFF099B155C46C1243C99BAC79945F20D60","prompt_seed":"64542DCC61438953772DA6AFF627F4D3F02A39096E263237AB92BEAC124148DE","prompt_version":"9378F343645EB772D12A056A19C0882C59CB91403DF394EB65CBD06518B4E675"},"sync":{"remaining_rollback_tries":"521A84E6BFB29805370F9EC2794A5D57813EFF6C368C071B9843A62DA4A190A6"}},"super_mac":"1A9DFEDE9EAC8F8E936D25E2DD2CB1148EF0BB442F45ECEAE341389405E65BA3"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.v9.com?type=hp&ts=1435601441&from=mych123&uid=wdcxwd10ears-00y5b1_wd-wmav5186642166421&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q

*************************

AdwCleaner[R0].txt - [11951 bytes] - [01/07/2015 01:32:52]
AdwCleaner[S0].txt - [10210 bytes] - [01/07/2015 01:34:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10270 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Petri Kalervo (administrator) on PETRIKALERVO-PC on 01-07-2015 01:59:28
Running from C:\Users\Petri Kalervo\Downloads
Loaded Profiles: Petri Kalervo (Available Profiles: Petri Kalervo)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\Ir.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Users\Petri Kalervo\Documents\notepad2\Notepad2.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2763776 2009-10-28] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast5] => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-14] (Nero AG)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [43871584 2015-06-10] (Dropbox, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-274669479-628602505-3869847215-1000\...\MountPoints2: {408e6a12-06af-11e1-bea7-485b39099c4a} - D:\application\Nokia_Internet_Modem.exe
HKU\S-1-5-21-274669479-628602505-3869847215-1000\...\MountPoints2: {73d26d05-2239-11e1-a801-001e101faa49} - D:\Autorun.exe
HKU\S-1-5-21-274669479-628602505-3869847215-1000\...\MountPoints2: {cd9a7eab-f7eb-11e0-8746-485b39099c4a} - D:\Autorun.exe
HKU\S-1-5-21-274669479-628602505-3869847215-1000\...\MountPoints2: {cd9a7ebb-f7eb-11e0-8746-485b39099c4a} - D:\Autorun.exe
HKU\S-1-5-21-274669479-628602505-3869847215-1000\...\MountPoints2: {d10dde41-0698-11e4-94bb-485b39099c4a} - D:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2010-07-24]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-09-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk [2010-07-24]
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Petri Kalervo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-10-30]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKU\S-1-5-21-274669479-628602505-3869847215-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKU\S-1-5-21-274669479-628602505-3869847215-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehp
HKU\S-1-5-21-274669479-628602505-3869847215-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=143560...&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
HKU\S-1-5-21-274669479-628602505-3869847215-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
HKU\S-1-5-21-274669479-628602505-3869847215-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.portaldosites.com/web...10EARS-00Y5B1_WD-WMAV5186642166421&ts=7077996
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=14...ca5369babcgczec5o8wezat0e3cee&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.portaldosites.com/web...10EARS-00Y5B1_WD-WMAV5186642166421&ts=7077996
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=14...ca5369babcgczec5o8wezat0e3cee&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-274669479-628602505-3869847215-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=14...ca5369babcgczec5o8wezat0e3cee&q={searchTerms}
SearchScopes: HKU\S-1-5-21-274669479-628602505-3869847215-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.portaldosites.com/web...10EARS-00Y5B1_WD-WMAV5186642166421&ts=7077996
SearchScopes: HKU\S-1-5-21-274669479-628602505-3869847215-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=14...ca5369babcgczec5o8wezat0e3cee&q={searchTerms}
SearchScopes: HKU\S-1-5-21-274669479-628602505-3869847215-1000 -> {9CE0EA58-AC90-48A0-9A10-056CBD90C074} URL = http://websearch.ask.com/redirect?c...pn_sauid=F541A923-4BBD-4104-86E5-60E6AF72FDD3
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-26] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1FCB5D24-945E-46B9-A682-140EA8D99263}: [DhcpNameServer] 10.80.1.1
Tcpip\..\Interfaces\{56FDB24C-20A7-40A3-B595-C92D345145E7}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Petri Kalervo\AppData\Roaming\Mozilla\Firefox\Profiles\3oaxtupa.default-1373869142202
FF NewTab: hxxp://www.v9.com?type=hp&ts=1435601441&from=mych123&uid=wdcxwd10ears-00y5b1_wd-wmav5186642166421&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
FF DefaultSearchEngine: V9
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: V9
FF Homepage: hxxp://www.v9.com?type=hp&ts=1435601441&from=mych123&uid=wdcxwd10ears-00y5b1_wd-wmav5186642166421&z=42e3fafd312058fcabb49f6gbz1c7w6qdecg1z1w1q
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111FI0D20140117&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-29] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-10] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-06-24] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-29] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-06-24] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Petri Kalervo\AppData\Roaming\Mozilla\Firefox\Profiles\3oaxtupa.default-1373869142202\searchplugins\v9-.xml [2015-07-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-03-19]
FF Extension: xRocket Toolbar - C:\Users\Petri Kalervo\AppData\Roaming\Mozilla\Firefox\Profiles\3oaxtupa.default-1373869142202\Extensions\arthurj8283@gmail.com [2015-05-25]
FF Extension: Adblock Plus - C:\Users\Petri Kalervo\AppData\Roaming\Mozilla\Firefox\Profiles\3oaxtupa.default-1373869142202\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-30]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Petri Kalervo\AppData\Roaming\Mozilla\Firefox\Profiles\3oaxtupa.default-1373869142202\extensions\arthurj8283@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-17]
FF HKU\S-1-5-21-274669479-628602505-3869847215-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-06-30]
CHR Extension: (Google Wallet) - C:\Users\Petri Kalervo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [552448 2010-07-23] (Hauppauge Computer Works) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-05-21] (Elex do Brasil Participações Ltda)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R3 HCW3x64; C:\Windows\System32\DRIVERS\HCW71364.sys [1405056 2009-02-18] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-04-26] (Paragon Software Group)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-21] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-05-21] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-05-21] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-05-21] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1310720 2010-08-23] (C-Media Electronics Inc)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 01:59 - 2015-07-01 02:00 - 00027780 _____ C:\Users\Petri Kalervo\Downloads\FRST.txt
2015-07-01 01:59 - 2015-07-01 01:59 - 00000000 ____D C:\FRST
2015-07-01 01:58 - 2015-07-01 01:58 - 02112512 _____ (Farbar) C:\Users\Petri Kalervo\Downloads\FRST64.exe
2015-07-01 01:42 - 2015-07-01 01:42 - 02421645 _____ (Malwarebytes Corporation) C:\Users\Petri Kalervo\Downloads\JRT.exe
2015-07-01 01:38 - 2015-07-01 01:38 - 00000000 ____D C:\Users\Petri Kalervo\AppData\Roaming\Elex-tech
2015-07-01 01:38 - 2015-04-17 05:43 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-07-01 01:31 - 2015-07-01 01:36 - 00000000 ____D C:\AdwCleaner
2015-07-01 01:30 - 2015-07-01 01:30 - 02244096 _____ C:\Users\Petri Kalervo\Downloads\adwcleaner_4.207.exe
2015-06-18 18:28 - 2015-06-18 18:28 - 00000000 ____D C:\Users\Petri Kalervo\New folder
2015-06-18 18:26 - 2015-06-18 18:26 - 00001226 _____ C:\Users\Petri Kalervo\Desktop\Dropbox.lnk
2015-06-18 18:25 - 2015-06-18 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-18 18:24 - 2015-06-18 18:24 - 00000000 ____D C:\Users\Petri Kalervo\AppData\Roaming\Dropbox
2015-06-18 18:21 - 2015-07-01 01:40 - 00000000 ____D C:\Users\Petri Kalervo\AppData\Local\Dropbox
2015-06-18 18:21 - 2015-07-01 01:38 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-06-18 18:21 - 2015-07-01 01:26 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-06-18 18:21 - 2015-06-18 18:25 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-06-18 18:21 - 2015-06-18 18:21 - 00003918 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-06-18 18:21 - 2015-06-18 18:21 - 00003666 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-06-18 18:21 - 2015-06-18 18:21 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-18 18:19 - 2015-06-18 18:20 - 00660960 _____ (Dropbox, Inc.) C:\Users\Petri Kalervo\Downloads\DropboxInstaller.exe
2015-06-18 18:14 - 2015-06-18 18:54 - 399716352 _____ C:\Users\Petri Kalervo\Downloads\Petri.MTS
2015-06-15 23:36 - 2015-05-25 20:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-15 23:35 - 2015-06-01 22:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-15 23:35 - 2015-06-01 21:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-15 23:35 - 2015-05-27 17:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-15 23:35 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-15 23:35 - 2015-05-23 06:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-15 23:35 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-15 23:35 - 2015-05-23 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-15 23:35 - 2015-05-23 06:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-15 23:35 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-15 23:35 - 2015-05-23 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-15 23:35 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-15 23:35 - 2015-05-23 06:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-15 23:35 - 2015-05-23 06:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-15 23:35 - 2015-05-23 06:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-15 23:35 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-15 23:35 - 2015-05-23 06:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-15 23:35 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-15 23:35 - 2015-05-23 05:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-15 23:35 - 2015-05-23 05:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-15 23:35 - 2015-05-23 05:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-15 23:35 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-15 23:35 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-15 23:35 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-15 23:35 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-15 23:35 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-15 23:35 - 2015-05-23 05:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-15 23:35 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-15 23:35 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-15 23:35 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-15 23:35 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-15 23:35 - 2015-05-22 22:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-15 23:35 - 2015-05-22 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-15 23:35 - 2015-05-22 22:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-15 23:35 - 2015-05-22 22:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-15 23:35 - 2015-05-22 22:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-15 23:35 - 2015-05-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-15 23:35 - 2015-05-22 22:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-15 23:35 - 2015-05-22 21:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-15 23:35 - 2015-05-22 21:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-15 23:35 - 2015-05-22 21:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-15 23:35 - 2015-05-22 21:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-15 23:35 - 2015-05-22 21:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-15 23:35 - 2015-05-22 21:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-15 23:35 - 2015-05-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-15 23:35 - 2015-05-22 21:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-15 23:35 - 2015-05-22 21:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-15 23:35 - 2015-05-22 21:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-15 23:35 - 2015-05-22 21:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-15 23:35 - 2015-05-22 21:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-15 23:35 - 2015-05-22 21:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-15 23:35 - 2015-05-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-15 23:35 - 2015-05-22 21:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-15 23:35 - 2015-05-22 21:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-15 23:35 - 2015-05-22 21:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-15 23:35 - 2015-05-22 21:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-15 23:35 - 2015-05-22 21:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-15 23:35 - 2015-05-22 20:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-15 23:35 - 2015-05-22 20:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-15 23:35 - 2015-05-22 20:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-15 23:35 - 2015-05-22 20:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-15 23:34 - 2015-05-22 21:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-15 23:34 - 2015-05-22 21:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-15 23:34 - 2015-05-22 21:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-15 23:34 - 2015-05-22 21:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-15 23:34 - 2015-05-22 21:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-15 23:34 - 2015-05-22 21:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-15 23:34 - 2015-05-22 21:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-15 23:34 - 2015-05-21 16:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-15 23:34 - 2015-04-29 21:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-15 23:34 - 2015-04-29 21:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-15 23:34 - 2015-04-29 21:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-15 23:34 - 2015-04-29 21:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-15 23:34 - 2015-04-29 21:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-15 23:34 - 2015-04-29 21:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-15 23:34 - 2015-04-29 21:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-15 23:34 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-15 23:34 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-15 23:34 - 2015-04-29 21:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-15 23:33 - 2015-05-25 21:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-15 23:33 - 2015-05-25 21:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-15 23:33 - 2015-05-25 21:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-15 23:33 - 2015-05-25 21:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-15 23:33 - 2015-05-25 21:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-15 23:33 - 2015-05-25 21:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-15 23:32 - 2015-05-25 21:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-15 23:32 - 2015-05-25 21:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-15 23:32 - 2015-05-25 21:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-15 23:32 - 2015-05-25 21:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-15 23:32 - 2015-05-25 21:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-15 23:32 - 2015-05-25 21:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-15 23:32 - 2015-05-25 21:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-15 23:32 - 2015-05-25 21:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-15 23:32 - 2015-05-25 21:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-15 23:32 - 2015-05-25 21:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-15 23:32 - 2015-05-25 21:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-15 23:32 - 2015-05-25 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-15 23:32 - 2015-05-25 21:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-15 23:32 - 2015-05-25 21:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-15 23:32 - 2015-05-25 21:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-15 23:32 - 2015-05-25 21:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-15 23:32 - 2015-05-25 21:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-15 23:32 - 2015-05-25 21:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-15 23:32 - 2015-05-25 21:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-15 23:32 - 2015-05-25 21:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 21:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-15 23:32 - 2015-05-25 21:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-15 23:32 - 2015-05-25 21:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-15 23:32 - 2015-05-25 21:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-15 23:32 - 2015-05-25 21:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-15 23:32 - 2015-05-25 21:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-15 23:32 - 2015-05-25 21:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-15 23:32 - 2015-05-25 21:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-15 23:32 - 2015-05-25 21:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-15 23:32 - 2015-05-25 21:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-15 23:32 - 2015-05-25 21:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-15 23:32 - 2015-05-25 20:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-15 23:32 - 2015-05-25 20:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-15 23:32 - 2015-05-25 20:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-15 23:32 - 2015-05-25 20:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-15 23:32 - 2015-05-25 20:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-15 23:32 - 2015-05-25 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-15 23:32 - 2015-05-25 19:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-15 23:32 - 2015-05-25 19:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-15 23:32 - 2015-05-25 19:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 19:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-15 23:32 - 2015-05-25 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-15 23:31 - 2015-04-24 21:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-15 23:31 - 2015-04-24 20:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-15 23:31 - 2015-04-11 06:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-03 10:16 - 2015-06-16 03:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 01:46 - 2009-07-14 07:45 - 00026032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 01:46 - 2009-07-14 07:45 - 00026032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 01:45 - 2012-06-16 13:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 01:43 - 2010-06-24 16:07 - 01449000 _____ C:\Windows\WindowsUpdate.log
2015-07-01 01:43 - 2009-07-14 08:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 01:39 - 2012-02-26 15:41 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 01:39 - 2009-07-14 07:51 - 02031178 _____ C:\Windows\setupact.log
2015-07-01 01:38 - 2012-02-26 15:41 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 01:38 - 2010-07-02 14:50 - 01917344 _____ C:\Windows\PFRO.log
2015-07-01 01:38 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-01 01:36 - 2015-05-21 15:11 - 00000000 ____D C:\Windows\system32\log
2015-07-01 01:36 - 2012-02-26 16:00 - 00001286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-01 01:36 - 2012-02-26 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-01 01:36 - 2010-06-24 16:13 - 00001005 _____ C:\Users\Petri Kalervo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-29 21:50 - 2010-09-17 17:33 - 00000000 ____D C:\Users\Petri Kalervo\AppData\Local\Adobe
2015-06-29 21:49 - 2012-06-16 13:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-29 21:49 - 2012-06-16 13:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-29 21:49 - 2011-07-05 01:32 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-25 09:00 - 2009-07-14 08:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-24 09:04 - 2015-01-25 08:00 - 00001948 _____ C:\Users\Petri Kalervo\Desktop\#####me.txt
2015-06-18 18:30 - 2010-06-24 16:12 - 00000000 ____D C:\Users\Petri Kalervo
2015-06-16 04:12 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-06-16 03:35 - 2014-01-17 23:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-16 03:35 - 2013-07-15 08:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-16 03:35 - 2009-07-14 07:45 - 00294648 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 03:32 - 2014-12-15 04:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-16 03:32 - 2014-05-08 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-16 03:31 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-16 03:12 - 2013-08-16 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-06-16 03:02 - 2010-06-28 14:11 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 08:34 - 2013-04-27 10:08 - 00002717 _____ C:\Users\Petri Kalervo\Documents\jj

==================== Files in the root of some directories =======

2010-11-05 11:36 - 2014-07-08 15:08 - 0007596 _____ () C:\Users\Petri Kalervo\AppData\Local\resmon.resmoncfg
2012-04-23 13:55 - 2012-04-23 13:55 - 0005028 _____ () C:\ProgramData\cgatmfqq.mbd
2010-07-13 22:36 - 2010-07-13 22:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-04-29 23:46 - 2012-04-29 23:46 - 0004865 _____ () C:\ProgramData\innbfrij.xis
2012-04-23 14:35 - 2012-04-23 14:35 - 0005061 _____ () C:\ProgramData\rfyearrd.gkz

Some files in TEMP:
====================
C:\Users\Petri Kalervo\AppData\Local\Temp\APNStub.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\Autorun.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa20oif.dll
C:\Users\Petri Kalervo\AppData\Local\Temp\hcwclear.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\IR32.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\Quarantine.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\read.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\ResetDevice.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\SoftMCE_Setup.exe
C:\Users\Petri Kalervo\AppData\Local\Temp\sqlite3.dll
C:\Users\Petri Kalervo\AppData\Local\Temp\wajam_install.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 09:28

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Petri Kalervo at 2015-07-01 02:00:41
Running from C:\Users\Petri Kalervo\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-274669479-628602505-3869847215-500 - Administrator - Disabled)
Guest (S-1-5-21-274669479-628602505-3869847215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-274669479-628602505-3869847215-1062 - Limited - Enabled)
Petri Kalervo (S-1-5-21-274669479-628602505-3869847215-1000 - Administrator - Enabled) => C:\Users\Petri Kalervo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{4FBB2E98-1A3B-396A-A662-73E17009C076}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.8.1.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
ccc-core-static (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.29 - Dropbox, Inc.) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hauppauge MCE XP/Vista Software Encoder (2.0.28104) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.28104 - Hauppauge Computer Works, Inc.)
Hauppauge Software MPEG-2 Decoder Installer (HKLM-x32\...\Hauppauge Software MPEG-2 Decoder Installer) (Version: - )
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.28205 - Hauppauge Computer Works)
Hauppauge WinTV Infrared Remote (HKLM-x32\...\Hauppauge WinTV Infrared Remote) (Version: 2.66.28188 - Hauppauge Computer Works, Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movavi Video Suite 10 (HKLM-x32\...\Movavi Video Suite 10) (Version: 10.3.0 - Movavi)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.22001 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0031 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.26001 - Nero AG)
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.16000 - Nero AG)
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.26000 - Nero AG)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Paragon Backup & Recovery™ 10.2 Free Edition (HKLM\...\{AB562530-921D-11DE-A208-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
R for Windows 2.11.1 (HKLM-x32\...\R for Windows 2.11.1_is1) (Version: 2.11.1 - R Development Core Team)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Skype™ 5.1 (HKLM-x32\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.1.112 - Skype Technologies S.A.)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
VIA Ohjelmistoalustan laitehallinta (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
ZTE 1.2088.0.6 (HKLM-x32\...\ZTE) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

08-06-2015 09:34:24 Scheduled Checkpoint
16-06-2015 03:00:35 Windows Update
24-06-2015 12:33:00 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08435008-4F77-4C68-8E8C-146F84CE2C8E} - System32\Tasks\{FC60F931-585D-436D-A801-909A9304F99A} => pcalua.exe -a "C:\Users\Petri Kalervo\Downloads\10-6_vista32_win7_32_dd_ccc_enu.exe" -d C:\Windows\system32
Task: {0DBED25D-9E45-4E38-87F8-A2D98640CA27} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {16591E2E-CB30-4730-B908-D4D235152D4C} - System32\Tasks\{EB53D325-05D7-43D5-9503-7918ADDB4405} => pcalua.exe -a "C:\Users\Petri Kalervo\Downloads\10715-64.exe" -d "C:\Users\Petri Kalervo\Downloads"
Task: {246D7C1E-050B-4B8A-B8D3-54C518841095} - System32\Tasks\{2E4DB7CE-BC65-436E-9102-9C02049E66F8} => pcalua.exe -a "C:\Users\Petri Kalervo\AppData\Local\Temp\NERO02000168\setup.exe" -d C:\Windows\SysWOW64 -c /embed"{0B9D2698-A292-4559-9140-D1F0EDA26C68}" /hide_splash /hide_progress /runprerequisites"BackItUp,BurnRights,Express,RescueAgent,Common" /l1035
Task: {38394878-1516-4F6C-8B70-9B9E6A71666F} - System32\Tasks\{79EF05E7-62B4-4B79-BCC6-D89974C27E06} => pcalua.exe -a E:\Nero\Setupx.exe -d E:\Nero
Task: {509A2356-7F52-4173-A23B-3DF52A326277} - System32\Tasks\{D21D349A-55DF-4D2F-A6A6-C3A7A200A405} => pcalua.exe -a F:\MDVS\setup\setup.exe -d F:\
Task: {74A59483-72AD-4BFB-82D9-9344376EABA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {7ABA2BCF-D763-4DAA-A8A9-FB42D744174C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {83498ACE-87AB-4CF4-A0CD-502A5D02DEFF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {95502D57-497C-4CDE-8ECC-B5476611E52E} - System32\Tasks\{D7DFDFEF-D37E-4E4F-A63E-B4D2C0168370} => pcalua.exe -a "C:\Users\Petri Kalervo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\357ZLMBG\Firefox%20Setup%203.6.6[1].exe" -d "C:\Users\Petri Kalervo\Desktop"
Task: {A20CE852-8CD8-44E2-8404-4D1229AB5B5D} - System32\Tasks\{5ACD2F5D-61A6-4EF8-A4D3-BD24A402BC4C} => pcalua.exe -a "C:\Users\Petri Kalervo\Downloads\10715-64(1).exe" -d "C:\Users\Petri Kalervo\Downloads"
Task: {AAFD34A7-D662-49A7-AE88-1573FD8BB82F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B016CFDB-123A-4575-8CFA-F363C84D797C} - System32\Tasks\{D9EE6952-9EBD-49F9-90D0-8A9D254AD2A3} => pcalua.exe -a "C:\HAUPPA~1\WinTV v7 CD 2.1\Setup.exe" -d "C:\HAUPPA~1\WinTV v7 CD 2.1\"
Task: {B8ADAB17-D8EE-458E-B3E8-CBF2E9F4B47C} - System32\Tasks\{BC4F8893-2F81-4CB5-95E9-2F8D067D07BF} => Firefox.exe
Task: {CA112A42-BBA0-4C3C-B4A4-CF33AD9FE82E} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-24] (Microsoft Corporation)
Task: {D1AF5E8A-C8B0-4308-9FCF-E69594FC9C03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-29] (Adobe Systems Incorporated)
Task: {D7D51F2C-4C85-4AEA-95D7-79D634A4C8DF} - System32\Tasks\{A173297F-2C44-4E93-89B2-F15E2F686C42} => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe [2010-07-24] (Hauppauge Computer Works, Inc.)
Task: {E50528C2-F8A5-4853-A798-ECFEF29FD9E9} - System32\Tasks\{CF3698BC-BBDD-4E91-994B-54E684D5EC8D} => C:\Program Files (x86)\WinTV\WinTV7\WinTV7.exe [2010-07-24] (Hauppauge Computer Works, Inc.)
Task: {F46724CD-B2E7-4F14-B343-5A5CFE6C673E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {FA7183DE-66EA-4973-B6B1-E141B9F86516} - System32\Tasks\{7B3E9C03-8CB6-4B44-BEFF-3EE23743F8B9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-01-26] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2010-06-28 12:14 - 2009-05-07 11:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-06-28 12:14 - 2009-05-07 11:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-06-28 12:14 - 2008-01-18 09:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-06-28 12:14 - 2009-10-28 05:26 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2010-03-05 01:00 - 2010-03-05 01:00 - 00632832 _____ () C:\Users\Petri Kalervo\Documents\notepad2\Notepad2.exe
2010-04-16 14:20 - 2010-04-16 14:20 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-27 12:40 - 2010-05-27 12:40 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-05-21 15:11 - 2015-05-21 11:48 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2015-05-21 15:11 - 2015-04-17 05:43 - 00176976 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2015-05-21 15:11 - 2015-04-17 05:43 - 00087744 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2010-07-24 10:19 - 2010-07-23 17:46 - 00019456 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2015-05-21 15:11 - 2015-05-21 11:48 - 00179200 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2011-01-17 17:19 - 2011-10-30 06:55 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-07-01 01:39 - 2015-07-01 01:39 - 00043008 _____ () c:\Users\Petri Kalervo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa20oif.dll
2015-06-18 18:24 - 2015-03-19 10:15 - 00750080 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-06-18 18:24 - 2015-03-19 10:15 - 00047616 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2015-06-18 18:24 - 2015-03-19 10:15 - 00865280 _____ () C:\Program Files (x86)\Dropbox\Client\plugins\platforms\qwindows.dll
2015-06-18 18:24 - 2015-03-19 10:15 - 00200704 _____ () C:\Program Files (x86)\Dropbox\Client\plugins\imageformats\qjpeg.dll
2015-06-18 18:24 - 2015-03-19 10:15 - 00010240 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-06-18 18:24 - 2015-03-19 10:15 - 00726016 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-18 18:24 - 2015-03-19 10:15 - 00010240 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-06-29 21:49 - 2015-06-29 21:49 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-274669479-628602505-3869847215-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Petri Kalervo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{1CD68F14-B327-4007-BFB4-2C5A85E23D94}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C53BA545-9547-4103-84E7-E3F86BC484D3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D323EBF5-754E-4BB7-B41D-8CCE79B8C812}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{243BE411-9D89-4A42-8E3C-E9A8CD4FD4D7}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{33396C57-7222-48F5-8F8D-35C55E766EEF}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{650B20E8-1145-4288-83F5-8FCB2501923E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{478E0EE1-6599-45AD-98EE-66E5FA56CD2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EC0AD04-13DA-4289-9E64-B823CC6CCD41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C3A0327-DBC8-41F0-B064-1AAE05B912F8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{FA9E8032-9095-4B5F-B840-8883CB16766E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2015 09:13:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (06/26/2015 09:13:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (06/26/2015 09:13:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (06/26/2015 09:13:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (06/26/2015 09:13:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (06/26/2015 09:13:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (06/26/2015 09:13:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (06/26/2015 09:13:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (06/26/2015 09:13:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (06/26/2015 09:13:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (07/01/2015 01:38:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The YAC NDIS Driver service failed to start due to the following error:
%%2

Error: (07/01/2015 01:38:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iSafeNetFilter

Error: (07/01/2015 01:37:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (07/01/2015 01:37:13 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/01/2015 01:36:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/01/2015 01:36:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/01/2015 01:36:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/01/2015 01:35:00 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (07/01/2015 01:34:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/01/2015 01:34:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (06/26/2015 09:13:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/26/2015 09:13:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/26/2015 09:13:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/26/2015 09:13:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/26/2015 09:13:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/26/2015 09:13:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/26/2015 09:13:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/26/2015 09:13:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/26/2015 09:13:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/26/2015 09:13:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 48%
Total physical RAM: 4095.11 MB
Available physical RAM: 2095.89 MB
Total Pagefile: 8188.43 MB
Available Pagefile: 5544.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:37.96 GB) NTFS
Drive p: () (Fixed) (Total:175.78 GB) (Free:172.39 GB) NTFS
Drive v: () (Fixed) (Total:658.07 GB) (Free:377.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11513B0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=175.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=658.1 GB) - (Type=07 NTFS)

==================== End of log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




warning.gif
Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



Please upload all reports. Thanks!
 
P

Petri Kalervo

New Member
Thread author
Jun 30, 2015
8
Glad to meet you THE,

you remind me of my favorite actor/director. I don't find Watch thread at the top of my first post, only the link Unwatch thread, so I have no idea how to check 'Watch...receive eMail...' but I got your eMail anyway.

McAfee opens a warning window that hides the V9 window immediately. I suppose you don't mind if I use the Google, Weebly, YouTube and eMail links that I find as before from the down-arrow of the top line of it, while you try to fix my problem.

Question 0: You did not touch my original question in your first greetings. What means the download error Non 7c archive that aborted step2 of your instructions, and what I should do to go around that problem?
Question 1: Can I spread V9 by using the net?
Question 2: I did backup my own code and photos to be safe, as instructed. Did I bring the malware to my external hard disk this way?

I'm really a beginner what concerns PC's and internet. I would prefer work off-line, and my current problem is exactly what I expected to happen if I connect to the world.

PK
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
You do not need to run any tools now, only ones I ask from you. I don't think you can spread this infection. No I don't think your external hard drive is infected.

Please upload both FRST reports, so we can start with disinfection.
 
P

Petri Kalervo

New Member
Thread author
Jun 30, 2015
8
You mean those I sent already as part of my original message. I send them again here. Or must I install FRST again?
 

Attachments

  • FRST.txt
    60.3 KB · Views: 10
  • Addition.txt
    29.9 KB · Views: 11
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    6.9 KB · Views: 12
P

Petri Kalervo

New Member
Thread author
Jun 30, 2015
8
Well, the hijacker is still replacing Firefox and Chrome page with its own V9.com. I followed the impressive clean-up done by FRST. None of my personal things (R code, photos) were affected and work as always. Only thing I see is that I have to type in again some addresses which Windows and Firefox had collected in their priority stacks based on my usage. Did you expect that the clean-up would also get rid of the V9 portal or whatever it's called?
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's make one more scan:

51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.



FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
P

Petri Kalervo

New Member
Thread author
Jun 30, 2015
8
Here are the three documents you requested. In passing: two button names were a little different. Start scan. Remove selected. 32. When I went to read the end of your instructions, I wished to see finally the Firefox starting page again. No, V9.com still rules.
 

Attachments

  • mbam-log.txt
    10.3 KB · Views: 5
  • FRST.txt
    55.4 KB · Views: 4
  • Addition.txt
    30.9 KB · Views: 4
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Please uninstall YAC(Yet Another Cleaner!)


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    3 KB · Views: 7
P

Petri Kalervo

New Member
Thread author
Jun 30, 2015
8
So, you did it. Thank you. Firefox treated me as a newcomer, asking me to open an account there. I guess that was to be expected.

YAC was already uninstalled. I don't remember ever installing it. I noticed names like F-Secure during your operations, that were uninstalled years ago. And many mysterious names. Anyway, there is more space now on my hard disk, thank you. Do you think my six year old PC would profit from some other form of maintenance? I never did any.

Last night (not anymore) Google warned me twice when I logged in to gmail that an intruder has logged on my account. Why was that? Another collateral from the clean-ups?

Question 3: I only have Antivirus protection. Had I avoided my troubles if I had internet security? On your pages McAfee seems not be popular. I abandoned Avast because an important update made it check up YouTube music so thoroughly that the continuity of video was shattered. Which kind of tool had prevented V9, Ask, Portaldo etc from hijacking my browser?

Question 4: Can it be that Adobe update was the reason this time? Or is this the price I have to pay for hearing for free music, like my beloved Top-20 hits from around 1960? I've never copied music in my computer, only listen to on-line. Is even that a security risk? When the hijacking occurred, I only was in contact to the net by accepting that update and singing with Emeli Sande for a while. When I don't need the net, I physically disconnect the modem. Under usual circumstances I'm connected twice per week for a couple of hours. I've never opened any of the publicity side windows, clicked You Tube comments etc. I guess I'm more cautious than 95% of users, yet I seem to be the only one among my friends who is attracting PUP's!
 

Attachments

  • Fixlog.txt
    6.4 KB · Views: 3
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Question 1 and 3: I'll give you some readings to protect your PC better and to possibly breath new life into it.

Question 2: Do you still have this warning?

Question 4: Free doesn't mean free always. You probably installed something by clicking on ads or fake download buttons.
 
P

Petri Kalervo

New Member
Thread author
Jun 30, 2015
8
After two days I'm starting to forget the nasty episode. I just tested Chrome which had, I believe, still Portaldo until V9 took over. Both are now gone. My friend says Chrome is safer. Would you recommend me to give up Firefox?

No further alerts from Google.

Can/should I remove FRST, mbam-set and the logs from my Desktop? I guess you recommend me to stick with MalwareTips as a passive member, in case a new problem appears? I don't really know if I am any wiser now.

I'm eagerly waiting to get the advice you promised on protection against malware. I picked McAfee because it made a special offer which turned out not to be so special.Anyway it's paid until end of the year. My friend sticks to F-Secure IS, for patriotic reasons.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Both Firefox and Chrome are fine and pretty safe, so it is up to you.

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.



Recommended additional software:
icon_arrow.gif
CCleaner - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,496
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
2,353
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
2,275
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top