Jump to content

maugrimx

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

Reputation

0 Neutral
  1. maugrimx
    The computer is working fine now, thanks for your help
  2. maugrimx
    did Farbar detect some malware? and what type of malware?
  3. maugrimx
    Here is the fixlog and addition logs. so i should reset firefox? Fixlog.txt Addition.txt
  4. maugrimx
    i have recently bought a used computer wich i suspect is infected, avg was preinstalled and in its quarantine there was alot of pups. Here is the malwarebytes log Malwarebytes www.malwarebytes.com -Loggdetaljer- Skannedato: 07.02.2019 Skanneklokkeslett: 02:32 Loggfil: 42e3982c-2a78-11e9-9b1b-cc52af7e116c.json -Programvareinformasjon- Versjon: 3.7.1.2839 Komponentversjon: 1.0.538 Oppdater pakkeversjon: 1.0.9150 Lisens: Gratis -Systeminformasjon- OS: Windows 8.1 CPU: x64 Filsystem: NTFS Bruker: LT1\in-je_000 -Skanneoppsummering- Skannetype: Skanning av trusler Skann startet av: Manuelt Resultat: Fullført Skannede objekter: 264262 Registrerte trusler: 0 Trusler satt i karantene: 0 Forløpt tid: 5 min, 22 sek -Skannealternativer- Minne: Aktivert Oppstart: Aktivert Filsystem: Aktivert Arkiver: Aktivert Rootkits: Aktivert Heurestikk: Aktivert PUP: Oppdag PUM: Oppdag -Skannedetaljer- Prosess: 0 (Ingen skadelig programvare registrert) Modul: 0 (Ingen skadelig programvare registrert) Registernøkkel: 0 (Ingen skadelig programvare registrert) Registerverdi: 0 (Ingen skadelig programvare registrert) Registerdata: 0 (Ingen skadelig programvare registrert) Dataflyt: 0 (Ingen skadelig programvare registrert) Mappe: 0 (Ingen skadelig programvare registrert) Fil: 0 (Ingen skadelig programvare registrert) Fysisk sektor: 0 (Ingen skadelig programvare registrert) WMI: 0 (Ingen skadelig programvare registrert) (end) And the FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 6.02.2019 Ran by in-je_000 (administrator) on LT1 (07-02-2019 02:42:37) Running from C:\Users\in-je_000\Downloads Loaded Profiles: in-je_000 (Available Profiles: in-je_000 & Administrator) Platform: Windows 8.1 Pro (Update) (X64) Language: Norsk, bokmål (Norge) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Lenovo.) C:\Windows\System32\LPlatSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Lenovo.) C:\Windows\System32\LPlatSvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated -> Synaptics Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) HKLM\...\Drivers32: [msacm.l3codecp] => C:\WINDOWS\system32\l3codecp.acm [177152 2014-10-29] (Fraunhofer Institut Integrierte Schaltungen IIS) HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\WINDOWS\SysWOW64\l3codecp.acm [186368 2014-10-29] (Fraunhofer Institut Integrierte Schaltungen IIS) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.81\Installer\chrmstp.exe [2019-02-05] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 148.122.16.253 148.122.164.253 Tcpip\..\Interfaces\{55E2A1F6-E18B-497A-B011-E7DD38620C58}: [DhcpNameServer] 148.122.16.253 148.122.164.253 Internet Explorer: ================== HKU\S-1-5-21-1023177784-507962552-4034174640-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.no/ BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_202\bin\ssv.dll [2019-02-05] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_202\bin\jp2ssv.dll [2019-02-05] (Oracle America, Inc. -> Oracle Corporation) FireFox: ======== FF DefaultProfile: nd2zvesi.default FF ProfilePath: C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default [2019-02-07] FF Homepage: Mozilla\Firefox\Profiles\nd2zvesi.default -> www.google.no FF Extension: (HTTPS-everywhere) - C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default\Extensions\https-everywhere@eff.org.xpi [2019-02-03] FF Extension: (uBlock Origin) - C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default\Extensions\uBlock0@raymondhill.net.xpi [2019-02-06] FF Extension: (Avast Online Security) - C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default\Extensions\wrc@avast.com.xpi [2019-02-03] FF Extension: (Greasemonkey) - C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-01-14] FF Plugin: @java.com/DTPlugin,version=11.202.2 -> C:\Program Files\Java\jre1.8.0_202\bin\dtplugin\npDeployJava1.dll [2019-02-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.202.2 -> C:\Program Files\Java\jre1.8.0_202\bin\plugin2\npjp2.dll [2019-02-05] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.no/ CHR StartupUrls: Default -> "hxxp://www.google.no/" CHR Profile: C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default [2019-02-06] CHR Extension: (Slides) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-05] CHR Extension: (Docs) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-06] CHR Extension: (Google Drive) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-06] CHR Extension: (YouTube) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-06] CHR Extension: (uBlock Origin) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-06] CHR Extension: (Tampermonkey) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-02-06] CHR Extension: (Sheets) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-05] CHR Extension: (HTTPS Everywhere) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-02-06] CHR Extension: (Google Docs Offline) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-05] CHR Extension: (Gmail) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-06] CHR Extension: (Chrome Media Router) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-05] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [711248 2017-02-20] (Lenovo -> Lenovo.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [223056 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166792 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-25] (AVAST Software s.r.o. -> AVAST Software) S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider) R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [480776 2015-10-29] (Intel(R) Intel Network Drivers -> Intel Corporation) R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [65320 2018-12-26] (Martin Malik - REALiX -> REALiX(tm)) S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation - Software and Firmware Products -> Intel Corporation) S3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation) S0 iaStorAV; C:\WINDOWS\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [5384176 2015-06-01] (Intel Corporation - pGFX -> Intel Corporation) R3 MEIx64; C:\WINDOWS\System32\drivers\HECIx64.sys [56344 2010-10-19] (Intel Corporation -> Intel Corporation) R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) S0 nvraid; C:\WINDOWS\System32\drivers\nvraid.sys [150368 2013-08-22] (Microsoft Windows -> NVIDIA Corporation) S0 nvstor; C:\WINDOWS\System32\drivers\nvstor.sys [168288 2013-08-22] (Microsoft Windows -> NVIDIA Corporation) S0 qxuaja; no ImagePath R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S0 SiSRaid2; C:\WINDOWS\System32\drivers\SiSRaid2.sys [44896 2013-08-22] (Microsoft Windows -> Silicon Integrated Systems Corp.) S0 SiSRaid4; C:\WINDOWS\System32\drivers\sisraid4.sys [81760 2013-08-22] (Microsoft Windows -> Silicon Integrated Systems) S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [181904 2018-02-14] (RH Software -> Ray Hinchliffe) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated -> Synaptics Incorporated) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed] S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X] U4 DiagTrack; no ImagePath U4 dmwappushservice; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-07 02:42 - 2019-02-07 02:43 - 000015093 _____ C:\Users\in-je_000\Downloads\FRST.txt 2019-02-07 02:41 - 2019-02-07 02:42 - 000000000 ____D C:\FRST 2019-02-07 02:40 - 2019-02-07 02:40 - 002433536 _____ (Farbar) C:\Users\in-je_000\Downloads\FRST64.exe 2019-02-07 02:39 - 2019-02-07 02:39 - 000001345 _____ C:\Users\in-je_000\Desktop\Malwarebytes.txt 2019-02-07 01:08 - 2019-02-07 01:09 - 000622000 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-02-06 19:51 - 2019-02-06 19:51 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-02-06 19:51 - 2019-02-06 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-06 19:51 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-02-06 14:03 - 2019-02-06 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2019-02-06 14:01 - 2019-02-06 14:01 - 000002454 _____ C:\Users\in-je_000\Documents\cc_20190206_140141.reg 2019-02-06 13:58 - 2019-02-07 01:08 - 000000000 ____D C:\Program Files\CCleaner 2019-02-06 13:58 - 2019-02-06 13:58 - 000003870 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-02-06 13:58 - 2019-02-06 13:58 - 000002806 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-02-06 13:58 - 2019-02-06 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-02-06 13:47 - 2019-02-06 13:48 - 000000000 ____D C:\Users\in-je_000\Desktop\Adwarecleaner 2019-02-05 19:41 - 2019-02-05 19:41 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2019-02-05 19:41 - 2019-02-05 19:41 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\Sun 2019-02-05 19:40 - 2019-02-05 19:40 - 000000000 ____D C:\Program Files\Java 2019-02-05 17:36 - 2019-02-05 17:36 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51563455.sys 2019-02-05 15:28 - 2019-02-05 15:28 - 000002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-02-05 15:26 - 2019-02-05 15:26 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\LibreOffice 2019-02-05 15:26 - 2019-02-05 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.1 2019-02-05 15:25 - 2019-02-05 15:25 - 000000000 ____D C:\Program Files\LibreOffice 2019-02-05 15:23 - 2019-02-05 17:57 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2019-02-05 15:22 - 2019-02-05 15:23 - 000000000 ____D C:\Users\in-je_000\Desktop\Malwarebytes antirootkit 2019-02-05 15:20 - 2019-02-05 15:20 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2019-02-05 15:20 - 2019-02-05 15:20 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2019-02-05 15:17 - 2019-02-05 15:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe 2019-02-05 14:57 - 2019-02-05 15:31 - 000000000 ____D C:\Users\in-je_000\Desktop\Tron 2019-02-05 14:42 - 2019-02-06 14:05 - 000000000 ____D C:\Users\in-je_000\Desktop\Program innstall files 2019-02-04 17:11 - 2019-02-04 17:11 - 000000000 ____D C:\Users\in-je_000\AppData\Local\PackageStaging 2019-02-04 16:29 - 2019-02-07 01:08 - 000000000 ____D C:\Program Files\7-Zip 2019-02-04 16:03 - 2019-02-04 16:03 - 000000000 ____D C:\ProgramData\Mozilla 2019-02-03 15:20 - 2019-02-06 15:52 - 000002001 _____ C:\Users\in-je_000\AppData\Local\00000000000000000000000.0x0 2019-02-03 14:51 - 2019-02-03 14:51 - 000000000 ____D C:\Program Files (x86)\PrivaZer 2019-02-03 10:32 - 2019-02-03 16:03 - 000001057 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2019-02-03 10:32 - 2019-02-03 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2019-02-03 10:32 - 2019-02-03 10:32 - 000000000 ____D C:\Program Files\VS Revo Group 2019-02-03 10:29 - 2019-02-03 10:29 - 000000000 ____D C:\Users\in-je_000\Desktop\Sony Dvd recorder 2019-02-03 10:29 - 2019-02-03 10:29 - 000000000 ____D C:\Users\in-je_000\Desktop\Lenovo skjerm 2019-01-25 01:24 - 2019-01-25 01:24 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\AVAST Software 2019-01-25 01:24 - 2019-01-25 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2019-01-25 01:23 - 2019-01-26 14:25 - 000004168 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2019-01-25 01:23 - 2019-01-25 01:23 - 000223056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2019-01-25 01:23 - 2019-01-25 01:23 - 000166792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000361352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2019-01-25 01:23 - 2019-01-25 01:22 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000239808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2019-01-25 01:23 - 2019-01-25 01:22 - 000037304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2019-01-25 01:21 - 2019-01-25 01:21 - 000000000 ____D C:\Program Files\AVAST Software 2019-01-18 01:16 - 2019-01-09 04:34 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-01-18 01:16 - 2019-01-09 04:21 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-01-18 01:16 - 2018-12-08 17:01 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls 2019-01-18 01:16 - 2018-12-08 17:01 - 000513376 _____ C:\WINDOWS\system32\locale.nls 2019-01-18 01:16 - 2018-12-02 11:08 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2019-01-18 01:16 - 2018-12-01 17:44 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2019-01-18 01:16 - 2018-10-12 14:19 - 000998480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2019-01-14 18:02 - 2019-02-03 14:47 - 000000868 _____ C:\Users\in-je_000\Documents\cc_20190114_180200.reg 2019-01-14 07:47 - 2019-01-14 07:47 - 000000000 ____D C:\Users\in-je_000\.idlerc 2019-01-14 06:35 - 2019-01-14 06:35 - 000000000 ___RD C:\Users\in-je_000\Documents\Scanned Documents 2019-01-14 06:35 - 2019-01-14 06:35 - 000000000 ____D C:\Users\in-je_000\Documents\Fax 2019-01-14 06:33 - 2019-01-14 18:01 - 000000000 ___DC C:\Users\in-je_000\AppData\Local\MigWiz 2019-01-14 05:57 - 2019-02-04 19:23 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-01-14 05:57 - 2019-02-04 19:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-01-14 05:57 - 2019-02-04 16:03 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-01-14 05:57 - 2019-01-14 06:04 - 000000000 ____D C:\Users\in-je_000\AppData\Local\Mozilla 2019-01-14 05:57 - 2019-01-14 05:57 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\Mozilla 2019-01-09 14:16 - 2019-01-02 20:05 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-01-09 14:16 - 2019-01-02 20:05 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-01-09 14:06 - 2018-12-28 03:12 - 000444368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-01-09 14:06 - 2018-12-28 03:12 - 000178128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-01-09 14:06 - 2018-12-28 01:24 - 000333768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-01-09 14:06 - 2018-12-28 01:01 - 025738240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-01-09 14:06 - 2018-12-28 00:38 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-01-09 14:06 - 2018-12-28 00:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-01-09 14:06 - 2018-12-28 00:31 - 005778944 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-01-09 14:06 - 2018-12-28 00:25 - 020279808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-01-09 14:06 - 2018-12-28 00:25 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-01-09 14:06 - 2018-12-28 00:17 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2019-01-09 14:06 - 2018-12-28 00:05 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-01-09 14:06 - 2018-12-28 00:02 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-01-09 14:06 - 2018-12-27 23:56 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2019-01-09 14:06 - 2018-12-27 23:55 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-01-09 14:06 - 2018-12-27 23:50 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2019-01-09 14:06 - 2018-12-27 23:49 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2019-01-09 14:06 - 2018-12-27 23:48 - 015284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-01-09 14:06 - 2018-12-27 23:48 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2019-01-09 14:06 - 2018-12-27 23:48 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2019-01-09 14:06 - 2018-12-27 23:48 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2019-01-09 14:06 - 2018-12-27 23:47 - 001441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-01-09 14:06 - 2018-12-27 23:45 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2019-01-09 14:06 - 2018-12-27 23:41 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-01-09 14:06 - 2018-12-27 23:34 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2019-01-09 14:06 - 2018-12-27 23:33 - 004860416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-01-09 14:06 - 2018-12-27 23:33 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-01-09 14:06 - 2018-12-27 23:31 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2019-01-09 14:06 - 2018-12-27 23:29 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-01-09 14:06 - 2018-12-27 23:29 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2019-01-09 14:06 - 2018-12-27 23:29 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2019-01-09 14:06 - 2018-12-27 23:29 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2019-01-09 14:06 - 2018-12-27 23:24 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-01-09 14:06 - 2018-12-27 23:22 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-01-09 14:06 - 2018-12-27 23:11 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-01-09 14:06 - 2018-12-27 23:11 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2019-01-09 14:06 - 2018-12-27 23:11 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2019-01-09 14:06 - 2018-12-27 23:07 - 001329664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-01-09 14:06 - 2018-12-27 23:06 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2019-01-09 14:06 - 2018-12-27 23:05 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2019-01-09 14:06 - 2018-12-08 21:22 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-01-09 14:06 - 2018-12-08 21:22 - 002014152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-01-09 14:06 - 2018-12-08 20:00 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2019-01-09 14:06 - 2018-12-08 12:23 - 000121272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2019-01-09 14:06 - 2018-12-08 09:13 - 002534664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-01-09 14:06 - 2018-12-08 07:25 - 002173040 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-01-09 14:06 - 2018-12-08 06:56 - 001901896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-01-09 14:06 - 2018-12-08 06:32 - 001563376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2019-01-09 14:06 - 2018-12-08 04:49 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-01-09 14:06 - 2018-12-07 15:24 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-01-09 14:06 - 2018-11-28 09:34 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2019-01-09 14:06 - 2018-11-28 09:17 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2019-01-08 07:13 - 2019-01-08 07:14 - 000000000 ____D C:\AdwCleaner ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-07 01:55 - 2018-12-18 15:52 - 000000000 ____D C:\Users\in-je_000\AppData\LocalLow\Mozilla 2019-02-07 01:19 - 2018-12-17 12:50 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1023177784-507962552-4034174640-1007 2019-02-07 01:12 - 2018-12-17 13:08 - 000003924 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{35508C51-563B-4A32-BF46-17EF83DB49D4} 2019-02-07 01:09 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-02-06 19:16 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-02-06 15:54 - 2018-12-18 20:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2019-02-06 15:46 - 2018-12-17 20:02 - 000000000 ____D C:\Users\in-je_000\AppData\Local\privazer 2019-02-06 15:45 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2019-02-05 19:40 - 2014-11-03 13:38 - 000000000 ____D C:\Program Files (x86)\Java 2019-02-05 18:18 - 2018-12-17 12:45 - 000000000 ____D C:\Users\in-je_000\AppData\Local\Packages 2019-02-05 18:18 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2019-02-05 18:18 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-02-05 18:02 - 2018-12-23 11:33 - 000000000 ____D C:\Users\in-je_000\AppData\Local\CrashDumps 2019-02-05 18:02 - 2018-12-17 12:59 - 000000000 ___RD C:\Users\in-je_000\Desktop\1 2019-02-05 17:36 - 2018-12-18 20:13 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-05 15:28 - 2018-12-17 14:40 - 000000000 ____D C:\Users\in-je_000\AppData\Local\Google 2019-02-05 15:27 - 2014-10-24 10:28 - 000000000 ____D C:\Program Files (x86)\Google 2019-02-05 15:20 - 2018-12-19 20:43 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-02-04 19:23 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI 2019-02-03 20:08 - 2018-12-17 12:44 - 000000000 ____D C:\Users\in-je_000 2019-02-03 16:18 - 2018-12-08 12:34 - 000000000 ____D C:\ProgramData\TEMP 2019-02-03 16:18 - 2018-12-08 12:34 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster 2019-02-03 16:12 - 2018-12-17 14:50 - 000000000 ____D C:\Users\in-je_000\AppData\Local\Spotify 2019-02-03 16:12 - 2018-12-17 14:49 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\Spotify 2019-02-03 15:35 - 2018-12-30 15:51 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\vlc 2019-02-03 14:51 - 2018-12-12 18:43 - 000001916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk 2019-02-03 10:18 - 2014-09-24 07:11 - 001371448 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-02-03 10:18 - 2014-09-24 06:26 - 000444840 _____ C:\WINDOWS\system32\perfh014.dat 2019-02-03 10:18 - 2014-09-24 06:26 - 000074434 _____ C:\WINDOWS\system32\perfc014.dat 2019-01-25 01:19 - 2018-12-18 17:24 - 000000000 ____D C:\ProgramData\AVAST Software 2019-01-24 01:02 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-01-22 13:32 - 2018-12-28 20:20 - 000000000 ____D C:\ProgramData\Package Cache 2019-01-20 02:57 - 2018-12-08 12:35 - 000040924 __RSH C:\ProgramData\ntuser.pol 2019-01-18 01:30 - 2014-10-25 15:44 - 000000000 ____D C:\Program Files\Microsoft Silverlight 2019-01-18 01:30 - 2014-10-25 15:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2019-01-18 01:18 - 2014-10-25 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2019-01-16 03:46 - 2018-12-17 12:45 - 000000000 ____D C:\Users\in-je_000\AppData\Local\VirtualStore 2019-01-14 10:22 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache 2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\system32\winrm 2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\system32\WCN 2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\system32\slmgr 2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\WinStore 2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\migwiz 2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Windows Defender 2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2019-01-11 20:37 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\servicing 2019-01-11 20:36 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2019-01-11 20:36 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2019-01-11 03:19 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-01-11 03:19 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-01-10 19:38 - 2014-06-19 18:41 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-01-09 14:08 - 2014-10-25 15:43 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-01-09 14:06 - 2014-10-25 15:43 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2019-02-03 15:20 - 2019-02-06 15:52 - 000002001 _____ () C:\Users\in-je_000\AppData\Local\00000000000000000000000.0x0 ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-02-07 01:20 ==================== End of FRST.txt ============================ And the Addition log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019 Ran by in-je_000 (07-02-2019 02:43:30) Running from C:\Users\in-je_000\Downloads Windows 8.1 Pro (Update) (X64) (2014-11-04 16:17:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1023177784-507962552-4034174640-500 - Administrator - Enabled) => C:\Users\Administrator Gjest (S-1-5-21-1023177784-507962552-4034174640-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1023177784-507962552-4034174640-1004 - Limited - Enabled) in-je_000 (S-1-5-21-1023177784-507962552-4034174640-1007 - Administrator - Enabled) => C:\Users\in-je_000 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.06 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1806-000001000000}) (Version: 18.06.00.0 - Igor Pavlov) 7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov) Adobe Acrobat Reader DC - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.81 - Google Inc.) HWiNFO64 Version 6.00 (HKLM\...\HWiNFO64_is1) (Version: 6.00 - Martin Malík - REALiX) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Java 8 Update 202 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180202F0}) (Version: 8.0.2020.8 - Oracle Corporation) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden LibreOffice 6.1.4.2 (HKLM\...\{080C0C39-B1B5-48BB-85AB-4F9A8768CD10}) (Version: 6.1.4.2 - The Document Foundation) Malwarebytes versjon 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219.473 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219.473 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810 (HKLM\...\{2CD849A7-86A1-34A6-B8F9-D72F5B21A9AE}) (Version: 14.12.25810 - Microsoft Corporation) Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810 (HKLM\...\{C99E2ADC-0347-336E-A603-F1992B09D582}) (Version: 14.12.25810 - Microsoft Corporation) Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810 (HKLM-x32\...\{7FED75A1-600C-394B-8376-712E2A8861F2}) (Version: 14.12.25810 - Microsoft Corporation) Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810 (HKLM-x32\...\{828952EB-5572-3666-8CA9-000B6CE79350}) (Version: 14.12.25810 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 65.0 (x64 nb-NO) (HKLM\...\Mozilla Firefox 65.0 (x64 nb-NO)) (Version: 65.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla) PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.63.0 - Goversoft LLC) Python Launcher (HKLM-x32\...\{FA2A3867-8965-4CF7-83E2-C8960652F5AD}) (Version: 3.7.6565.0 - Python Software Foundation) Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.) Spotify (HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\Spotify) (Version: 1.0.99.250.g936eab8d - Spotify AB) Språkpakke for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) – NOR (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NOR) (Version: 10.0.50903 - Microsoft Corporation) SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1026 - SUPERAntiSpyware.com) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - ) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> No File ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] () ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] () ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] () ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> No File ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2015-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08A7787C-3B74-47D0-B251-771FAA37A01B} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2019-01-17] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) Task: {33991FA0-707B-4068-9F3E-CC45EF53CF0C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-17] (AVAST Software s.r.o. -> AVAST Software) Task: {3CD9BFFC-1E6B-4889-BE80-0F74C1F02B11} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2019-02-03] (Goversoft LLC -> Goversoft LLC) Task: {3D3BD175-D93D-4EC6-83DF-25440C8AF574} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc -> Google Inc.) Task: {40AD2D64-14D0-42BE-8F9F-27F1417C61C9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-25] (AVAST Software s.r.o. -> AVAST Software) Task: {5152B0C2-1609-4E02-9504-BF3E1545CE62} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1023177784-507962552-4034174640-500 => C:\Users\Administrator\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-10-29] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {68A3BF54-3987-4798-BAE8-3F267B313A4F} - \Adobe Acrobat Update Task -> No File <==== ATTENTION Task: {C5931B5D-5A38-4DC4-8619-F7516CB558F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {E852DDF1-DE3F-494E-9321-DE1384B5D0F5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {E9B72E6E-0865-4B7E-A111-6BB7D27DA81C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-02-06] (Piriform Software Ltd -> Piriform Software Ltd) Task: {FCB488CD-1C47-4091-8EE4-6188722D7D3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2019-02-03 14:51 - 2019-02-03 14:51 - 003525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll 2014-01-29 23:02 - 2015-06-01 20:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2019-01-25 01:22 - 2019-01-25 01:22 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2019-01-25 01:22 - 2019-01-25 01:22 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2019-01-04 12:50 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ HKU\S-1-5-21-1023177784-507962552-4034174640-1007\Control Panel\Desktop\\Wallpaper -> DNS Servers: 148.122.16.253 - 148.122.164.253 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{B433356B-4F6F-49AB-927B-6F4D909802F7}C:\users\in-je_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\in-je_000\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{1794126E-1AA7-4306-BF24-36BC0B5C9D95}C:\users\in-je_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\in-je_000\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F4540D78-A444-4C52-95C9-26B3D2B041A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{173CD989-181F-4364-B519-67B64E62BA61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{6A5B8457-6032-41FF-A909-B722918D8EB3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [{0809D250-8828-4350-A080-FA1B1A50916D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [{1F40C333-225A-45F9-8C72-3D640461DC18}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{AE69C29F-FF56-44B2-AA49-24DB310E49A1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{5A45BE7D-DAAC-4D33-8AB8-9C6BE3AAE006}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) ==================== Restore Points ========================= 06-02-2019 19:16:49 Windows Update ==================== Faulty Device Manager Devices ============= Name: Standardsystemenhet Description: Standardsystemenhet Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (02/06/2019 03:50:09 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Skyggekopiene av volum C: ble avbrutt fordi skyggekopilageret ikke kunne vokse på grunn av en brukerdefinert grense. Windows Defender: =================================== Date: 2019-01-23 19:06:14.058 Description: Skanning av Windows Defender er stoppet før fullføring. Skanne-ID: {8D8AB703-7704-4ABE-AF80-148DCD529AB5} Skannetype: Beskyttelse mot skadelig programvare Skanneparametere: Hurtigskanning Bruker: NT-MYNDIGHET\SYSTEM Date: 2019-01-22 13:46:09.072 Description: Skanning av Windows Defender er stoppet før fullføring. Skanne-ID: {69C00C53-5527-455D-9509-4324F9BC0A2E} Skannetype: Beskyttelse mot skadelig programvare Skanneparametere: Hurtigskanning Bruker: NT-MYNDIGHET\SYSTEM Date: 2019-01-18 07:51:15.092 Description: Skanning av Windows Defender er stoppet før fullføring. Skanne-ID: {26894FC1-5A09-4E5A-B878-22DFB32C6704} Skannetype: Beskyttelse mot skadelig programvare Skanneparametere: Hurtigskanning Bruker: NT-MYNDIGHET\SYSTEM Date: 2019-01-16 12:37:57.215 Description: Skanning av Windows Defender er stoppet før fullføring. Skanne-ID: {EFCA68AC-51C5-42FA-838B-EC5C7941ED06} Skannetype: Beskyttelse mot skadelig programvare Skanneparametere: Fullstendig skanning Bruker: LT1\in-je_000 Date: 2019-01-13 20:35:14.117 Description: Skanning av Windows Defender er stoppet før fullføring. Skanne-ID: {A5E197D1-5DB8-41AF-88BF-9EE6D01EC92D} Skannetype: Beskyttelse mot skadelig programvare Skanneparametere: Hurtigskanning Bruker: NT-MYNDIGHET\SYSTEM Date: 2018-10-18 23:56:28.770 Description: Windows Defender har støtt på en feil under forsøk på å oppdatere signaturer. Ny signaturversjon: 1.279.67.0 Forrige signaturversjon: 1.277.1228.0 Oppdateringskilde: Bruker Signaturtype: Antispionvare Oppdateringstype: Fullstendig Bruker: NT-MYNDIGHET\SYSTEM Gjeldende motorversjon: 1.1.15400.4 Forrige motorversjon: 1.1.15300.6 Feilkode: 0x80509004 Feilbeskrivelse: Det oppstod et uventet problem. Installer eventuelle tilgjengelige oppdateringer, og prøv deretter å starte programmet på nytt. Se Hjelp og støtte hvis du vil ha informasjon om installering av oppdateringer. Date: 2018-10-18 23:56:28.770 Description: Windows Defender har støtt på en feil under forsøk på å oppdatere signaturer. Ny signaturversjon: 1.279.67.0 Forrige signaturversjon: 1.277.1228.0 Oppdateringskilde: Bruker Signaturtype: AntiVirus Oppdateringstype: Fullstendig Bruker: NT-MYNDIGHET\SYSTEM Gjeldende motorversjon: 1.1.15400.4 Forrige motorversjon: 1.1.15300.6 Feilkode: 0x80509004 Feilbeskrivelse: Det oppstod et uventet problem. Installer eventuelle tilgjengelige oppdateringer, og prøv deretter å starte programmet på nytt. Se Hjelp og støtte hvis du vil ha informasjon om installering av oppdateringer. Date: 2018-10-18 23:56:28.770 Description: Windows Defender har støtt på en feil under forsøk på å oppdatere motoren. Ny motorversjon: 1.1.15400.4 Forrige motorversjon: 1.1.15300.6 Bruker: NT-MYNDIGHET\SYSTEM Feilkode: 0x80509004 Feilbeskrivelse: Det oppstod et uventet problem. Installer eventuelle tilgjengelige oppdateringer, og prøv deretter å starte programmet på nytt. Se Hjelp og støtte hvis du vil ha informasjon om installering av oppdateringer. Date: 2018-10-18 23:54:59.260 Description: Windows Defender har støtt på en feil under forsøk på å oppdatere signaturer. Ny signaturversjon: Forrige signaturversjon: 1.277.1228.0 Oppdateringskilde: Microsofts oppdateringsserver Signaturtype: AntiVirus Oppdateringstype: Fullstendig Bruker: NT-MYNDIGHET\SYSTEM Gjeldende motorversjon: Forrige motorversjon: 1.1.15300.6 Feilkode: 0x80240016 Feilbeskrivelse: Det oppstod et uventet problem da det ble sett etter nye oppdateringer. Se Hjelp og støtte hvis du vil ha informasjon om installering eller feilsøking av oppdateringer. Date: 2018-10-18 23:54:59.260 Description: Windows Defender har støtt på en feil under forsøk på å oppdatere signaturer. Ny signaturversjon: Forrige signaturversjon: 1.277.1228.0 Oppdateringskilde: Microsofts oppdateringsserver Signaturtype: AntiVirus Oppdateringstype: Fullstendig Bruker: NT-MYNDIGHET\SYSTEM Gjeldende motorversjon: Forrige motorversjon: 1.1.15300.6 Feilkode: 0x80240016 Feilbeskrivelse: Det oppstod et uventet problem da det ble sett etter nye oppdateringer. Se Hjelp og støtte hvis du vil ha informasjon om installering eller feilsøking av oppdateringer. CodeIntegrity: =================================== Date: 2018-12-18 17:22:33.177 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-18 17:16:07.011 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-18 16:59:59.491 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-18 16:17:54.509 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-18 16:08:00.315 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-10-17 23:25:40.607 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 21:15:55.502 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-26 15:57:42.186 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz Percentage of memory in use: 26% Total physical RAM: 8075.23 MB Available physical RAM: 5929.63 MB Total Virtual: 9355.23 MB Available Virtual: 7221.29 MB ==================== Drives ================================ Drive c: (STFKSYS) (Fixed) (Total:178.85 GB) (Free:152.11 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (STFKData) (Fixed) (Total:119.24 GB) (Free:118.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 31D31A78) Partition 1: (Active) - (Size=178.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  5. maugrimx
    i wonder where the problem resides.
  6. maugrimx
    i have not been able to visit www.siteadvisor.com in several months, i just keep getting this message "Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. More information about this error may be available in the server error log. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request" what can i do to be able to visit siteadvisor again? does anyone else have this problem?
  7. maugrimx
    i used the quick scan now, it took only about two minutes i did however update the bios before scanning now so maybe that maked it even faster too.thanks for your recommendations
  8. maugrimx
    so using the full scan is necessary only if an infection is suspected? when for examle quick scan finds malware in the computers memory. how often should we scan with malwarebytes and other security software? some security software that i have used requires you to right click and select "run as administrator" to be able to use some of its functions, is that required with malwarebytes too? or all security software?
  9. maugrimx
    hi, when scanning with malwarebytes today it took 5 hours and 51 minutes, this is a new computer so this was strange. on my old computer with xp it took under 1 hour to scan. the folder wich took extremely long to scan was windows\winsxs. the computer has windows vista. why does it take so long to scan? avast also scans for spyware but that took about 50 minutes.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.