Solved Internet Connection Break - Sent Data Much larger Than Received

T

TJuser

Posts: 16   +0
Hello! For the past couple of weeks I’ve been getting constant “There is no internet connection” screens. The screen also states “DNS_PROBE_FINISHED_NO_INTERNET. This happens despite Local Area Connection Status shows I’m connected to the internet and I can see data flowing. One of the issue I noticed, when monitoring connection activity, is that my computer is sending much more data than receiving. This made me think that my computer might be infected. The connection break outs are getting so frequent that it’s pretty much impossible to use my desktop. I have F-Secure Virus scanner that showed no infections. I also ran Malwarebytes scan and it came up clean. Here is my FRST logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2017
Ran by Teppo (administrator) on TJ (17-08-2017 23:30:33)
Running from C:\Users\Teppo\Desktop
Loaded Profiles: Teppo (Available Profiles: Teppo & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe
() C:\Program Files (x86)\PureVPN\vpnclient.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google, Inc) C:\Users\Teppo\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
() C:\Program Files (x86)\PureVPN\purevpn.exe
(Google Inc.) C:\Users\Teppo\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [EPSON Stylus CX7400 Series] => C:\WINDOWS\TEMP\E_S40EA.tmp [132 2016-08-03] () <==== ATTENTION
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [Google Update] => C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [Google Photos Backup] => C:\Users\Teppo\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [PureVPN] => autorun
Startup: C:\Users\Teppo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2017-06-24]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe ()
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{92a078cd-ba36-4e4c-8fd2-42936ac9cce0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e06f8e03-d367-4c2f-ac92-3da89ef1ebe5}: [DhcpNameServer] 138.99.210.3 0.0.0.0

Internet Explorer:
==================
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2017-05-11] (F-Secure Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2017-05-11] (F-Secure Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-25] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-25] (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

FireFox:
========
FF DefaultProfile: 6x6fzu3b.default
FF ProfilePath: C:\Users\Teppo\AppData\Roaming\Mozilla\Firefox\Profiles\6x6fzu3b.default [2017-05-21]
FF Extension: (Ebates Cash Back) - C:\Users\Teppo\AppData\Roaming\Mozilla\Firefox\Profiles\6x6fzu3b.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-03-09]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2017-05-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-05-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-02-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-04-25] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1148200332-1382918412-2715992946-1008: @tools.google.com/Google Update;version=3 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1148200332-1382918412-2715992946-1008: @tools.google.com/Google Update;version=9 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1148200332-1382918412-2715992946-1008: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2017-08-17] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1148200332-1382918412-2715992946-1008: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2017-08-17] (TD Ameritrade)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default [2017-08-17]
CHR Extension: (Google Slides) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-26]
CHR Extension: (Google Docs) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-26]
CHR Extension: (Google Drive) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-26]
CHR Extension: (YouTube) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26]
CHR Extension: (Google Sheets) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-26]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2016-09-07]
CHR Extension: (Ghostery) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 fshoster; C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE [218080 2016-10-26] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Reputation\fsorsp.exe [67640 2017-05-09] (F-Secure Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [31872 2016-12-20] (The OpenVPN Project)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 sevpnclient; C:\Program Files (x86)\PureVPN\vpnclient.exe [4838400 2016-12-20] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-07-29] (Microsoft Corporation)
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [202752 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-11-06] (Advanced Micro Devices, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\FSgk.sys [230552 2017-06-28] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [106648 2017-06-28] (F-Secure Corporation)
R0 fsbts; C:\WINDOWS\System32\Drivers\fsbts.sys [73928 2016-07-06] ()
R3 fsni; C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\fsni64.sys [120016 2017-05-11] (F-Secure Corporation)
S3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTDVHD64.sys [1980648 2012-04-25] (Realtek Semiconductor Corp.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-08-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-08-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-08-17] (Malwarebytes)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\neo_vpn.sys [29744 2016-12-20] (PureVPN)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-17 23:30 - 2017-08-17 23:31 - 000018747 _____ C:\Users\Teppo\Desktop\FRST.txt
2017-08-17 22:40 - 2017-08-17 23:30 - 000000000 ____D C:\FRST
2017-08-17 22:39 - 2017-08-17 22:40 - 002395648 _____ (Farbar) C:\Users\Teppo\Desktop\FRST64.exe
2017-08-17 22:37 - 2017-08-17 22:37 - 001792512 _____ (Farbar) C:\Users\Teppo\Downloads\FRST (1).exe
2017-08-17 22:35 - 2017-08-17 22:35 - 001792512 _____ (Farbar) C:\Users\Teppo\Downloads\FRST.exe
2017-08-17 21:28 - 2017-08-17 22:50 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-17 21:28 - 2017-08-17 22:50 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-17 21:28 - 2017-08-17 22:50 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-17 21:28 - 2017-08-17 22:49 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-17 21:28 - 2017-08-17 21:28 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-17 21:27 - 2017-08-17 21:27 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-17 21:27 - 2017-08-17 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-17 21:27 - 2017-08-17 21:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-17 21:27 - 2017-08-17 21:27 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-17 21:27 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-17 21:16 - 2017-08-17 21:27 - 065033984 _____ (Malwarebytes ) C:\Users\Teppo\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-17 20:57 - 2017-08-17 20:58 - 000388608 _____ (Trend Micro Inc.) C:\Users\Teppo\Downloads\HijackThis (1).exe
2017-08-17 20:26 - 2017-08-17 20:27 - 000388608 _____ (Trend Micro Inc.) C:\Users\Teppo\Downloads\HijackThis.exe
2017-08-17 19:52 - 2017-08-17 19:52 - 000119808 _____ (Atribune.org) C:\Users\Teppo\Downloads\VundoFix.exe
2017-08-17 19:52 - 2017-08-17 19:52 - 000000000 ____D C:\VundoFix Backups
2017-08-16 19:04 - 2017-08-16 19:04 - 000000000 ____D C:\Users\Teppo\AppData\Local\purevpn
2017-08-14 20:11 - 2017-08-14 20:21 - 000000000 ____D C:\Program Files\rempl
2017-08-12 19:56 - 2017-08-12 19:56 - 001749051 _____ C:\Users\Teppo\Downloads\Examples-RevA.pdf
2017-08-12 19:53 - 2017-08-12 19:53 - 001409175 _____ C:\Users\Teppo\Downloads\Examples - Losing Trade - RevA.pdf
2017-08-12 19:52 - 2017-08-12 19:52 - 000211834 _____ C:\Users\Teppo\Downloads\John Chernicky (aka Monarch) Trade Plan.pdf
2017-08-12 19:34 - 2017-08-12 19:34 - 000912807 _____ C:\Users\Teppo\Downloads\Evolution of a Butterfly (Trader) - PDF (1).pdf
2017-08-12 19:32 - 2017-08-12 19:32 - 000912807 _____ C:\Users\Teppo\Downloads\Evolution of a Butterfly (Trader) - PDF.pdf
2017-08-12 19:32 - 2017-08-12 19:32 - 000000387 _____ C:\Users\Teppo\Downloads\0 - Readme
2017-08-09 19:16 - 2017-07-29 17:24 - 001862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 19:16 - 2017-07-29 16:59 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-08-09 19:16 - 2017-07-29 16:59 - 000302704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-08-09 19:16 - 2017-07-29 14:47 - 002945648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 19:16 - 2017-07-29 14:47 - 000703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 19:16 - 2017-07-29 14:35 - 000465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-08-09 19:16 - 2017-07-29 14:26 - 000064584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-08-09 19:16 - 2017-07-29 13:26 - 000262496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 19:16 - 2017-07-29 13:26 - 000118368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 19:16 - 2017-07-29 13:19 - 000540280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 19:16 - 2017-07-29 13:19 - 000335248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 19:16 - 2017-07-29 13:18 - 000141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 19:16 - 2017-07-29 11:41 - 000994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-08-09 19:16 - 2017-07-29 10:21 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 19:16 - 2017-07-29 10:00 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-08-09 19:16 - 2017-07-29 09:55 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2017-08-09 19:16 - 2017-07-29 09:51 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-08-09 19:16 - 2017-07-29 09:47 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-09 19:16 - 2017-07-29 09:42 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 19:16 - 2017-07-29 09:39 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-08-09 19:16 - 2017-07-29 09:34 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 19:16 - 2017-07-29 09:32 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-09 19:16 - 2017-07-29 09:29 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-09 19:16 - 2017-07-29 09:27 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-08-09 19:16 - 2017-07-29 09:24 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 19:16 - 2017-07-29 09:20 - 000384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-09 19:16 - 2017-07-29 09:19 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 19:16 - 2017-07-29 09:17 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-08-09 19:16 - 2017-07-29 09:14 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-09 19:16 - 2017-07-29 09:09 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-08-09 19:16 - 2017-07-29 09:02 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 19:16 - 2017-07-29 09:01 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-09 19:16 - 2017-07-29 09:00 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-08-09 19:16 - 2017-07-29 08:56 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 19:16 - 2017-07-29 08:51 - 000639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 19:16 - 2017-07-29 08:39 - 004078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 19:16 - 2017-07-29 08:34 - 001501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 19:16 - 2017-07-29 08:33 - 000808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 19:16 - 2017-07-29 08:32 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-09 19:16 - 2017-07-29 08:30 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-09 19:16 - 2017-07-29 08:06 - 006743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-09 19:16 - 2017-07-29 08:06 - 005327360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 19:16 - 2017-07-29 08:00 - 002604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-09 19:16 - 2017-07-29 07:59 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-08-09 19:16 - 2017-07-29 07:50 - 002770432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 19:16 - 2017-07-29 07:21 - 002403160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 19:16 - 2017-07-29 07:15 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 19:16 - 2017-07-29 04:37 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 19:16 - 2017-07-29 04:06 - 002573824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-09 19:16 - 2017-07-29 04:06 - 002279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 19:16 - 2017-07-29 03:28 - 003574272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 19:16 - 2017-07-29 03:25 - 007536128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-09 19:16 - 2017-07-29 03:13 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 19:15 - 2017-07-29 11:31 - 002656960 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 19:15 - 2017-07-29 11:29 - 000754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 19:15 - 2017-07-29 11:03 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 19:15 - 2017-07-29 10:44 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 19:15 - 2017-07-29 09:59 - 007463264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 19:15 - 2017-07-29 09:58 - 000384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 19:15 - 2017-07-29 09:46 - 000129888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-09 19:15 - 2017-07-29 09:45 - 000395184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-08-09 19:15 - 2017-07-29 09:41 - 001637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 19:15 - 2017-07-29 09:31 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 19:15 - 2017-07-29 09:08 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-08-09 19:15 - 2017-07-29 09:01 - 001526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-08-09 19:15 - 2017-07-29 08:33 - 003699280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 19:15 - 2017-07-29 08:26 - 000566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-08-09 19:15 - 2017-07-29 08:23 - 001540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-09 19:15 - 2017-07-29 08:23 - 000692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-08-09 19:15 - 2017-07-29 08:21 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-09 19:15 - 2017-07-29 08:21 - 000146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-08-09 19:15 - 2017-07-29 08:21 - 000075952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-08-09 19:15 - 2017-07-29 08:20 - 000609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-09 19:15 - 2017-07-29 08:11 - 012139008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 19:15 - 2017-07-29 08:07 - 003661824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 19:15 - 2017-07-29 08:03 - 019345408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 19:15 - 2017-07-29 08:03 - 018672640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 19:15 - 2017-07-29 07:49 - 005662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 19:15 - 2017-07-29 07:21 - 001089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-09 19:15 - 2017-07-29 07:18 - 000388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 19:15 - 2017-07-29 06:26 - 000824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 19:15 - 2017-07-29 06:09 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 19:15 - 2017-07-29 05:50 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-08-09 19:15 - 2017-07-29 05:41 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-08-09 19:15 - 2017-07-29 05:37 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-08-09 19:15 - 2017-07-29 05:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 19:15 - 2017-07-29 05:28 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-08-09 19:15 - 2017-07-29 05:27 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 19:15 - 2017-07-29 05:22 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-09 19:15 - 2017-07-29 05:20 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-09 19:15 - 2017-07-29 05:19 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 19:15 - 2017-07-29 05:17 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-09 19:15 - 2017-07-29 05:16 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 19:15 - 2017-07-29 05:09 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 19:15 - 2017-07-29 05:05 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-09 19:15 - 2017-07-29 05:01 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-08-09 19:15 - 2017-07-29 04:52 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-08-09 19:15 - 2017-07-29 04:51 - 000784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-08-09 19:15 - 2017-07-29 04:47 - 001385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 19:15 - 2017-07-29 04:43 - 000325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 19:15 - 2017-07-29 04:42 - 001752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-08-09 19:15 - 2017-07-29 04:41 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 19:15 - 2017-07-29 04:41 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-08-09 19:15 - 2017-07-29 04:39 - 001872896 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 19:15 - 2017-07-29 04:37 - 001742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-08-09 19:15 - 2017-07-29 04:30 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 19:15 - 2017-07-29 04:17 - 003587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 19:15 - 2017-07-29 04:15 - 005123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 19:15 - 2017-07-29 04:14 - 001978880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2017-08-09 19:15 - 2017-07-29 04:09 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 19:15 - 2017-07-29 04:02 - 003405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-09 19:15 - 2017-07-29 03:56 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-08-09 19:15 - 2017-07-29 03:38 - 022376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 19:15 - 2017-07-29 03:38 - 013394432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 19:15 - 2017-07-29 03:38 - 000957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-08-09 19:15 - 2017-07-29 03:22 - 024605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 19:15 - 2017-07-29 03:15 - 006977536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 19:15 - 2017-07-29 03:13 - 004890624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 19:15 - 2017-07-29 03:12 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-08-09 19:15 - 2017-07-29 03:08 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 19:15 - 2017-07-29 03:05 - 007843840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 19:15 - 2017-06-17 02:12 - 022560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 19:15 - 2016-09-06 22:11 - 000057912 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-09 19:14 - 2017-07-29 07:48 - 000292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 19:14 - 2017-07-29 07:48 - 000122504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 19:14 - 2017-07-29 07:44 - 000642008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 19:14 - 2017-07-29 07:44 - 000380152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 19:14 - 2017-07-29 07:43 - 000147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 19:14 - 2017-07-29 05:45 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2017-08-09 19:14 - 2017-07-29 05:37 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-09 19:14 - 2017-07-29 05:24 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 19:14 - 2017-07-29 05:23 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 19:14 - 2017-07-29 05:12 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2017-08-09 19:14 - 2017-07-29 05:11 - 000715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 19:14 - 2017-07-29 05:04 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-08 19:03 - 2017-08-08 19:03 - 000002432 _____ C:\Users\Teppo\Downloads\BOS Terminal Server (1).rdp
2017-08-08 16:50 - 2017-08-08 16:50 - 004723200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-07-23 20:23 - 2017-07-23 20:23 - 000093416 _____ C:\Users\Teppo\Desktop\BoardingPass SAS.pdf
2017-07-23 20:22 - 2017-07-23 20:22 - 000093416 _____ C:\Users\Teppo\Downloads\BoardingPass (1).pdf
2017-07-21 23:29 - 2017-07-21 23:29 - 000891256 _____ C:\Users\Teppo\Desktop\001.pdf
2017-07-21 23:28 - 2017-07-21 23:28 - 000802516 _____ C:\Users\Teppo\Desktop\005.pdf
2017-07-21 23:28 - 2017-07-21 23:28 - 000776309 _____ C:\Users\Teppo\Desktop\002.pdf
2017-07-21 23:28 - 2017-07-21 23:28 - 000737138 _____ C:\Users\Teppo\Desktop\003.pdf
2017-07-21 23:28 - 2017-07-21 23:28 - 000715074 _____ C:\Users\Teppo\Desktop\004.pdf
2017-07-19 20:24 - 2017-07-19 20:24 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1148200332-1382918412-2715992946-1008

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-17 22:55 - 2017-06-30 17:37 - 000001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-08-17 22:55 - 2017-05-30 22:34 - 000003944 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1465437342
2017-08-17 22:55 - 2016-06-08 18:54 - 000000000 ____D C:\Program Files (x86)\Opera
2017-08-17 22:48 - 2016-04-26 23:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-17 22:48 - 2012-04-25 12:25 - 000011764 __RSH C:\ProgramData\ntuser.pol
2017-08-17 22:47 - 2015-10-29 23:28 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-08-17 22:16 - 2016-07-03 21:01 - 000004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{53AF0094-3D5E-41EB-8625-F0C767A729C4}
2017-08-17 20:53 - 2016-05-26 12:18 - 000000000 ____D C:\Users\Teppo\AppData\Local\VirtualStore
2017-08-17 20:37 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-17 19:50 - 2016-06-08 18:23 - 000000000 ____D C:\Users\Teppo\AppData\Local\F-Secure
2017-08-17 19:41 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-17 19:29 - 2016-06-08 19:18 - 000000000 ____D C:\Users\Teppo\.thinkorswim
2017-08-17 19:29 - 2016-06-08 19:17 - 000000000 ____D C:\Program Files\thinkorswim
2017-08-17 19:21 - 2016-05-26 12:51 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-17 19:21 - 2016-05-26 12:51 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-17 19:14 - 2015-10-30 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-15 22:14 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\rescache
2017-08-15 19:54 - 2015-10-30 00:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-15 18:46 - 2017-05-14 19:38 - 000000000 ____D C:\ProgramData\purevpn
2017-08-15 18:43 - 2016-05-26 12:18 - 000000000 ___RD C:\Users\Teppo\Virtual Machines
2017-08-15 18:43 - 2016-04-26 23:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-14 22:02 - 2016-04-26 23:29 - 000392192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\Program Files\Windows Defender
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-14 21:59 - 2015-10-30 00:21 - 000000000 ____D C:\WINDOWS\INF
2017-08-14 20:47 - 2016-06-13 22:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-14 20:39 - 2012-04-25 13:26 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-14 20:10 - 2009-07-13 19:34 - 000000478 _____ C:\WINDOWS\win.ini
2017-08-08 16:51 - 2017-04-13 22:17 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-08 16:50 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 16:50 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 16:36 - 2016-05-26 12:41 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-28 17:22 - 2016-12-16 21:51 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-28 17:22 - 2015-10-30 00:26 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-19 20:24 - 2016-06-08 09:17 - 000002373 _____ C:\Users\Teppo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-19 20:24 - 2016-06-08 09:17 - 000000000 ___RD C:\Users\Teppo\OneDrive

Files to move or delete:
====================
C:\WINDOWS\TEMP\E_S40EA.tmp


Some files in TEMP:
====================
2012-02-27 18:30 - 2012-02-27 18:30 - 008209056 _____ (Adobe Systems, Inc.) C:\Users\345cali\AppData\Local\Temp\InstallAX64.exe
2012-02-27 18:12 - 2012-02-27 18:12 - 008129184 _____ (Adobe Systems, Inc.) C:\Users\345cali\AppData\Local\Temp\InstallPlugin64.exe
2012-04-25 12:59 - 2012-04-25 12:59 - 000737280 _____ (Indigo Rose Corporation) C:\Users\345cali\AppData\Local\Temp\irsetup.exe
2012-03-21 12:56 - 2012-03-21 12:56 - 000908576 _____ (Sun Microsystems, Inc.) C:\Users\345cali\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
2012-04-25 12:46 - 2010-03-16 07:11 - 000149352 _____ (Microsoft Corporation) C:\Users\345cali\AppData\Local\Temp\ose00000.exe
2017-04-30 19:36 - 2017-04-30 19:36 - 000465920 _____ (Realtek Semiconductor Corp.) C:\Users\Teppo\AppData\Local\Temp\COMAP.EXE
2016-06-08 19:18 - 2016-06-08 19:18 - 000035680 _____ () C:\Users\Teppo\AppData\Local\Temp\i4jdel0.exe
2016-10-10 17:24 - 2017-02-20 18:50 - 030770176 _____ () C:\Users\Teppo\AppData\Local\Temp\SkypeSetup.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\kbd101c.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-12 00:04
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2017
Ran by Teppo (17-08-2017 23:33:58)
Running from C:\Users\Teppo\Desktop
Windows 10 Pro Version 1511 (X64) (2016-06-08 15:31:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1148200332-1382918412-2715992946-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1148200332-1382918412-2715992946-1003 - Limited - Enabled)
DefaultAccount (S-1-5-21-1148200332-1382918412-2715992946-503 - Limited - Disabled)
Guest (S-1-5-21-1148200332-1382918412-2715992946-501 - Limited - Disabled)
Teppo (S-1-5-21-1148200332-1382918412-2715992946-1008 - Administrator - Enabled) => C:\Users\Teppo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Antivirus by F-Secure (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Antivirus by F-Secure (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}) (Version: 4.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Acrobat X Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{8D7DDFA2-3A50-49A4-99C5-6D8BE66FE0B9}) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\{A8FEFA44-4B24-4A88-A857-F79484699912}) (Version: 11.6.4.634 - Adobe Systems, Inc)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Computer Security 14.176.101.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 14.176.101.0 - F-Secure Corporation) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Elevate Command PowerToy for Windows Vista v1.0.1 (Uninstall only) (HKLM\...\ElevateCommand) (Version: 1.0.1 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
F-Secure (HKLM-x32\...\{FE2316F6-C7EE-4D02-8BA5-E2742A9E3E97}) (Version: 2.76.211.0 - F-Secure Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.76.211.0 - F-Secure Corporation)
F-Secure CCF Reputation (HKLM-x32\...\{00000000-2778-5BED-8199-52EB14D8D22F}) (Version: 2.1.1342.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.73.275.1078 (release) (HKLM-x32\...\{4C8051EE-668A-4578-8669-C4F4F71A05AA}) (Version: 1.73.275.1078 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.04.214 (HKLM-x32\...\{A691C0D2-6698-411D-BC58-980629406BB4}) (Version: 1.04.214 - F-Secure Corporation) Hidden
F-Secure SafeSearch 10.0.0.0 (release) (HKLM-x32\...\{1C02D59F-EAF4-404C-95D9-2E7EF186FE44}) (Version: 10.0.0.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KB4023057 (HKLM\...\{0339C035-CB0E-4AA1-8A94-6C306982BD86}) (Version: 2.1.0.0 - Microsoft Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel (HKLM-x32\...\{A99C1048-A569-4B65-A3DD-3584B0A4AA69}) (Version: 1.0.0.0322 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Safety 2.176.4626.2945 (HKLM-x32\...\{545FB0D8-4D09-4D00-9FF9-729A63D4139F}) (Version: 2.176.4626.2945 - F-Secure Corporation) Hidden
Opera Stable 47.0.2631.55 (HKLM-x32\...\Opera 47.0.2631.55) (Version: 47.0.2631.55 - Opera Software)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 5.18.0.0 - PureVPN)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
tastyworks (HKLM\...\{com.tastyworks.desktop}}_is1) (Version: 0.6.0 - tastyworks, inc)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
WhatsApp (HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\WhatsApp) (Version: 0.2.2732 - WhatsApp)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17305 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinZip (HKLM-x32\...\WinZip) (Version: 8.1 SR-1 (5266) - WinZip Computing, Inc.)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D5}) (Version: 16.5.10096 - WinZip Computing, S.L. )
YoutubeMovieMaker (HKLM-x32\...\{E084C471-FA8F-4468-93F1-25B3A13ED942}) (Version: 16.02 - Youtube Movie Maker)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2012-07-20] (WinZip Computing, S.L.)
ContextMenuHandlers3: [F-Secure Shell Extension] -> {23814B80-52A2-11D0-BC1A-004095606CB9} => C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Common\fpshx.dll [2016-10-26] (F-Secure Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2012-07-20] (WinZip Computing, S.L.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2012-07-20] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AE5BE9D-9664-4151-9881-0EFE706F3E9F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E8A28A2-7666-4C94-89F1-F4685D90CA12} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1277BBC7-04AF-42CB-9F18-2ACA2BC74A2D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {13230CF6-8C53-4E06-845C-F12C4E528BE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-26] (Google Inc.)
Task: {16ED5F82-8B3F-48B3-AA9E-DE5D23CB759C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {233DED93-756B-4778-B0CA-8FC004679EFA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2521742E-5D4D-4FA0-B6F2-C177A6E57A77} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {27E8D1AF-6704-4FF8-9464-26E0B901FA35} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {30769B96-FF92-44A2-AE59-A2A2D453C0A1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {61207873-6B5B-4BDC-89B1-E7FEEB52968D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {703D4DA4-BB4F-4634-A761-3E264BFF8304} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7C6438F0-150C-4BAA-8593-DE26A8805BDD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {7FE91C86-6D93-4A18-B608-90CA835F8D36} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9756F24A-B0B0-4B76-B453-0C2AD7753E8A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {977E1E1B-1D00-462F-BFB4-594318830D1F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {980576A7-01BA-445F-B68B-99651001244E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9E2FD9E8-372E-4345-8597-0B3D5E94D6BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-26] (Google Inc.)
Task: {AC883DA2-F445-42B1-8E22-528AFC17FD74} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B21E2FBD-405B-48C8-8609-032306060DE2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B5436C61-7D75-4B42-9CD9-6997FC823260} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B842EB5D-AF7C-450C-BBB7-D999BD886D0B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1148200332-1382918412-2715992946-1008Core => C:\Users\Teppo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
Task: {BC49D5D6-58B8-4598-B93F-4BDBFB5F41DD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD76F54D-ED23-4A28-935A-59932DA98EC8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C181656A-003F-4372-9C72-06E74D9CAFEB} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {C9379998-8151-47DE-BA2F-E231E54A6222} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {CE05C198-8C50-49A7-BF69-7F87EA2CC6AA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D5C850DD-7F67-4395-A98F-CC0B993EB73A} - System32\Tasks\{DD5BCC04-43B3-41E4-955D-507028FB0725} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.24.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {DB7DA998-0B20-478D-9CBC-B22A81F89C7B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EB64A58D-5763-4CBA-9D51-3309E3217ADA} - System32\Tasks\Opera scheduled Autoupdate 1465437342 => C:\Program Files (x86)\Opera\launcher.exe [2017-08-13] (Opera Software)
Task: {F29AC33A-8BED-4E43-9DF6-6014F8A04E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1148200332-1382918412-2715992946-1008UA => C:\Users\Teppo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
Task: {F4710B81-79D2-4330-A11D-F150CE9FE781} - System32\Tasks\{E967D7D1-85C0-44E3-9978-8864351ACCC8} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/go/help.faq.installer?LastError=1603
Task: {F53B4699-9122-40BD-84B8-1EA0979441FF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F5A54A5E-B1FB-45A9-92EC-B3A8DCEA002F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F5FA17E0-AF88-4035-BE42-5C9F4264F833} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-04-05 18:48 - 2017-03-03 22:31 - 000185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-14 19:37 - 2016-12-20 13:16 - 004838400 _____ () C:\Program Files (x86)\PureVPN\vpnclient.exe
2017-08-17 21:27 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-09 19:15 - 2017-07-29 11:31 - 002656960 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-06-08 11:10 - 2016-06-08 11:11 - 000144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-26 23:10 - 2016-04-26 23:10 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 20:22 - 2016-06-30 20:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-04-05 18:47 - 2017-03-03 20:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-04-05 18:47 - 2017-03-03 20:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-09 22:21 - 2017-04-27 16:46 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-09 19:15 - 2017-07-29 11:03 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-14 19:37 - 2017-05-10 15:43 - 008045856 _____ () C:\Program Files (x86)\PureVPN\purevpn.exe
2010-11-17 10:35 - 2010-11-17 10:35 - 000514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2016-05-31 13:07 - 2016-05-31 13:07 - 000254944 _____ () C:\Program Files (x86)\F-Secure\Internet Security\daas2.dll
2016-06-08 18:30 - 2016-10-26 08:05 - 000074720 _____ () C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\FSAVHRES.ENG
2016-06-08 18:30 - 2016-12-23 17:46 - 000213984 _____ () C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Spam Control\fsas.dll
2016-06-08 11:10 - 2016-06-08 11:11 - 000141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-08 11:10 - 2016-06-08 11:11 - 022284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-08 15:35 - 2016-04-08 15:35 - 003481600 _____ () C:\Users\Teppo\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 000375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2017-08-17 19:21 - 2017-08-10 23:24 - 002881368 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-17 19:21 - 2017-08-10 23:24 - 000086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-04-16 15:18 - 000000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F83AEFFA-893E-4215-80AE-2AF00F95C179}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{C34682AD-0E57-47C4-8E9C-49653B3B9998}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{DB2BF5D1-66AE-450A-A1FB-8FB573A5B72C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7BF5BE01-C231-41CE-8DEB-CE80D4A13431}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{29E94F30-18FC-4683-A908-0B9E0BA2486A}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E27AE016-890D-4F1D-9CF4-FDA9669C81DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3AEFFC2-B4D2-413F-A80E-916C4E93ABD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21B6B19C-B068-4461-9A7A-071814609D8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DAFC5AEB-73A2-4D08-ADC1-A5FE34D5487D}] => (Allow) LPort=2869
FirewallRules: [{A9A4CF16-313B-463E-AB59-DCCE34ECB238}] => (Allow) LPort=1900
FirewallRules: [{AC08C91A-1600-4C09-AEA2-B566EB19CAAF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5E737742-20B7-4637-B38A-426BD37B1C2E}] => (Allow) C:\Program Files (x86)\PureVPN\vpnclient.exe
FirewallRules: [{77C14588-974F-4C90-9AE9-7666FFD9A0ED}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.57\opera.exe
FirewallRules: [{64B4EEC8-C3B2-4C56-89D9-B36C6750F0AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5BAB8AEF-0BE5-4965-A901-FE19A3045C33}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.55\opera.exe

==================== Restore Points =========================

20-07-2017 20:44:13 Scheduled Checkpoint
08-08-2017 17:30:39 Scheduled Checkpoint
14-08-2017 20:05:09 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2017 10:07:21 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 13 2017-08-17 22:07:21-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\WINDOWS\INSTALLER\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\FDFFILE_8.ICO was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/17/2017 10:07:21 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 12 2017-08-17 22:07:11-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\WINDOWS\INSTALLER\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\XDPFILE_8.ICO was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/17/2017 10:07:10 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 11 2017-08-17 22:07:03-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\WINDOWS\INSTALLER\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}\STAX.51F710CB_05E4_43EA_A48E_BC318D268ED6 was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/17/2017 09:50:26 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 10 2017-08-17 21:50:25-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\MSNSTOCKQUOTE\MSNSTOCKQUOTE.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/17/2017 09:50:26 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 9 2017-08-17 21:50:18-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\$RECYCLE.BIN\S-1-5-21-1148200332-1382918412-2715992946-1008\$R5JV8UN\SURES.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/17/2017 09:47:28 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 8 2017-08-17 21:47:25-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\THINKORSWIM\LAUNCHER-SECOND.JAR was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/17/2017 09:43:52 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 7 2017-08-17 21:43:43-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAMDATA\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\POSTBUILD.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/17/2017 09:43:36 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 6 2017-08-17 21:43:31-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAMDATA\UNINSTALL\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\BIN\PRODUCTVERSION.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/17/2017 09:43:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TJ)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (08/17/2017 09:36:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TJ)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/17/2017 10:46:41 PM) (Source: DCOM) (EventID: 10010) (User: TJ)
Description: The server {ABC01078-F197-4B0B-ADBC-CFE684B39C82} did not register with DCOM within the required timeout.

Error: (08/17/2017 10:46:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_15c16b9 service to connect.

Error: (08/17/2017 10:46:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_15c16b9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/17/2017 10:06:25 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/17/2017 10:06:13 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/17/2017 10:05:59 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/17/2017 09:48:04 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/17/2017 09:43:17 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/17/2017 09:43:14 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/17/2017 09:36:48 PM) (Source: DCOM) (EventID: 10010) (User: TJ)
Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-08-15 20:43:08.305
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:08.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:08.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:07.876
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:07.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:07.540
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:01.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:42:55.000
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:26:03.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:26:03.589
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 79%
Total physical RAM: 2013.61 MB
Available physical RAM: 411.5 MB
Total Virtual: 4317.61 MB
Available Virtual: 1898.68 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:148.52 GB) (Free:47.73 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:109.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: FE34D860)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B765C4B0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================

redtarget.gif
Does the issue happen only when you use your browser (Chrome) or on some other occasions as well?

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.11.10.0 (x64) [Aug 14 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Teppo [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/18/2017 18:40:18 (Duration : 01:12:00)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e06f8e03-d367-4c2f-ac92-3da89ef1ebe5} | DhcpNameServer : 138.99.210.3 0.0.0.0 ([X][]) -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1148200332-1382918412-2715992946-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1148200332-1382918412-2715992946-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[Hj.Shortcut] \{DD5BCC04-43B3-41E4-955D-507028FB0725} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.24.0.104/en/go/help.faq.installer?source=lightinstaller&LastError=1618) -> Deleted
[Hj.Shortcut] \{E967D7D1-85C0-44E3-9978-8864351ACCC8} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.3.73.105.457/en/go/help.faq.installer?LastError=1603) -> Deleted

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Teppo\AppData\Local\PackageAware -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD161HJ +++++
--- User ---
[MBR] 8a200a7431b48748d95edb08662d2a81
[BSP] ea038cd8bf92c926899038608b3d6ce5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1024000 | Size: 152086 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate Backup+ RD USB Device +++++
--- User ---
[MBR] 8662d03451c77ba50d9e8aeb98c3976a
[BSP] b780e363cc03fa73f5a8a6539bdfccdd : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/18/17
Scan Time: 8:06 PM
Log File: malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2616
License: Trial

-System Information-
OS: Windows 10 (Build 10586.1045)
CPU: x64
File System: NTFS
User: TJ\Teppo

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 444828
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 29 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by Teppo (Administrator) on Fri 08/18/2017 at 20:59:46.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Failed to delete: C:\Users\Teppo\Documents\add-in express (Folder)
Successfully deleted: C:\Users\Teppo\AppData\Roaming\Mozilla\Firefox\Profiles\6x6fzu3b.default\extensions\trash (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/18/2017 at 21:07:28.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I assume Adwcleaner didn't pick up anything since the clean tab didn't have anything on it.

# AdwCleaner 7.0.1.0 - Logfile created on Sat Aug 19 04:31:52 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 07-31-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
Last night sent vs received was larger on received side when browser or other applications were not on. After opening Chrome the sent data got larger fast.

Today (18) the sent side is larger before opening anything. Data flow is slow on both sides. I opened Windows Edge and after the initial data spur things are slow again. Same thing happens with other browsers. I opened Chrome and other applications after I was done with all the malware clean up. Now things look normal. Received data is much larger than sent. There hasn’t been any dropped internet connection either. Will continue monitoring over the weekend.
 
So far I don't see much there.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Teppo (administrator) on TJ (19-08-2017 23:05:12)
Running from C:\Users\Teppo\Desktop
Loaded Profiles: Teppo (Available Profiles: Teppo & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Reputation\fsorsp.exe
() C:\Program Files (x86)\PureVPN\vpnclient.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe
(Google, Inc) C:\Users\Teppo\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
() C:\Program Files (x86)\PureVPN\purevpn.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\rempl\remsh.exe
(Microsoft Corporation) C:\Users\Teppo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\UNP\UNPCampaignManager.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Google Inc.) C:\Users\Teppo\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [EPSON Stylus CX7400 Series] => C:\WINDOWS\TEMP\E_S40EA.tmp [132 2016-08-03] () <==== ATTENTION
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [Google Update] => C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [Google Photos Backup] => C:\Users\Teppo\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Run: [PureVPN] => autorun
Startup: C:\Users\Teppo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2017-06-24]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe ()
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{92a078cd-ba36-4e4c-8fd2-42936ac9cce0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e06f8e03-d367-4c2f-ac92-3da89ef1ebe5}: [DhcpNameServer] 138.99.210.3 0.0.0.0

Internet Explorer:
==================
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2017-05-11] (F-Secure Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2017-05-11] (F-Secure Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-25] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-25] (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

FireFox:
========
FF DefaultProfile: 6x6fzu3b.default
FF ProfilePath: C:\Users\Teppo\AppData\Roaming\Mozilla\Firefox\Profiles\6x6fzu3b.default [2017-08-18]
FF Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\Teppo\AppData\Roaming\Mozilla\Firefox\Profiles\6x6fzu3b.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-08-18]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2017-05-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-05-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-02-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-04-25] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1148200332-1382918412-2715992946-1008: @tools.google.com/Google Update;version=3 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1148200332-1382918412-2715992946-1008: @tools.google.com/Google Update;version=9 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1148200332-1382918412-2715992946-1008: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2017-08-18] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1148200332-1382918412-2715992946-1008: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2017-08-18] (TD Ameritrade)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default [2017-08-19]
CHR Extension: (Google Slides) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-26]
CHR Extension: (Google Docs) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-26]
CHR Extension: (Google Drive) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-26]
CHR Extension: (YouTube) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26]
CHR Extension: (Google Sheets) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-26]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2016-09-07]
CHR Extension: (Ghostery) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Teppo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 fshoster; C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE [218080 2016-10-26] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\Internet Security\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Reputation\fsorsp.exe [67640 2017-05-09] (F-Secure Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [31872 2016-12-20] (The OpenVPN Project)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 sevpnclient; C:\Program Files (x86)\PureVPN\vpnclient.exe [4838400 2016-12-20] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-07-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-11-06] (Advanced Micro Devices, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\FSgk.sys [230552 2017-06-28] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [106648 2017-06-28] (F-Secure Corporation)
R0 fsbts; C:\WINDOWS\System32\Drivers\fsbts.sys [73928 2016-07-06] ()
R3 fsni; C:\Program Files (x86)\F-Secure\Internet Security\apps\CCF_Scanning\bin\fsni64.sys [120016 2017-05-11] (F-Secure Corporation)
S3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTDVHD64.sys [1980648 2012-04-25] (Realtek Semiconductor Corp.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-08-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-08-18] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-18] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-08-18] (Malwarebytes)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\neo_vpn.sys [29744 2016-12-20] (PureVPN)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-19 23:03 - 2017-08-19 23:03 - 000000000 ____D C:\Users\Teppo\Desktop\FRST-OlderVersion
2017-08-18 21:27 - 2017-08-18 21:31 - 000000000 ____D C:\AdwCleaner
2017-08-18 21:26 - 2017-08-18 21:27 - 008185288 _____ (Malwarebytes) C:\Users\Teppo\Downloads\AdwCleaner.exe
2017-08-18 21:07 - 2017-08-18 21:07 - 000000746 _____ C:\Users\Teppo\Desktop\JRT.txt
2017-08-18 20:53 - 2017-08-18 20:54 - 001790024 _____ (Malwarebytes) C:\Users\Teppo\Downloads\JRT.exe
2017-08-18 20:50 - 2017-08-18 21:22 - 000000000 ____D C:\Users\Teppo\AppData\Local\CrashDumps
2017-08-18 20:38 - 2017-08-18 20:38 - 000001211 _____ C:\Users\Teppo\Desktop\malwarebytes.txt
2017-08-18 19:56 - 2017-08-18 19:56 - 000005782 _____ C:\Users\Teppo\Desktop\roguekiller.txt
2017-08-18 18:40 - 2017-08-18 18:40 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-18 18:39 - 2017-08-18 20:00 - 000000000 ____D C:\ProgramData\RogueKiller
2017-08-18 18:39 - 2017-08-18 18:39 - 000000905 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-18 18:39 - 2017-08-18 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-18 18:39 - 2017-08-18 18:39 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-18 18:36 - 2017-08-18 18:38 - 035688304 _____ (Adlice Software ) C:\Users\Teppo\Downloads\RogueKiller_setup_ref3.exe
2017-08-18 18:29 - 2017-08-18 18:29 - 000000000 ___HD C:\$WINDOWS.~BT
2017-08-17 23:33 - 2017-08-17 23:35 - 000037107 _____ C:\Users\Teppo\Desktop\Addition.txt
2017-08-17 23:30 - 2017-08-19 23:11 - 000018974 _____ C:\Users\Teppo\Desktop\FRST.txt
2017-08-17 22:40 - 2017-08-19 23:05 - 000000000 ____D C:\FRST
2017-08-17 22:39 - 2017-08-19 23:03 - 002395648 _____ (Farbar) C:\Users\Teppo\Desktop\FRST64.exe
2017-08-17 22:37 - 2017-08-17 22:37 - 001792512 _____ (Farbar) C:\Users\Teppo\Downloads\FRST (1).exe
2017-08-17 22:35 - 2017-08-17 22:35 - 001792512 _____ (Farbar) C:\Users\Teppo\Downloads\FRST.exe
2017-08-17 21:28 - 2017-08-18 20:07 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-17 21:28 - 2017-08-18 20:04 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-17 21:28 - 2017-08-18 20:04 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-17 21:28 - 2017-08-18 20:04 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-17 21:28 - 2017-08-18 20:04 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-17 21:27 - 2017-08-18 20:03 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-17 21:27 - 2017-08-18 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-17 21:27 - 2017-08-17 21:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-17 21:27 - 2017-08-17 21:27 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-17 21:27 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-17 21:16 - 2017-08-17 21:27 - 065033984 _____ (Malwarebytes ) C:\Users\Teppo\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-17 20:57 - 2017-08-17 20:58 - 000388608 _____ (Trend Micro Inc.) C:\Users\Teppo\Downloads\HijackThis (1).exe
2017-08-17 20:26 - 2017-08-17 20:27 - 000388608 _____ (Trend Micro Inc.) C:\Users\Teppo\Downloads\HijackThis.exe
2017-08-17 19:52 - 2017-08-17 19:52 - 000119808 _____ (Atribune.org) C:\Users\Teppo\Downloads\VundoFix.exe
2017-08-17 19:52 - 2017-08-17 19:52 - 000000000 ____D C:\VundoFix Backups
2017-08-16 19:04 - 2017-08-16 19:04 - 000000000 ____D C:\Users\Teppo\AppData\Local\purevpn
2017-08-14 20:11 - 2017-08-14 20:21 - 000000000 ____D C:\Program Files\rempl
2017-08-12 19:56 - 2017-08-12 19:56 - 001749051 _____ C:\Users\Teppo\Downloads\Examples-RevA.pdf
2017-08-12 19:53 - 2017-08-12 19:53 - 001409175 _____ C:\Users\Teppo\Downloads\Examples - Losing Trade - RevA.pdf
2017-08-12 19:52 - 2017-08-12 19:52 - 000211834 _____ C:\Users\Teppo\Downloads\John Chernicky (aka Monarch) Trade Plan.pdf
2017-08-12 19:34 - 2017-08-12 19:34 - 000912807 _____ C:\Users\Teppo\Downloads\Evolution of a Butterfly (Trader) - PDF (1).pdf
2017-08-12 19:32 - 2017-08-12 19:32 - 000912807 _____ C:\Users\Teppo\Downloads\Evolution of a Butterfly (Trader) - PDF.pdf
2017-08-12 19:32 - 2017-08-12 19:32 - 000000387 _____ C:\Users\Teppo\Downloads\0 - Readme
2017-08-09 19:16 - 2017-07-29 17:24 - 001862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 19:16 - 2017-07-29 16:59 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-08-09 19:16 - 2017-07-29 16:59 - 000302704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-08-09 19:16 - 2017-07-29 14:47 - 002945648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 19:16 - 2017-07-29 14:47 - 000703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 19:16 - 2017-07-29 14:35 - 000465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-08-09 19:16 - 2017-07-29 14:26 - 000064584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-08-09 19:16 - 2017-07-29 13:26 - 000262496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 19:16 - 2017-07-29 13:26 - 000118368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 19:16 - 2017-07-29 13:19 - 000540280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 19:16 - 2017-07-29 13:19 - 000335248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 19:16 - 2017-07-29 13:18 - 000141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 19:16 - 2017-07-29 11:41 - 000994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-08-09 19:16 - 2017-07-29 10:21 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 19:16 - 2017-07-29 10:00 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-08-09 19:16 - 2017-07-29 09:55 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2017-08-09 19:16 - 2017-07-29 09:51 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-08-09 19:16 - 2017-07-29 09:47 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-09 19:16 - 2017-07-29 09:42 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 19:16 - 2017-07-29 09:39 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-08-09 19:16 - 2017-07-29 09:34 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 19:16 - 2017-07-29 09:32 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-09 19:16 - 2017-07-29 09:29 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-09 19:16 - 2017-07-29 09:27 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-08-09 19:16 - 2017-07-29 09:24 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 19:16 - 2017-07-29 09:20 - 000384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-09 19:16 - 2017-07-29 09:19 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 19:16 - 2017-07-29 09:17 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-08-09 19:16 - 2017-07-29 09:14 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-09 19:16 - 2017-07-29 09:09 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-08-09 19:16 - 2017-07-29 09:02 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 19:16 - 2017-07-29 09:01 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-09 19:16 - 2017-07-29 09:00 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-08-09 19:16 - 2017-07-29 08:56 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 19:16 - 2017-07-29 08:51 - 000639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 19:16 - 2017-07-29 08:39 - 004078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 19:16 - 2017-07-29 08:34 - 001501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 19:16 - 2017-07-29 08:33 - 000808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 19:16 - 2017-07-29 08:32 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-09 19:16 - 2017-07-29 08:30 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-09 19:16 - 2017-07-29 08:06 - 006743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-09 19:16 - 2017-07-29 08:06 - 005327360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 19:16 - 2017-07-29 08:00 - 002604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-09 19:16 - 2017-07-29 07:59 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-08-09 19:16 - 2017-07-29 07:50 - 002770432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 19:16 - 2017-07-29 07:21 - 002403160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 19:16 - 2017-07-29 07:15 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 19:16 - 2017-07-29 04:37 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 19:16 - 2017-07-29 04:06 - 002573824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-09 19:16 - 2017-07-29 04:06 - 002279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 19:16 - 2017-07-29 03:28 - 003574272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 19:16 - 2017-07-29 03:25 - 007536128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-09 19:16 - 2017-07-29 03:13 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 19:16 - 2017-07-28 20:22 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 19:15 - 2017-07-29 11:31 - 002656960 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 19:15 - 2017-07-29 11:29 - 000754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 19:15 - 2017-07-29 11:03 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 19:15 - 2017-07-29 10:44 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 19:15 - 2017-07-29 09:59 - 007463264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 19:15 - 2017-07-29 09:58 - 000384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 19:15 - 2017-07-29 09:46 - 000129888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-09 19:15 - 2017-07-29 09:45 - 000395184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-08-09 19:15 - 2017-07-29 09:41 - 001637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 19:15 - 2017-07-29 09:31 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 19:15 - 2017-07-29 09:08 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-08-09 19:15 - 2017-07-29 09:01 - 001526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-08-09 19:15 - 2017-07-29 08:33 - 003699280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 19:15 - 2017-07-29 08:26 - 000566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-08-09 19:15 - 2017-07-29 08:23 - 001540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-09 19:15 - 2017-07-29 08:23 - 000692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-08-09 19:15 - 2017-07-29 08:21 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-09 19:15 - 2017-07-29 08:21 - 000146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-08-09 19:15 - 2017-07-29 08:21 - 000075952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-08-09 19:15 - 2017-07-29 08:20 - 000609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-09 19:15 - 2017-07-29 08:11 - 012139008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 19:15 - 2017-07-29 08:07 - 003661824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 19:15 - 2017-07-29 08:03 - 019345408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 19:15 - 2017-07-29 08:03 - 018672640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 19:15 - 2017-07-29 07:49 - 005662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 19:15 - 2017-07-29 07:21 - 001089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-09 19:15 - 2017-07-29 07:18 - 000388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 19:15 - 2017-07-29 06:26 - 000824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 19:15 - 2017-07-29 06:09 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 19:15 - 2017-07-29 05:50 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-08-09 19:15 - 2017-07-29 05:41 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-08-09 19:15 - 2017-07-29 05:37 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-08-09 19:15 - 2017-07-29 05:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 19:15 - 2017-07-29 05:28 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-08-09 19:15 - 2017-07-29 05:27 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 19:15 - 2017-07-29 05:22 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-09 19:15 - 2017-07-29 05:20 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-09 19:15 - 2017-07-29 05:19 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 19:15 - 2017-07-29 05:17 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-09 19:15 - 2017-07-29 05:16 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 19:15 - 2017-07-29 05:09 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 19:15 - 2017-07-29 05:05 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-09 19:15 - 2017-07-29 05:01 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-08-09 19:15 - 2017-07-29 04:52 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-08-09 19:15 - 2017-07-29 04:51 - 000784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-08-09 19:15 - 2017-07-29 04:47 - 001385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 19:15 - 2017-07-29 04:43 - 000325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 19:15 - 2017-07-29 04:42 - 001752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-08-09 19:15 - 2017-07-29 04:41 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 19:15 - 2017-07-29 04:41 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-08-09 19:15 - 2017-07-29 04:39 - 001872896 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 19:15 - 2017-07-29 04:37 - 001742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-08-09 19:15 - 2017-07-29 04:30 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 19:15 - 2017-07-29 04:17 - 003587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 19:15 - 2017-07-29 04:15 - 005123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 19:15 - 2017-07-29 04:14 - 001978880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2017-08-09 19:15 - 2017-07-29 04:09 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 19:15 - 2017-07-29 04:02 - 003405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-09 19:15 - 2017-07-29 03:56 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-08-09 19:15 - 2017-07-29 03:38 - 022376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 19:15 - 2017-07-29 03:38 - 013394432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 19:15 - 2017-07-29 03:38 - 000957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-08-09 19:15 - 2017-07-29 03:22 - 024605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 19:15 - 2017-07-29 03:15 - 006977536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 19:15 - 2017-07-29 03:13 - 004890624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 19:15 - 2017-07-29 03:12 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-08-09 19:15 - 2017-07-29 03:08 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 19:15 - 2017-07-29 03:05 - 007843840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 19:15 - 2017-06-17 02:12 - 022560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 19:15 - 2016-09-06 22:11 - 000057912 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-09 19:14 - 2017-07-29 07:48 - 000292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 19:14 - 2017-07-29 07:48 - 000122504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 19:14 - 2017-07-29 07:44 - 000642008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 19:14 - 2017-07-29 07:44 - 000380152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 19:14 - 2017-07-29 07:43 - 000147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 19:14 - 2017-07-29 05:45 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2017-08-09 19:14 - 2017-07-29 05:37 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-09 19:14 - 2017-07-29 05:24 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 19:14 - 2017-07-29 05:23 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 19:14 - 2017-07-29 05:12 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2017-08-09 19:14 - 2017-07-29 05:11 - 000715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 19:14 - 2017-07-29 05:04 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-08 19:03 - 2017-08-08 19:03 - 000002432 _____ C:\Users\Teppo\Downloads\BOS Terminal Server (1).rdp
2017-08-08 16:50 - 2017-08-08 16:50 - 004723200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-07-23 20:23 - 2017-07-23 20:23 - 000093416 _____ C:\Users\Teppo\Desktop\BoardingPass SAS.pdf
2017-07-23 20:22 - 2017-07-23 20:22 - 000093416 _____ C:\Users\Teppo\Downloads\BoardingPass (1).pdf
2017-07-21 23:29 - 2017-07-21 23:29 - 000891256 _____ C:\Users\Teppo\Desktop\001.pdf
2017-07-21 23:28 - 2017-07-21 23:28 - 000802516 _____ C:\Users\Teppo\Desktop\005.pdf
2017-07-21 23:28 - 2017-07-21 23:28 - 000776309 _____ C:\Users\Teppo\Desktop\002.pdf
2017-07-21 23:28 - 2017-07-21 23:28 - 000737138 _____ C:\Users\Teppo\Desktop\003.pdf
2017-07-21 23:28 - 2017-07-21 23:28 - 000715074 _____ C:\Users\Teppo\Desktop\004.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-18 22:50 - 2016-07-03 21:01 - 000004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{53AF0094-3D5E-41EB-8625-F0C767A729C4}
2017-08-18 22:50 - 2016-06-08 19:18 - 000000000 ____D C:\Users\Teppo\.thinkorswim
2017-08-18 22:50 - 2016-06-08 19:17 - 000000000 ____D C:\Program Files\thinkorswim
2017-08-18 21:37 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-18 18:56 - 2016-06-08 01:59 - 000000000 ___DC C:\WINDOWS\Panther
2017-08-18 18:27 - 2017-02-17 22:34 - 000000000 ____D C:\Users\Teppo\AppData\LocalLow\Mozilla
2017-08-17 23:35 - 2015-10-30 00:21 - 000000000 ____D C:\WINDOWS\INF
2017-08-17 22:55 - 2017-06-30 17:37 - 000001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-08-17 22:55 - 2017-05-30 22:34 - 000003944 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1465437342
2017-08-17 22:55 - 2016-06-08 18:54 - 000000000 ____D C:\Program Files (x86)\Opera
2017-08-17 22:48 - 2016-04-26 23:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-17 22:48 - 2012-04-25 12:25 - 000011764 __RSH C:\ProgramData\ntuser.pol
2017-08-17 22:47 - 2015-10-29 23:28 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-08-17 20:53 - 2016-05-26 12:18 - 000000000 ____D C:\Users\Teppo\AppData\Local\VirtualStore
2017-08-17 19:50 - 2016-06-08 18:23 - 000000000 ____D C:\Users\Teppo\AppData\Local\F-Secure
2017-08-17 19:41 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-17 19:21 - 2016-05-26 12:51 - 000002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-17 19:21 - 2016-05-26 12:51 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-17 19:14 - 2015-10-30 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-15 22:14 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\rescache
2017-08-15 19:54 - 2015-10-30 00:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-15 18:46 - 2017-05-14 19:38 - 000000000 ____D C:\ProgramData\purevpn
2017-08-15 18:43 - 2016-05-26 12:18 - 000000000 ___RD C:\Users\Teppo\Virtual Machines
2017-08-15 18:43 - 2016-04-26 23:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-14 22:02 - 2016-04-26 23:29 - 000392192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\Program Files\Windows Defender
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-14 21:59 - 2015-10-30 00:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-14 20:47 - 2016-06-13 22:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-14 20:39 - 2012-04-25 13:26 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-14 20:10 - 2009-07-13 19:34 - 000000478 _____ C:\WINDOWS\win.ini
2017-08-08 16:51 - 2017-04-13 22:17 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-08 16:50 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 16:50 - 2015-10-30 00:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 16:36 - 2016-05-26 12:41 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-28 17:22 - 2016-12-16 21:51 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-28 17:22 - 2015-10-30 00:26 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

Files to move or delete:
====================
C:\WINDOWS\TEMP\E_S40EA.tmp


Some files in TEMP:
====================
2012-02-27 18:30 - 2012-02-27 18:30 - 008209056 _____ (Adobe Systems, Inc.) C:\Users\345cali\AppData\Local\Temp\InstallAX64.exe
2012-02-27 18:12 - 2012-02-27 18:12 - 008129184 _____ (Adobe Systems, Inc.) C:\Users\345cali\AppData\Local\Temp\InstallPlugin64.exe
2012-04-25 12:59 - 2012-04-25 12:59 - 000737280 _____ (Indigo Rose Corporation) C:\Users\345cali\AppData\Local\Temp\irsetup.exe
2012-03-21 12:56 - 2012-03-21 12:56 - 000908576 _____ (Sun Microsystems, Inc.) C:\Users\345cali\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
2012-04-25 12:46 - 2010-03-16 07:11 - 000149352 _____ (Microsoft Corporation) C:\Users\345cali\AppData\Local\Temp\ose00000.exe
2017-04-30 19:36 - 2017-04-30 19:36 - 000465920 _____ (Realtek Semiconductor Corp.) C:\Users\Teppo\AppData\Local\Temp\COMAP.EXE
2017-08-18 18:39 - 2016-10-25 02:41 - 001819208 _____ (Microsoft Corporation) C:\Users\Teppo\AppData\Local\Temp\dllnt_dump.dll
2016-06-08 19:18 - 2016-06-08 19:18 - 000035680 _____ () C:\Users\Teppo\AppData\Local\Temp\i4jdel0.exe
2016-10-10 17:24 - 2017-02-20 18:50 - 030770176 _____ () C:\Users\Teppo\AppData\Local\Temp\SkypeSetup.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\kbd101c.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-12 00:04

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Teppo (19-08-2017 23:13:18)
Running from C:\Users\Teppo\Desktop
Windows 10 Pro Version 1511 (X64) (2016-06-08 15:31:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1148200332-1382918412-2715992946-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1148200332-1382918412-2715992946-1003 - Limited - Enabled)
DefaultAccount (S-1-5-21-1148200332-1382918412-2715992946-503 - Limited - Disabled)
Guest (S-1-5-21-1148200332-1382918412-2715992946-501 - Limited - Disabled)
Teppo (S-1-5-21-1148200332-1382918412-2715992946-1008 - Administrator - Enabled) => C:\Users\Teppo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Antivirus by F-Secure (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Antivirus by F-Secure (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}) (Version: 4.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Acrobat X Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{8D7DDFA2-3A50-49A4-99C5-6D8BE66FE0B9}) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\{A8FEFA44-4B24-4A88-A857-F79484699912}) (Version: 11.6.4.634 - Adobe Systems, Inc)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Computer Security 14.176.101.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 14.176.101.0 - F-Secure Corporation) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Elevate Command PowerToy for Windows Vista v1.0.1 (Uninstall only) (HKLM\...\ElevateCommand) (Version: 1.0.1 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
F-Secure (HKLM-x32\...\{FE2316F6-C7EE-4D02-8BA5-E2742A9E3E97}) (Version: 2.76.211.0 - F-Secure Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.76.211.0 - F-Secure Corporation)
F-Secure CCF Reputation (HKLM-x32\...\{00000000-2778-5BED-8199-52EB14D8D22F}) (Version: 2.1.1342.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.73.275.1078 (release) (HKLM-x32\...\{4C8051EE-668A-4578-8669-C4F4F71A05AA}) (Version: 1.73.275.1078 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.04.214 (HKLM-x32\...\{A691C0D2-6698-411D-BC58-980629406BB4}) (Version: 1.04.214 - F-Secure Corporation) Hidden
F-Secure SafeSearch 10.0.0.0 (release) (HKLM-x32\...\{1C02D59F-EAF4-404C-95D9-2E7EF186FE44}) (Version: 10.0.0.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KB4023057 (HKLM\...\{0339C035-CB0E-4AA1-8A94-6C306982BD86}) (Version: 2.1.0.0 - Microsoft Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel (HKLM-x32\...\{A99C1048-A569-4B65-A3DD-3584B0A4AA69}) (Version: 1.0.0.0322 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Safety 2.176.4626.2945 (HKLM-x32\...\{545FB0D8-4D09-4D00-9FF9-729A63D4139F}) (Version: 2.176.4626.2945 - F-Secure Corporation) Hidden
Opera Stable 47.0.2631.55 (HKLM-x32\...\Opera 47.0.2631.55) (Version: 47.0.2631.55 - Opera Software)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 5.18.0.0 - PureVPN)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 12.11.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.10.0 - Adlice Software)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
tastyworks (HKLM\...\{com.tastyworks.desktop}}_is1) (Version: 0.6.0 - tastyworks, inc)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
WhatsApp (HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\WhatsApp) (Version: 0.2.2732 - WhatsApp)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17305 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinZip (HKLM-x32\...\WinZip) (Version: 8.1 SR-1 (5266) - WinZip Computing, Inc.)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D5}) (Version: 16.5.10096 - WinZip Computing, S.L. )
YoutubeMovieMaker (HKLM-x32\...\{E084C471-FA8F-4468-93F1-25B3A13ED942}) (Version: 16.02 - Youtube Movie Maker)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1148200332-1382918412-2715992946-1008_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Teppo\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2012-07-20] (WinZip Computing, S.L.)
ContextMenuHandlers3: [F-Secure Shell Extension] -> {23814B80-52A2-11D0-BC1A-004095606CB9} => C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Common\fpshx.dll [2016-10-26] (F-Secure Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2012-07-20] (WinZip Computing, S.L.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2012-07-20] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AE5BE9D-9664-4151-9881-0EFE706F3E9F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E8A28A2-7666-4C94-89F1-F4685D90CA12} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1277BBC7-04AF-42CB-9F18-2ACA2BC74A2D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {13230CF6-8C53-4E06-845C-F12C4E528BE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-26] (Google Inc.)
Task: {16ED5F82-8B3F-48B3-AA9E-DE5D23CB759C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {233DED93-756B-4778-B0CA-8FC004679EFA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2521742E-5D4D-4FA0-B6F2-C177A6E57A77} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {27E8D1AF-6704-4FF8-9464-26E0B901FA35} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {30769B96-FF92-44A2-AE59-A2A2D453C0A1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {61207873-6B5B-4BDC-89B1-E7FEEB52968D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {703D4DA4-BB4F-4634-A761-3E264BFF8304} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7C6438F0-150C-4BAA-8593-DE26A8805BDD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {7FE91C86-6D93-4A18-B608-90CA835F8D36} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9756F24A-B0B0-4B76-B453-0C2AD7753E8A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {977E1E1B-1D00-462F-BFB4-594318830D1F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {980576A7-01BA-445F-B68B-99651001244E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9E2FD9E8-372E-4345-8597-0B3D5E94D6BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-26] (Google Inc.)
Task: {AC883DA2-F445-42B1-8E22-528AFC17FD74} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B21E2FBD-405B-48C8-8609-032306060DE2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B5436C61-7D75-4B42-9CD9-6997FC823260} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B842EB5D-AF7C-450C-BBB7-D999BD886D0B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1148200332-1382918412-2715992946-1008Core => C:\Users\Teppo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
Task: {BC49D5D6-58B8-4598-B93F-4BDBFB5F41DD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD76F54D-ED23-4A28-935A-59932DA98EC8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C181656A-003F-4372-9C72-06E74D9CAFEB} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {C9379998-8151-47DE-BA2F-E231E54A6222} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-07-28] (Microsoft Corporation)
Task: {CE05C198-8C50-49A7-BF69-7F87EA2CC6AA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DB7DA998-0B20-478D-9CBC-B22A81F89C7B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EB64A58D-5763-4CBA-9D51-3309E3217ADA} - System32\Tasks\Opera scheduled Autoupdate 1465437342 => C:\Program Files (x86)\Opera\launcher.exe [2017-08-13] (Opera Software)
Task: {F29AC33A-8BED-4E43-9DF6-6014F8A04E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1148200332-1382918412-2715992946-1008UA => C:\Users\Teppo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
Task: {F53B4699-9122-40BD-84B8-1EA0979441FF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F5A54A5E-B1FB-45A9-92EC-B3A8DCEA002F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F5FA17E0-AF88-4035-BE42-5C9F4264F833} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-14 19:37 - 2016-12-20 13:16 - 004838400 _____ () C:\Program Files (x86)\PureVPN\vpnclient.exe
2017-08-17 21:27 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-05 18:48 - 2017-03-03 22:31 - 000185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-08-09 19:15 - 2017-07-29 11:31 - 002656960 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-26 23:10 - 2016-04-26 23:10 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 20:22 - 2016-06-30 20:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-04-05 18:47 - 2017-03-03 20:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-04-05 18:47 - 2017-03-03 20:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-09 22:21 - 2017-04-27 16:46 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-09 19:15 - 2017-07-29 11:03 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-14 19:37 - 2017-05-10 15:43 - 008045856 _____ () C:\Program Files (x86)\PureVPN\purevpn.exe
2010-11-17 10:35 - 2010-11-17 10:35 - 000514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2016-06-08 11:10 - 2016-06-08 11:11 - 000144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-31 13:07 - 2016-05-31 13:07 - 000254944 _____ () C:\Program Files (x86)\F-Secure\Internet Security\daas2.dll
2016-06-08 18:30 - 2016-10-26 08:05 - 000074720 _____ () C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\FSAVHRES.ENG
2016-06-08 18:30 - 2016-12-23 17:46 - 000213984 _____ () C:\Program Files (x86)\F-Secure\Internet Security\apps\ComputerSecurity\Spam Control\fsas.dll
2016-04-08 15:35 - 2016-04-08 15:35 - 003481600 _____ () C:\Users\Teppo\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 000375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2016-06-08 11:10 - 2016-06-08 11:11 - 000141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-08 11:10 - 2016-06-08 11:11 - 022284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-08-17 19:21 - 2017-08-10 23:24 - 002881368 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-17 19:21 - 2017-08-10 23:24 - 000086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-04-16 15:18 - 000000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
HKU\S-1-5-21-1148200332-1382918412-2715992946-1008\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F83AEFFA-893E-4215-80AE-2AF00F95C179}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{C34682AD-0E57-47C4-8E9C-49653B3B9998}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{DB2BF5D1-66AE-450A-A1FB-8FB573A5B72C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7BF5BE01-C231-41CE-8DEB-CE80D4A13431}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{29E94F30-18FC-4683-A908-0B9E0BA2486A}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E27AE016-890D-4F1D-9CF4-FDA9669C81DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3AEFFC2-B4D2-413F-A80E-916C4E93ABD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21B6B19C-B068-4461-9A7A-071814609D8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DAFC5AEB-73A2-4D08-ADC1-A5FE34D5487D}] => (Allow) LPort=2869
FirewallRules: [{A9A4CF16-313B-463E-AB59-DCCE34ECB238}] => (Allow) LPort=1900
FirewallRules: [{AC08C91A-1600-4C09-AEA2-B566EB19CAAF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5E737742-20B7-4637-B38A-426BD37B1C2E}] => (Allow) C:\Program Files (x86)\PureVPN\vpnclient.exe
FirewallRules: [{77C14588-974F-4C90-9AE9-7666FFD9A0ED}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.57\opera.exe
FirewallRules: [{64B4EEC8-C3B2-4C56-89D9-B36C6750F0AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5BAB8AEF-0BE5-4965-A901-FE19A3045C33}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.55\opera.exe

==================== Restore Points =========================

20-07-2017 20:44:13 Scheduled Checkpoint
08-08-2017 17:30:39 Scheduled Checkpoint
14-08-2017 20:05:09 Windows Update
18-08-2017 20:59:56 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2017 10:20:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Adobe Acrobat Reader DC - Update 'Adobe Acrobat Reader DC
(15.023.20070)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/18/2017 10:20:28 PM) (Source: MsiInstaller) (EventID: 11328) (User: NT AUTHORITY)
Description: Product: Adobe Acrobat Reader DC -- Error 1328.Error applying patch to file C:\Config.Msi\PT8EE7.tmp. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. System Error: -1072807676

Error: (08/18/2017 10:13:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TJ)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2017 10:11:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TJ)
Description: Package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{066595d9-a8ed-42ca-b819-caab3cf7ec90} was terminated because it took too long to suspend.

Error: (08/18/2017 10:11:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TJ)
Description: Package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.

Error: (08/18/2017 10:08:31 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 6 2017-08-18 22:08:29-07:00 TJ TJ\Teppo F-Secure Anti-Virus
An error occurred while scanning \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\THINKORSWIM\WORKSPACE.0Q1JPW8F2K5AKWU.TOS.DEMO.XML.

Error: (08/18/2017 10:08:27 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 5 2017-08-18 22:07:41-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\TEPPO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\C5591DCA-CE38-48B7-B0BC-5FDBE3EA00F9.TMP was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/18/2017 10:04:10 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 4 2017-08-18 22:04:00-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\THINKORSWIM\JRE\LIB\CHARSETS.JAR was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Error: (08/18/2017 09:57:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TJ)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/18/2017 09:51:24 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3 2017-08-18 21:51:24-07:00 TJ TJ\Teppo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\TEPPO\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).


System errors:
=============
Error: (08/18/2017 11:21:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_33cff2 service to connect.

Error: (08/18/2017 11:21:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_33cff2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/18/2017 10:08:24 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/18/2017 10:07:29 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/18/2017 10:05:48 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/18/2017 10:03:59 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/18/2017 10:03:29 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/18/2017 09:50:00 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/18/2017 09:48:15 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1

Error: (08/18/2017 09:48:12 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: Event-ID 1


CodeIntegrity:
===================================
Date: 2017-08-15 20:43:08.305
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:08.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:08.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:07.876
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:07.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:07.540
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:43:01.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:42:55.000
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:26:03.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-08-15 20:26:03.589
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 85%
Total physical RAM: 2013.61 MB
Available physical RAM: 291 MB
Total Virtual: 5283.31 MB
Available Virtual: 2882.6 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:148.52 GB) (Free:45.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: FE34D860)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Nothing much to report. I didn't spend much time on computer today, and the little I did everything worked fine.
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.1 KB · Views: 2
I think I might have found a cause for the problem. My wife connected her work laptop to Wifi and things went down from there. I had the "there is no internet connection" screen and sent data is now some 25 times larger than received data. The sent data keeps on running even after the laptop was disconnected and turned off. Attached is the fixlog. I kept on getting an error message where techspot forum things there is spam like content on the message.
 

Attachments

  • Fixlog.txt
    4.6 KB · Views: 1
I think I might have found a cause for the problem. My wife connected her work laptop to Wifi and things went down from there. I had the "there is no internet connection" screen and sent data is now some 25 times larger than received data. The sent data keeps on running even after the laptop was disconnected and turned off. Attached is the fixlog. I kept on getting an error message where techspot forum things there is spam like content on the message.
 
I have reeboted my computer couple of times now. No other devices are connected to internet except for my desktop. The moment I open any browser, the sent data starts running. Right now, after 9 minutes of connection, the difference between sent vs received is 30:2.
 
I see no reason to worry about it. I even have no idea if there is any "correct" ratio. Your computer will always communicate with something.
So far, we didn't find much.
Please follow my previous reply.
 
The problem is though that the internet connection keeps failing. Or I guess the proper way to put it is, that downloading keeps on failing and makes web browsing pretty much impossible.

When I post fixlog I continue getting the message below. I attached the log on my previous reply. Hope that works.

The following error occurred:
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.
 
Which browser is having these issues?
Try different browser to see if it has same problem.

Then...

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
All the browsers I've tried had internet connection issues. The internet connection has been fine again, since we haven't connected my wife's work laptop to Wifi. She will have it inspected.

Sophos didn't find any threats, so no log file available.

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Antivirus by F-Secure
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 26.0.0.151
Mozilla Firefox (51.0.1)
Google Chrome (60.0.3112.101)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
F-Secure Internet Security apps ComputerSecurity\Anti-Virus\FSGK32.EXE
F-Secure Internet Security apps ComputerSecurity\Anti-Virus\fssm32.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````




Farbar Service Scanner Version: 27-01-2016
Ran by Teppo (administrator) on 20-08-2017 at 13:22:09
Running from "C:\Users\Teppo\Downloads"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
redtarget.gif
Update Firefox to the current version.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
Everything is working fine. I've connected other devices (not wife's laptop) to Wifi and internet connection has been stable.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back