Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost using excessive amount of memory


  • This topic is locked This topic is locked
1 reply to this topic

#1 V1kilpin

V1kilpin

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 17 February 2016 - 09:13 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Ville Kilpinen (administrator) on VKLAPTOP (17-02-2016 15:47:04)
Running from C:\Users\Ville Kilpinen\Downloads
Loaded Profiles: Ville Kilpinen (Available Profiles: Ville Kilpinen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: suomi (Suomi)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Google Inc.) C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-02] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [3968544 2012-02-17] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336952 2012-04-19] (Power Software Ltd)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-20] (Easybits)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\fdewuqe-x32: C:\Windows\system32\config\systemprofile\AppData\Local\fdewuqe.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\Run: [Google Update] => C:\Users\Ville Kilpinen\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\Run: [Battle.net] => C:\Users\Public\Documents\Blizzard Entertainment\Battle.net\Battle.net Launcher.exe [2946096 2015-12-17] (Blizzard Entertainment)
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Technologies S.A.)
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\MountPoints2: {1bc2335d-f17e-11e0-9de3-2c27d7beb783} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\MountPoints2: {248b7629-c82a-11e0-8994-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\MountPoints2: {764a916b-aeb1-11e4-90d2-2c27d7beb783} - I:\AutoRun.exe
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\MountPoints2: {962b3bf8-8c08-11e4-9532-2c27d7beb783} - I:\AutoRun.exe
HKU\S-1-5-21-1498368398-1312963811-2461425419-1001\...\MountPoints2: {962b3c06-8c08-11e4-9532-2c27d7beb783} - I:\AutoRun.exe
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-01-23] (EasyBits Software Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2012-02-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-12-11] (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-12-11] (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-12-11] (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-12-11] (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-12-11] (Versionate Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-04-16]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Ville Kilpinen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-09-30] ()
Startup: C:\Users\Ville Kilpinen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013-03-06]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Ville Kilpinen\AppData\Local\Facebook\Messenger\2.1.4801.0\FacebookMessenger.exe (No File)
BootExecute: autocheck autochk * lsdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 195.148.208.2 193.166.133.2
Tcpip\..\Interfaces\{043C2DA6-136C-42BD-B5C0-988D3BE5F509}: [NameServer] 195.197.54.100 195.74.0.47
Tcpip\..\Interfaces\{22544502-DE68-4268-8EB6-B55244956525}: [DhcpNameServer] 195.148.208.2 193.166.133.2
Tcpip\..\Interfaces\{872BE7A9-1C57-4C4B-99EB-5B104760F0AA}: [NameServer] 195.197.54.100 195.74.0.47
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1498368398-1312963811-2461425419-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-02-17] (AVAST Software)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-02-17] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-02-17] (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-02-17] (AVAST Software)
Toolbar: HKU\S-1-5-21-1498368398-1312963811-2461425419-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Ville Kilpinen\AppData\Roaming\Mozilla\Firefox\Profiles\ro6p8t1j.default
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll [2010-08-05] (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll [2010-08-05] (CambridgeSoft Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-15] (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1498368398-1312963811-2461425419-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ville Kilpinen\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1498368398-1312963811-2461425419-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ville Kilpinen\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1498368398-1312963811-2461425419-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-15] (Pando Networks)
FF Extension: Firebug - C:\Users\Ville Kilpinen\AppData\Roaming\Mozilla\Firefox\Profiles\ro6p8t1j.default\Extensions\firebug@software.joehewitt.com.xpi [2016-02-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-22] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=7847AC811263EFE4&affID=119357&tt=250913_cpn2&tsp=5019
CHR Plugin: (Shockwave Flash) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\Ville Kilpinen\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll => No File
CHR Plugin: (Google Update) - C:\Users\Ville Kilpinen\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-haku) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-16]
CHR Extension: (avast! WebRep) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-02-23]
CHR Extension: (Skype) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-19]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-02-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-29]
StartMenuInternet: Google Chrome - C:\Users\Ville Kilpinen\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2012-02-17] (AVAST Software)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-11-03] (Lavasoft Limited)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [651856 2013-10-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AMService; C:\Windows\TEMP\hrvgfh\setup.exe run [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-02-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [69976 2012-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-02-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [817496 2012-02-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [336216 2012-02-17] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-02-17] (AVAST Software)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] (Advanced Micro Devices) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-27] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-04-27] (Echobit, LLC)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124800 2014-06-11] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-05-04] (Huawei Technologies Co., Ltd.)
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-10-17] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1863720 2012-06-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-27] (Duplex Secure Ltd.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-12-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-12-18] (Oracle Corporation)
U3 allyijir; C:\Windows\System32\Drivers\allyijir.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-17 15:47 - 2016-02-17 15:47 - 00025476 _____ C:\Users\Ville Kilpinen\Downloads\FRST.txt
2016-02-17 15:46 - 2016-02-17 15:47 - 00000000 ____D C:\FRST
2016-02-17 15:45 - 2016-02-17 15:45 - 02370560 _____ (Farbar) C:\Users\Ville Kilpinen\Downloads\FRST64.exe
2016-02-17 15:25 - 2016-02-17 15:27 - 58791680 _____ (Counterplay Games Inc.) C:\Users\Ville Kilpinen\Downloads\DuelystLauncher-x64-v0.0.9(1).exe
2016-02-16 19:21 - 2016-02-16 19:21 - 00004061 _____ C:\Users\Ville Kilpinen\Downloads\04C2F6C4A252C3B2DFA98A54EA3A12F730B30124.torrent
2016-02-16 19:21 - 2016-02-16 19:21 - 00003451 _____ C:\Users\Ville Kilpinen\Downloads\A1B474A61C5216CA9484E806EC7682DD1EEA3E60.torrent
2016-02-15 13:02 - 2016-02-15 13:02 - 00006467 _____ C:\Users\Ville Kilpinen\Downloads\F4E64D63D1365D5F964289A97C51ED4B3F9F8D51.torrent
2016-02-15 13:02 - 2016-02-15 13:02 - 00004991 _____ C:\Users\Ville Kilpinen\Downloads\E200A1EF09771C909A2455ED35F69EA98F8C24C1.torrent
2016-02-15 00:39 - 2016-02-17 15:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-13 08:55 - 2016-02-13 08:55 - 00004125 _____ C:\Users\Ville Kilpinen\Downloads\DB8704FFC23CF2393A76FE8542F5321160FBE01F.torrent
2016-02-13 08:55 - 2016-02-13 08:55 - 00004115 _____ C:\Users\Ville Kilpinen\Downloads\9AA9C38D09CB204D3942E5FE3488823530814165.torrent
2016-02-13 08:55 - 2016-02-13 08:55 - 00003769 _____ C:\Users\Ville Kilpinen\Downloads\E0F87A0F8E5A28BE2379CD1AAF28F693E1E13460.torrent
2016-02-12 14:28 - 2016-02-12 14:28 - 00003859 _____ C:\Users\Ville Kilpinen\Downloads\17F681B39A88EDB3E861F4C2472EF5C8D742D823.torrent
2016-02-12 14:28 - 2016-02-12 14:28 - 00003431 _____ C:\Users\Ville Kilpinen\Downloads\07297FD4FA6CA10CB7236BD8ACD4B39A028FF112.torrent
2016-02-12 14:28 - 2016-02-12 14:28 - 00002769 _____ C:\Users\Ville Kilpinen\Downloads\7D07F8ACA8A8553E89A70948CD7B6E60B7805E71.torrent
2016-02-12 14:27 - 2016-02-12 14:27 - 00004653 _____ C:\Users\Ville Kilpinen\Downloads\3A6A3822089A43B0A792D33B1CDE23AA6338C862.torrent
2016-02-12 14:27 - 2016-02-12 14:27 - 00004653 _____ C:\Users\Ville Kilpinen\Downloads\3A6A3822089A43B0A792D33B1CDE23AA6338C862 (1).torrent
2016-02-12 14:27 - 2016-02-12 14:27 - 00003345 _____ C:\Users\Ville Kilpinen\Downloads\B5F23E0A29646F4BE3F20A5416C1BDE1FC96EC28.torrent
2016-02-11 20:40 - 2016-02-11 20:41 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Local\launcher
2016-02-11 20:39 - 2016-02-11 20:40 - 47913216 _____ (Counterplay Games Inc.) C:\Users\Ville Kilpinen\Downloads\DuelystLauncher-ia32-v0.0.9.exe
2016-02-11 19:49 - 2016-02-11 19:50 - 58791680 _____ (Counterplay Games Inc.) C:\Users\Ville Kilpinen\Downloads\DuelystLauncher-x64-v0.0.9 (1).exe
2016-02-11 17:27 - 2016-02-11 17:27 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Local\Bluestacks
2016-02-11 14:04 - 2016-02-11 14:04 - 00003376 _____ C:\Users\Ville Kilpinen\Downloads\34F74287EDD06191892E08FF1BEA879C1B5C3572.torrent
2016-02-11 09:39 - 2016-02-11 09:39 - 00003076 _____ C:\Users\Ville Kilpinen\Downloads\B90CC53EDE13E7A3CB516DB7566EA7690E23614E.torrent
2016-02-10 23:06 - 2016-02-10 23:06 - 00003151 _____ C:\Users\Ville Kilpinen\Downloads\11626649FA51565DBF0FC151A81BBAEC401EC643.torrent
2016-02-10 17:41 - 2016-02-10 17:41 - 00004273 _____ C:\Users\Ville Kilpinen\Downloads\875752F0BA484A247A5ECF8D31654DAABDEBD1F0.torrent
2016-02-10 17:41 - 2016-02-10 17:41 - 00003480 _____ C:\Users\Ville Kilpinen\Downloads\E45224537CD84471A3F7F235265284AF004F988D.torrent
2016-02-10 17:41 - 2016-02-10 17:41 - 00003287 _____ C:\Users\Ville Kilpinen\Downloads\7CC9CE58996E05AC03AA66A7ACA7E123C694C854.torrent
2016-02-10 17:41 - 2016-02-10 17:41 - 00003185 _____ C:\Users\Ville Kilpinen\Downloads\A4DBB0584B4FAB264D6CA9CBD7D75DC3D49BA585.torrent
2016-02-10 15:22 - 2016-02-15 00:07 - 00000000 ____D C:\Users\Ville Kilpinen\Desktop\WWW
2016-02-09 18:09 - 2016-02-09 18:09 - 00004118 _____ C:\Users\Ville Kilpinen\Downloads\EF1B91F402605F7B498E0FEFF6086D4782388AF6.torrent
2016-02-09 18:08 - 2016-02-09 18:08 - 00003626 _____ C:\Users\Ville Kilpinen\Downloads\253973F4BDC587290186913ABCCBEDF064A7FBF7.torrent
2016-02-07 14:58 - 2016-02-07 14:58 - 00004524 _____ C:\Users\Ville Kilpinen\Downloads\1F61D5BB01EAAB0C84836C42DA95DC496FC59EA9.torrent
2016-02-07 14:41 - 2016-02-07 15:30 - 152688577 _____ C:\Users\Ville Kilpinen\Downloads\CB626.rar
2016-02-06 12:52 - 2016-02-06 12:52 - 00003926 _____ C:\Users\Ville Kilpinen\Downloads\FBFA4866B211172E9B5A1C2BC9F18B9C0F8250C8.torrent
2016-02-06 12:52 - 2016-02-06 12:52 - 00003856 _____ C:\Users\Ville Kilpinen\Downloads\D335D6992C9B76DD9D36C518073DF464F514A628.torrent
2016-02-05 18:27 - 2016-02-05 18:27 - 00003702 _____ C:\Users\Ville Kilpinen\Downloads\5007A6893ADAB4D10E8416CDCB34005A2AD86BB3.torrent
2016-02-05 18:26 - 2016-02-05 18:26 - 00004344 _____ C:\Users\Ville Kilpinen\Downloads\0B1657B53FE863AD495F4D6F69DEE0EC0BED0D90.torrent
2016-02-05 18:26 - 2016-02-05 18:26 - 00003282 _____ C:\Users\Ville Kilpinen\Downloads\65116CB816535F93194C229A04EA3EEC47CF2935.torrent
2016-02-05 18:26 - 2016-02-05 18:26 - 00002380 _____ C:\Users\Ville Kilpinen\Downloads\35315C0BA3B6D11ACEC4FBE1096A5158BDE1CEBE.torrent
2016-02-05 18:25 - 2016-02-05 18:25 - 00003868 _____ C:\Users\Ville Kilpinen\Downloads\D578D02C4C29875831A012B458321A1BC835AA76.torrent
2016-02-05 18:25 - 2016-02-05 18:25 - 00003436 _____ C:\Users\Ville Kilpinen\Downloads\661CC89D84A790649909E9099602186B8D44124D.torrent
2016-02-05 13:50 - 2016-02-05 13:50 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Local\Macromedia
2016-02-04 17:32 - 2016-02-04 17:32 - 00000000 ____D C:\ubuntu
2016-02-04 12:05 - 2016-02-04 12:05 - 00022567 _____ C:\Users\Ville Kilpinen\Downloads\75CF4293DF23D8E2AF51EC61AFD4EA7A238436C2.torrent
2016-02-04 12:01 - 2016-02-04 12:01 - 00003387 _____ C:\Users\Ville Kilpinen\Downloads\5D202F5B7CFF4D3157535951EF19282962D75659.torrent
2016-02-04 00:30 - 2016-02-04 00:30 - 00003800 _____ C:\Users\Ville Kilpinen\Downloads\3E5C0365137D56B1D38B9C3B91B2D5DD8B4BA7DE.torrent
2016-02-04 00:29 - 2016-02-04 00:29 - 00003500 _____ C:\Users\Ville Kilpinen\Downloads\49980FEC3ED010C014F51CA561281100463EF4B0.torrent
2016-02-03 23:00 - 2016-02-03 23:00 - 00004084 _____ C:\Users\Ville Kilpinen\Downloads\41203B943C9B63733364E8FCCD8E2DA1234C3C9C.torrent
2016-02-03 23:00 - 2016-02-03 23:00 - 00004084 _____ C:\Users\Ville Kilpinen\Downloads\41203B943C9B63733364E8FCCD8E2DA1234C3C9C (1).torrent
2016-02-03 22:59 - 2016-02-03 22:59 - 00003596 _____ C:\Users\Ville Kilpinen\Downloads\12371872DE00B2441D7636DFAA1E4BD777788376.torrent
2016-02-02 23:13 - 2016-02-02 23:13 - 00059424 _____ C:\Users\Ville Kilpinen\Downloads\The Magicians (2016) - 01x03 - Consequences of Advanced Spellcasting.FLEET.English.HI.C.orig.Addic7ed.com.srt
2016-02-02 14:58 - 2016-02-02 14:58 - 00004260 _____ C:\Users\Ville Kilpinen\Downloads\1FF45F503286B134E9D7BB337B1F53C12895DF50.torrent
2016-02-02 14:58 - 2016-02-02 14:58 - 00003442 _____ C:\Users\Ville Kilpinen\Downloads\67405F6D4A4FD1F4178D4DB9E82B45BCBF08521B.torrent
2016-01-30 19:26 - 2016-01-30 19:26 - 00043529 _____ C:\Users\Ville Kilpinen\Downloads\Second Chance (2016) - 01x02 - One More Notch.INTERNAL.KILLERS.Dutch.orig.Addic7ed.com.srt
2016-01-30 19:04 - 2016-01-30 19:04 - 00004520 _____ C:\Users\Ville Kilpinen\Downloads\ECAC49FDD5AABBAACF4A572145097E3EBD3608FE.torrent
2016-01-30 19:03 - 2016-01-30 19:03 - 00003765 _____ C:\Users\Ville Kilpinen\Downloads\5D7B73DBC069B5CE5A974F3B1F3EF8731A2B9521.torrent
2016-01-30 19:02 - 2016-01-30 19:02 - 00004936 _____ C:\Users\Ville Kilpinen\Downloads\AD521BB3D15BF2ECB3F6CD7112F14B46753A5FF5.torrent
2016-01-30 19:02 - 2016-01-30 19:02 - 00004094 _____ C:\Users\Ville Kilpinen\Downloads\CD497B3283AADD2A6A7CF59E4C284EC967712A75.torrent
2016-01-30 19:01 - 2016-01-30 19:02 - 00003608 _____ C:\Users\Ville Kilpinen\Downloads\A6C8D558DABE8BCC87AF76D7DCEBE33FE05DF1A8.torrent
2016-01-30 18:21 - 2016-01-30 18:21 - 01088958 _____ (pendrivelinux.com) C:\Users\Ville Kilpinen\Downloads\Universal-USB-Installer-1.9.6.3.exe
2016-01-30 18:00 - 2016-01-30 18:01 - 06160320 _____ (LinuxLive USB Creator) C:\Users\Ville Kilpinen\Downloads\LinuxLive USB Creator 2.9.4.exe
2016-01-29 23:02 - 2016-01-29 23:02 - 00026294 _____ C:\Users\Ville Kilpinen\Downloads\48E1C03001C26C24E6496249624C7E0C30F2E0E9.torrent
2016-01-29 16:14 - 2016-01-29 16:14 - 00003022 _____ C:\Users\Ville Kilpinen\Downloads\A73FCD7CFD478712A4A913BE60CDB2B13FF10621.torrent
2016-01-29 16:13 - 2016-01-29 16:13 - 00005430 _____ C:\Users\Ville Kilpinen\Downloads\70057655B5A6490FC367D7EA02BE82D83ECA6D9F.torrent
2016-01-29 16:13 - 2016-01-29 16:13 - 00004288 _____ C:\Users\Ville Kilpinen\Downloads\5FB734BCA418ED41F657D327009011A63CBF0650.torrent
2016-01-29 16:13 - 2016-01-29 16:13 - 00003890 _____ C:\Users\Ville Kilpinen\Downloads\11CCDF4EFB3DDBD4CB49C601713D94EFB2FE18FC.torrent
2016-01-29 16:13 - 2016-01-29 16:13 - 00003196 _____ C:\Users\Ville Kilpinen\Downloads\5875F0B6A0120F7286F25772C293DC5FD374DEE1.torrent
2016-01-28 10:59 - 2016-01-28 10:59 - 00003387 _____ C:\Users\Ville Kilpinen\Downloads\6F1D2D61E0EA3B905AEE3E7FA7F216768CD57A31.torrent
2016-01-27 20:22 - 2016-01-27 20:22 - 00004004 _____ C:\Users\Ville Kilpinen\Downloads\EC0656CEDBCA7A3BCF76AA50A7A49FA1974E4BE9.torrent
2016-01-27 20:22 - 2016-01-27 20:22 - 00003578 _____ C:\Users\Ville Kilpinen\Downloads\298C5DEB29AA1C429C63A5765A43C7F36E3AF116.torrent
2016-01-27 20:21 - 2016-01-27 20:21 - 00003692 _____ C:\Users\Ville Kilpinen\Downloads\BC44F5E0781F3702CE9159F78086C7014D278898.torrent
2016-01-27 16:03 - 2016-01-27 16:03 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-27 16:01 - 2016-01-27 16:02 - 00242232 _____ C:\Users\Ville Kilpinen\Downloads\Firefox Setup Stub 44.0.exe
2016-01-26 21:50 - 2016-01-26 22:49 - 182632918 _____ C:\Users\Ville Kilpinen\Downloads\160126.pd.charley.3000.zip
2016-01-26 21:48 - 2016-01-26 21:48 - 00004522 _____ C:\Users\Ville Kilpinen\Downloads\11F32AD902261793FF361837B16B9E6F2367DD4F.torrent
2016-01-26 21:48 - 2016-01-26 21:48 - 00004060 _____ C:\Users\Ville Kilpinen\Downloads\4D64ADDB36AAD3400FDD8E6DC2BA56147B3CE0E3.torrent
2016-01-26 21:47 - 2016-01-26 21:47 - 00004300 _____ C:\Users\Ville Kilpinen\Downloads\3C7DA065D5C1E52B95FD28D5A54DF037171D0485.torrent
2016-01-26 21:47 - 2016-01-26 21:47 - 00003898 _____ C:\Users\Ville Kilpinen\Downloads\3D8052EB36AF7450B9A3502647D18EC693185353.torrent
2016-01-22 17:04 - 2016-01-22 17:04 - 00003988 _____ C:\Users\Ville Kilpinen\Downloads\FB79746EDF597A9F481958AED9A0BE4325E0C5C5.torrent
2016-01-22 17:03 - 2016-01-22 17:03 - 00005241 _____ C:\Users\Ville Kilpinen\Downloads\242C852E261A30909562410462B45CB5C0A2367C.torrent
2016-01-22 17:02 - 2016-01-22 17:02 - 00005084 _____ C:\Users\Ville Kilpinen\Downloads\6BB48E0FBFF89233857F7114622BC74C84B599F1.torrent
2016-01-22 17:02 - 2016-01-22 17:02 - 00004752 _____ C:\Users\Ville Kilpinen\Downloads\1A82E8EF9E00CAC3838409FCD54FFB46C0D83D04.torrent
2016-01-22 17:02 - 2016-01-22 17:02 - 00003642 _____ C:\Users\Ville Kilpinen\Downloads\EC12C19766700B16AE84D353E9A7558B08BB6756.torrent
2016-01-22 17:01 - 2016-01-22 17:01 - 00004448 _____ C:\Users\Ville Kilpinen\Downloads\509C3BDECEDEBF0B70F0C09A64806488D5D6C470.torrent
2016-01-21 23:12 - 2016-01-21 23:12 - 00003282 _____ C:\Users\Ville Kilpinen\Downloads\9A3549E2968A8467EE1CAADFA22F06C43651594C.torrent
2016-01-21 23:11 - 2016-01-21 23:11 - 00003467 _____ C:\Users\Ville Kilpinen\Downloads\2747A78FD678AF02AEEBF5DBA65BFE30859E1F90.torrent
2016-01-21 11:28 - 2016-01-21 12:20 - 158915954 _____ C:\Users\Ville Kilpinen\Downloads\PD_2016.01.20.Tommi.Jo.Sunset.Star.zip
2016-01-20 17:57 - 2016-01-20 17:57 - 00002952 _____ C:\Users\Ville Kilpinen\Downloads\06D7E48D6B6DEBB8C08716BA7EB35726FDDA4104.torrent
2016-01-20 17:55 - 2016-01-20 17:55 - 00003680 _____ C:\Users\Ville Kilpinen\Downloads\4AFD1F6C599724AD317477067FFD27921DF70986.torrent
2016-01-20 17:54 - 2016-01-20 17:54 - 00003622 _____ C:\Users\Ville Kilpinen\Downloads\41348B00F2316FD8CFF5049BB343F5D8FD678B07.torrent
2016-01-20 17:54 - 2016-01-20 17:54 - 00003580 _____ C:\Users\Ville Kilpinen\Downloads\6D11233407D4BCCDB29B738C49277AAAD4149772.torrent
2016-01-20 17:54 - 2016-01-20 17:54 - 00003262 _____ C:\Users\Ville Kilpinen\Downloads\C6FD635E81CABDBDCE804980F7B58D98EA813876.torrent
2016-01-20 15:26 - 2016-01-20 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-01-20 15:25 - 2016-01-27 15:48 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Roaming\Notepad++
2016-01-20 15:25 - 2016-01-20 15:26 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-01-20 15:24 - 2016-01-20 15:24 - 04121418 _____ C:\Users\Ville Kilpinen\Downloads\npp.6.8.8.Installer.exe
2016-01-19 18:43 - 2016-01-19 18:43 - 00003898 _____ C:\Users\Ville Kilpinen\Downloads\5EDA45D4E31F254C9D13C99E8C0A0AD019F0793F.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-17 15:37 - 2011-08-19 06:38 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Roaming\Skype
2016-02-17 15:36 - 2014-04-27 13:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-17 15:31 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-17 15:31 - 2009-07-14 06:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-17 15:23 - 2012-10-09 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-17 15:22 - 2013-08-16 07:20 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Local\Battle.net
2016-02-17 15:21 - 2011-08-16 09:21 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Local\Deployment
2016-02-17 15:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-17 01:06 - 2011-08-16 09:22 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1498368398-1312963811-2461425419-1001UA.job
2016-02-17 00:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At2.job
2016-02-17 00:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At1.job
2016-02-17 00:50 - 2015-12-31 18:54 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForVille Kilpinen.job
2016-02-16 23:53 - 2011-12-15 11:14 - 00000360 _____ C:\Windows\Tasks\At48.job
2016-02-16 23:53 - 2011-12-15 11:14 - 00000358 _____ C:\Windows\Tasks\At47.job
2016-02-16 22:53 - 2011-12-15 11:14 - 00000360 _____ C:\Windows\Tasks\At46.job
2016-02-16 22:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At45.job
2016-02-16 21:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At44.job
2016-02-16 21:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At43.job
2016-02-16 21:06 - 2012-07-07 12:36 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Roaming\vlc
2016-02-16 20:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At42.job
2016-02-16 20:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At41.job
2016-02-16 19:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At40.job
2016-02-16 19:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At39.job
2016-02-16 19:32 - 2014-10-25 11:12 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Roaming\BitTorrent
2016-02-16 18:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At38.job
2016-02-16 18:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At37.job
2016-02-16 17:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At36.job
2016-02-16 17:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At35.job
2016-02-16 16:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At34.job
2016-02-16 16:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At33.job
2016-02-16 16:06 - 2011-08-16 09:22 - 00001002 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1498368398-1312963811-2461425419-1001Core.job
2016-02-16 15:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At32.job
2016-02-16 15:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At31.job
2016-02-16 14:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At30.job
2016-02-16 14:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At29.job
2016-02-16 13:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At28.job
2016-02-16 13:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At27.job
2016-02-16 13:18 - 2016-01-14 15:51 - 00000000 ____D C:\Users\Ville Kilpinen\.VirtualBox
2016-02-16 12:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At26.job
2016-02-16 12:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At25.job
2016-02-15 11:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At24.job
2016-02-15 11:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At23.job
2016-02-15 02:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At6.job
2016-02-15 02:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At5.job
2016-02-15 01:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At4.job
2016-02-15 01:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At3.job
2016-02-13 10:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At22.job
2016-02-13 10:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At21.job
2016-02-13 09:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At20.job
2016-02-13 09:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At19.job
2016-02-13 08:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At18.job
2016-02-13 08:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At17.job
2016-02-12 12:15 - 2014-10-25 09:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-11 20:41 - 2015-12-30 14:31 - 00002256 _____ C:\Users\Ville Kilpinen\Desktop\DuelystLauncher.lnk
2016-02-11 20:41 - 2015-12-30 14:30 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counterplay Games Inc
2016-02-11 20:41 - 2015-12-30 14:26 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Local\SquirrelTemp
2016-02-11 19:06 - 2011-08-16 09:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-11 19:03 - 2011-11-23 18:17 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-02-11 19:02 - 2013-09-28 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
2016-02-11 19:02 - 2013-09-28 08:08 - 00000000 ____D C:\Program Files (x86)\3DO
2016-02-11 19:02 - 2011-11-23 18:18 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-02-11 19:01 - 2011-08-16 13:13 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-11 18:59 - 2011-08-29 17:57 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2016-02-11 18:50 - 2015-12-31 18:54 - 00003240 _____ C:\Windows\System32\Tasks\HPCeeScheduleForVille Kilpinen
2016-02-11 18:48 - 2011-01-23 08:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-11 17:37 - 2014-08-16 12:48 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Roaming\Atari
2016-02-11 17:27 - 2015-12-22 12:10 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-02-11 17:26 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-11 10:42 - 2014-10-25 09:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-11 10:40 - 2014-10-25 09:19 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-11 10:40 - 2014-10-25 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-11 09:35 - 2015-12-22 11:45 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-02-10 21:08 - 2011-08-16 09:22 - 00002432 _____ C:\Users\Ville Kilpinen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 18:36 - 2014-04-27 13:27 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 18:36 - 2014-04-27 13:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 18:36 - 2011-11-27 18:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 16:01 - 2011-08-16 09:22 - 00004046 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1498368398-1312963811-2461425419-1001UA
2016-02-10 16:01 - 2011-08-16 09:22 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1498368398-1312963811-2461425419-1001Core
2016-02-04 03:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At8.job
2016-02-04 03:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At7.job
2016-01-30 18:04 - 2011-01-23 07:13 - 00490700 _____ C:\Windows\system32\perfh00B.dat
2016-01-30 18:04 - 2011-01-23 07:13 - 00106994 _____ C:\Windows\system32\perfc00B.dat
2016-01-30 18:04 - 2009-07-14 07:13 - 01382808 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-30 18:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-01-29 21:34 - 2011-08-17 02:35 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForVKLAPTOP$
2016-01-29 21:34 - 2011-08-17 02:34 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForVKLAPTOP$.job
2016-01-28 07:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At16.job
2016-01-28 07:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At15.job
2016-01-28 06:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At14.job
2016-01-28 06:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At13.job
2016-01-28 05:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At12.job
2016-01-28 05:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At11.job
2016-01-28 04:53 - 2011-12-15 11:13 - 00000360 _____ C:\Windows\Tasks\At10.job
2016-01-28 04:53 - 2011-12-15 11:13 - 00000358 _____ C:\Windows\Tasks\At9.job
2016-01-27 16:13 - 2012-10-09 21:59 - 00000000 ____D C:\Users\Ville Kilpinen\AppData\Local\Mozilla
2016-01-27 16:03 - 2012-10-09 21:58 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-26 18:26 - 2011-08-19 06:37 - 00000000 ____D C:\ProgramData\Skype
2016-01-22 12:58 - 2014-07-19 13:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 
==================== Files in the root of some directories =======
 
2011-08-18 12:26 - 2011-08-18 12:26 - 0000000 _____ () C:\Users\Ville Kilpinen\AppData\Roaming\bitlord_log.txt
2011-11-27 18:26 - 2011-11-27 17:02 - 0167936 _____ () C:\Users\Ville Kilpinen\AppData\Roaming\chrtmp
2011-09-01 14:48 - 2011-09-08 15:30 - 0001854 _____ () C:\Users\Ville Kilpinen\AppData\Roaming\GhostObjGAFix.xml
2014-08-10 09:52 - 2014-08-12 14:04 - 0000412 _____ () C:\Users\Ville Kilpinen\AppData\Roaming\LiveSupport.exe_log.txt
2014-08-10 09:52 - 2014-08-12 14:09 - 0000092 _____ () C:\Users\Ville Kilpinen\AppData\Roaming\regsvr32.exe_log.txt
2011-11-27 18:26 - 2011-11-27 20:11 - 0000000 ____H () C:\Users\Ville Kilpinen\AppData\Roaming\windrvconfig.txt
2013-09-29 22:01 - 2013-09-29 22:01 - 0000102 _____ () C:\Users\Ville Kilpinen\AppData\Local\fusioncache.dat
2012-05-17 11:53 - 2014-02-06 17:21 - 0007641 _____ () C:\Users\Ville Kilpinen\AppData\Local\Resmon.ResmonCfg
2014-05-10 15:20 - 2014-05-10 15:20 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2011-12-15 11:14 - 2011-12-15 11:14 - 0000000 _____ () C:\ProgramData\n0ycqLJg.dat
2011-04-16 12:02 - 2011-04-16 12:02 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2011-01-23 08:16 - 2011-01-23 08:17 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-04-16 12:01 - 2011-04-16 12:01 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2011-01-23 08:15 - 2011-01-23 08:16 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-04-16 12:01 - 2011-04-16 12:01 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-01-23 08:14 - 2011-01-23 08:15 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\ProgramData\n0ycqLJg.dat
C:\Users\World of Warcraft\BlizzardError.exe
C:\Users\World of Warcraft\dbghelp.dll
C:\Users\World of Warcraft\DivxDecoder.dll
C:\Users\World of Warcraft\Scan-64.dll
C:\Users\World of Warcraft\Scan.dll
C:\Users\World of Warcraft\World of Warcraft Launcher.exe
C:\Users\World of Warcraft\Wow-64.exe
C:\Users\World of Warcraft\Wow.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
 
 
Some files in TEMP:
====================
C:\Users\Ville Kilpinen\AppData\Local\Temp\AVG.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\avguidx.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\AxSFADownloader.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\binkw32.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\d2l_Install.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\devcon.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\dmefaqck.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\Extract.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\hb9vtk1f.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\htmlayout.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\install_flash_player_11_plugin.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\ose00000.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\pyl3C25.tmp.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\pyl4C5A.tmp.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\pyl507F.tmp.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\pyl620C.tmp.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\Quarantine.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\QuickTimeInstaller.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\Resource.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\SIntf16.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\SIntf32.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\SIntfNT.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\SP52407.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\SP52509.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\SP53794.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\sp54373.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\sp54620.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\SP56221.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\SP56878.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\sp58915.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\SRLDetectionLibrary9157577030503778230.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Ville Kilpinen\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\uninst1.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\uninstall.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\utt4ED0.tmp.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\utt5302.tmp.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\war3_Install.exe
C:\Users\Ville Kilpinen\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 
 
LastRegBack: 2016-02-08 00:25
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:07 PM

Posted 18 February 2016 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

IMPORTANT.

Update your Avast and Lavasoft security programs.
Make sure they are enabled otherwise you have not protection.

===

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.
===

After the restart of the computer run the Farbar tool again. Make sure you select the box marked "Create Addition.txt file"

Paste both contents on your next reply.

If you need used 2 posts.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users