Jump to content

Recommended Posts

i have recently bought a used computer wich i suspect is infected, avg was preinstalled and in its quarantine there was alot of pups.

Here is the malwarebytes log

Malwarebytes
www.malwarebytes.com

-Loggdetaljer-
Skannedato: 07.02.2019
Skanneklokkeslett: 02:32
Loggfil: 42e3982c-2a78-11e9-9b1b-cc52af7e116c.json

-Programvareinformasjon-
Versjon: 3.7.1.2839
Komponentversjon: 1.0.538
Oppdater pakkeversjon: 1.0.9150
Lisens: Gratis

-Systeminformasjon-
OS: Windows 8.1
CPU: x64
Filsystem: NTFS
Bruker: LT1\in-je_000

-Skanneoppsummering-
Skannetype: Skanning av trusler
Skann startet av: Manuelt
Resultat: Fullført
Skannede objekter: 264262
Registrerte trusler: 0
Trusler satt i karantene: 0
Forløpt tid: 5 min, 22 sek

-Skannealternativer-
Minne: Aktivert
Oppstart: Aktivert
Filsystem: Aktivert
Arkiver: Aktivert
Rootkits: Aktivert
Heurestikk: Aktivert
PUP: Oppdag
PUM: Oppdag

-Skannedetaljer-
Prosess: 0
(Ingen skadelig programvare registrert)

Modul: 0
(Ingen skadelig programvare registrert)

Registernøkkel: 0
(Ingen skadelig programvare registrert)

Registerverdi: 0
(Ingen skadelig programvare registrert)

Registerdata: 0
(Ingen skadelig programvare registrert)

Dataflyt: 0
(Ingen skadelig programvare registrert)

Mappe: 0
(Ingen skadelig programvare registrert)

Fil: 0
(Ingen skadelig programvare registrert)

Fysisk sektor: 0
(Ingen skadelig programvare registrert)

WMI: 0
(Ingen skadelig programvare registrert)


(end)

 

And the FRST  log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 6.02.2019
Ran by in-je_000 (administrator) on LT1 (07-02-2019 02:42:37)
Running from C:\Users\in-je_000\Downloads
Loaded Profiles: in-je_000 (Available Profiles: in-je_000 & Administrator)
Platform: Windows 8.1 Pro (Update) (X64) Language: Norsk, bokmål (Norge)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\WINDOWS\system32\l3codecp.acm [177152 2014-10-29] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\WINDOWS\SysWOW64\l3codecp.acm [186368 2014-10-29] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.81\Installer\chrmstp.exe [2019-02-05] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 148.122.16.253 148.122.164.253
Tcpip\..\Interfaces\{55E2A1F6-E18B-497A-B011-E7DD38620C58}: [DhcpNameServer] 148.122.16.253 148.122.164.253

Internet Explorer:
==================
HKU\S-1-5-21-1023177784-507962552-4034174640-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.no/
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_202\bin\ssv.dll [2019-02-05] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_202\bin\jp2ssv.dll [2019-02-05] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: nd2zvesi.default
FF ProfilePath: C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default [2019-02-07]
FF Homepage: Mozilla\Firefox\Profiles\nd2zvesi.default -> www.google.no
FF Extension: (HTTPS-everywhere) - C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default\Extensions\https-everywhere@eff.org.xpi [2019-02-03]
FF Extension: (uBlock Origin) - C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default\Extensions\uBlock0@raymondhill.net.xpi [2019-02-06]
FF Extension: (Avast Online Security) - C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default\Extensions\wrc@avast.com.xpi [2019-02-03]
FF Extension: (Greasemonkey) - C:\Users\in-je_000\AppData\Roaming\Mozilla\Firefox\Profiles\nd2zvesi.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-01-14]
FF Plugin: @java.com/DTPlugin,version=11.202.2 -> C:\Program Files\Java\jre1.8.0_202\bin\dtplugin\npDeployJava1.dll [2019-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.202.2 -> C:\Program Files\Java\jre1.8.0_202\bin\plugin2\npjp2.dll [2019-02-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.no/
CHR StartupUrls: Default -> "hxxp://www.google.no/"
CHR Profile: C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default [2019-02-06]
CHR Extension: (Slides) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-05]
CHR Extension: (Docs) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-06]
CHR Extension: (Google Drive) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-06]
CHR Extension: (YouTube) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-06]
CHR Extension: (uBlock Origin) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-06]
CHR Extension: (Tampermonkey) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-02-06]
CHR Extension: (Sheets) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-05]
CHR Extension: (HTTPS Everywhere) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-05]
CHR Extension: (Gmail) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\in-je_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [711248 2017-02-20] (Lenovo -> Lenovo.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [223056 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166792 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [480776 2015-10-29] (Intel(R) Intel Network Drivers -> Intel Corporation)
R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [65320 2018-12-26] (Martin Malik - REALiX -> REALiX(tm))
S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S0 iaStorAV; C:\WINDOWS\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [5384176 2015-06-01] (Intel Corporation - pGFX -> Intel Corporation)
R3 MEIx64; C:\WINDOWS\System32\drivers\HECIx64.sys [56344 2010-10-19] (Intel Corporation -> Intel Corporation)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S0 nvraid; C:\WINDOWS\System32\drivers\nvraid.sys [150368 2013-08-22] (Microsoft Windows -> NVIDIA Corporation)
S0 nvstor; C:\WINDOWS\System32\drivers\nvstor.sys [168288 2013-08-22] (Microsoft Windows -> NVIDIA Corporation)
S0 qxuaja; no ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 SiSRaid2; C:\WINDOWS\System32\drivers\SiSRaid2.sys [44896 2013-08-22] (Microsoft Windows -> Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\WINDOWS\System32\drivers\sisraid4.sys [81760 2013-08-22] (Microsoft Windows -> Silicon Integrated Systems)
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [181904 2018-02-14] (RH Software -> Ray Hinchliffe)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
U4 DiagTrack; no ImagePath
U4 dmwappushservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-07 02:42 - 2019-02-07 02:43 - 000015093 _____ C:\Users\in-je_000\Downloads\FRST.txt
2019-02-07 02:41 - 2019-02-07 02:42 - 000000000 ____D C:\FRST
2019-02-07 02:40 - 2019-02-07 02:40 - 002433536 _____ (Farbar) C:\Users\in-je_000\Downloads\FRST64.exe
2019-02-07 02:39 - 2019-02-07 02:39 - 000001345 _____ C:\Users\in-je_000\Desktop\Malwarebytes.txt
2019-02-07 01:08 - 2019-02-07 01:09 - 000622000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-06 19:51 - 2019-02-06 19:51 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-06 19:51 - 2019-02-06 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-06 19:51 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-06 14:03 - 2019-02-06 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-02-06 14:01 - 2019-02-06 14:01 - 000002454 _____ C:\Users\in-je_000\Documents\cc_20190206_140141.reg
2019-02-06 13:58 - 2019-02-07 01:08 - 000000000 ____D C:\Program Files\CCleaner
2019-02-06 13:58 - 2019-02-06 13:58 - 000003870 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-02-06 13:58 - 2019-02-06 13:58 - 000002806 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-02-06 13:58 - 2019-02-06 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-06 13:47 - 2019-02-06 13:48 - 000000000 ____D C:\Users\in-je_000\Desktop\Adwarecleaner
2019-02-05 19:41 - 2019-02-05 19:41 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2019-02-05 19:41 - 2019-02-05 19:41 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\Sun
2019-02-05 19:40 - 2019-02-05 19:40 - 000000000 ____D C:\Program Files\Java
2019-02-05 17:36 - 2019-02-05 17:36 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51563455.sys
2019-02-05 15:28 - 2019-02-05 15:28 - 000002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-05 15:26 - 2019-02-05 15:26 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\LibreOffice
2019-02-05 15:26 - 2019-02-05 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.1
2019-02-05 15:25 - 2019-02-05 15:25 - 000000000 ____D C:\Program Files\LibreOffice
2019-02-05 15:23 - 2019-02-05 17:57 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-02-05 15:22 - 2019-02-05 15:23 - 000000000 ____D C:\Users\in-je_000\Desktop\Malwarebytes antirootkit
2019-02-05 15:20 - 2019-02-05 15:20 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2019-02-05 15:20 - 2019-02-05 15:20 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2019-02-05 15:17 - 2019-02-05 15:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2019-02-05 14:57 - 2019-02-05 15:31 - 000000000 ____D C:\Users\in-je_000\Desktop\Tron
2019-02-05 14:42 - 2019-02-06 14:05 - 000000000 ____D C:\Users\in-je_000\Desktop\Program innstall files
2019-02-04 17:11 - 2019-02-04 17:11 - 000000000 ____D C:\Users\in-je_000\AppData\Local\PackageStaging
2019-02-04 16:29 - 2019-02-07 01:08 - 000000000 ____D C:\Program Files\7-Zip
2019-02-04 16:03 - 2019-02-04 16:03 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-03 15:20 - 2019-02-06 15:52 - 000002001 _____ C:\Users\in-je_000\AppData\Local\00000000000000000000000.0x0
2019-02-03 14:51 - 2019-02-03 14:51 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2019-02-03 10:32 - 2019-02-03 16:03 - 000001057 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-02-03 10:32 - 2019-02-03 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-02-03 10:32 - 2019-02-03 10:32 - 000000000 ____D C:\Program Files\VS Revo Group
2019-02-03 10:29 - 2019-02-03 10:29 - 000000000 ____D C:\Users\in-je_000\Desktop\Sony Dvd recorder
2019-02-03 10:29 - 2019-02-03 10:29 - 000000000 ____D C:\Users\in-je_000\Desktop\Lenovo skjerm
2019-01-25 01:24 - 2019-01-25 01:24 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\AVAST Software
2019-01-25 01:24 - 2019-01-25 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-01-25 01:23 - 2019-01-26 14:25 - 000004168 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-01-25 01:23 - 2019-01-25 01:23 - 000223056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-01-25 01:23 - 2019-01-25 01:23 - 000166792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000361352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-01-25 01:23 - 2019-01-25 01:22 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000239808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-01-25 01:23 - 2019-01-25 01:22 - 000037304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-01-25 01:21 - 2019-01-25 01:21 - 000000000 ____D C:\Program Files\AVAST Software
2019-01-18 01:16 - 2019-01-09 04:34 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-18 01:16 - 2019-01-09 04:21 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-18 01:16 - 2018-12-08 17:01 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-01-18 01:16 - 2018-12-08 17:01 - 000513376 _____ C:\WINDOWS\system32\locale.nls
2019-01-18 01:16 - 2018-12-02 11:08 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-01-18 01:16 - 2018-12-01 17:44 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-01-18 01:16 - 2018-10-12 14:19 - 000998480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-01-14 18:02 - 2019-02-03 14:47 - 000000868 _____ C:\Users\in-je_000\Documents\cc_20190114_180200.reg
2019-01-14 07:47 - 2019-01-14 07:47 - 000000000 ____D C:\Users\in-je_000\.idlerc
2019-01-14 06:35 - 2019-01-14 06:35 - 000000000 ___RD C:\Users\in-je_000\Documents\Scanned Documents
2019-01-14 06:35 - 2019-01-14 06:35 - 000000000 ____D C:\Users\in-je_000\Documents\Fax
2019-01-14 06:33 - 2019-01-14 18:01 - 000000000 ___DC C:\Users\in-je_000\AppData\Local\MigWiz
2019-01-14 05:57 - 2019-02-04 19:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-14 05:57 - 2019-02-04 19:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-14 05:57 - 2019-02-04 16:03 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-14 05:57 - 2019-01-14 06:04 - 000000000 ____D C:\Users\in-je_000\AppData\Local\Mozilla
2019-01-14 05:57 - 2019-01-14 05:57 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\Mozilla
2019-01-09 14:16 - 2019-01-02 20:05 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-09 14:16 - 2019-01-02 20:05 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-09 14:06 - 2018-12-28 03:12 - 000444368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 14:06 - 2018-12-28 03:12 - 000178128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 14:06 - 2018-12-28 01:24 - 000333768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 14:06 - 2018-12-28 01:01 - 025738240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 14:06 - 2018-12-28 00:38 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 14:06 - 2018-12-28 00:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-01-09 14:06 - 2018-12-28 00:31 - 005778944 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-01-09 14:06 - 2018-12-28 00:25 - 020279808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 14:06 - 2018-12-28 00:25 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-01-09 14:06 - 2018-12-28 00:17 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2019-01-09 14:06 - 2018-12-28 00:05 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-01-09 14:06 - 2018-12-28 00:02 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 14:06 - 2018-12-27 23:56 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2019-01-09 14:06 - 2018-12-27 23:55 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-01-09 14:06 - 2018-12-27 23:50 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2019-01-09 14:06 - 2018-12-27 23:49 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2019-01-09 14:06 - 2018-12-27 23:48 - 015284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 14:06 - 2018-12-27 23:48 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-01-09 14:06 - 2018-12-27 23:48 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-01-09 14:06 - 2018-12-27 23:48 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-01-09 14:06 - 2018-12-27 23:47 - 001441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 14:06 - 2018-12-27 23:45 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-01-09 14:06 - 2018-12-27 23:41 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 14:06 - 2018-12-27 23:34 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2019-01-09 14:06 - 2018-12-27 23:33 - 004860416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 14:06 - 2018-12-27 23:33 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-01-09 14:06 - 2018-12-27 23:31 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2019-01-09 14:06 - 2018-12-27 23:29 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 14:06 - 2018-12-27 23:29 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-01-09 14:06 - 2018-12-27 23:29 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-01-09 14:06 - 2018-12-27 23:29 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-01-09 14:06 - 2018-12-27 23:24 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 14:06 - 2018-12-27 23:22 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 14:06 - 2018-12-27 23:11 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 14:06 - 2018-12-27 23:11 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-01-09 14:06 - 2018-12-27 23:11 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 14:06 - 2018-12-27 23:07 - 001329664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 14:06 - 2018-12-27 23:06 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-01-09 14:06 - 2018-12-27 23:05 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 14:06 - 2018-12-08 21:22 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 14:06 - 2018-12-08 21:22 - 002014152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 14:06 - 2018-12-08 20:00 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 14:06 - 2018-12-08 12:23 - 000121272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 14:06 - 2018-12-08 09:13 - 002534664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 14:06 - 2018-12-08 07:25 - 002173040 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 14:06 - 2018-12-08 06:56 - 001901896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 14:06 - 2018-12-08 06:32 - 001563376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 14:06 - 2018-12-08 04:49 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 14:06 - 2018-12-07 15:24 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-09 14:06 - 2018-11-28 09:34 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-01-09 14:06 - 2018-11-28 09:17 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-01-08 07:13 - 2019-01-08 07:14 - 000000000 ____D C:\AdwCleaner

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-07 01:55 - 2018-12-18 15:52 - 000000000 ____D C:\Users\in-je_000\AppData\LocalLow\Mozilla
2019-02-07 01:19 - 2018-12-17 12:50 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1023177784-507962552-4034174640-1007
2019-02-07 01:12 - 2018-12-17 13:08 - 000003924 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{35508C51-563B-4A32-BF46-17EF83DB49D4}
2019-02-07 01:09 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-06 19:16 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-06 15:54 - 2018-12-18 20:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-02-06 15:46 - 2018-12-17 20:02 - 000000000 ____D C:\Users\in-je_000\AppData\Local\privazer
2019-02-06 15:45 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-02-05 19:40 - 2014-11-03 13:38 - 000000000 ____D C:\Program Files (x86)\Java
2019-02-05 18:18 - 2018-12-17 12:45 - 000000000 ____D C:\Users\in-je_000\AppData\Local\Packages
2019-02-05 18:18 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-05 18:18 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-05 18:02 - 2018-12-23 11:33 - 000000000 ____D C:\Users\in-je_000\AppData\Local\CrashDumps
2019-02-05 18:02 - 2018-12-17 12:59 - 000000000 ___RD C:\Users\in-je_000\Desktop\1
2019-02-05 17:36 - 2018-12-18 20:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-05 15:28 - 2018-12-17 14:40 - 000000000 ____D C:\Users\in-je_000\AppData\Local\Google
2019-02-05 15:27 - 2014-10-24 10:28 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-05 15:20 - 2018-12-19 20:43 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-02-04 19:23 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2019-02-03 20:08 - 2018-12-17 12:44 - 000000000 ____D C:\Users\in-je_000
2019-02-03 16:18 - 2018-12-08 12:34 - 000000000 ____D C:\ProgramData\TEMP
2019-02-03 16:18 - 2018-12-08 12:34 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-02-03 16:12 - 2018-12-17 14:50 - 000000000 ____D C:\Users\in-je_000\AppData\Local\Spotify
2019-02-03 16:12 - 2018-12-17 14:49 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\Spotify
2019-02-03 15:35 - 2018-12-30 15:51 - 000000000 ____D C:\Users\in-je_000\AppData\Roaming\vlc
2019-02-03 14:51 - 2018-12-12 18:43 - 000001916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2019-02-03 10:18 - 2014-09-24 07:11 - 001371448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-03 10:18 - 2014-09-24 06:26 - 000444840 _____ C:\WINDOWS\system32\perfh014.dat
2019-02-03 10:18 - 2014-09-24 06:26 - 000074434 _____ C:\WINDOWS\system32\perfc014.dat
2019-01-25 01:19 - 2018-12-18 17:24 - 000000000 ____D C:\ProgramData\AVAST Software
2019-01-24 01:02 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-22 13:32 - 2018-12-28 20:20 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-20 02:57 - 2018-12-08 12:35 - 000040924 __RSH C:\ProgramData\ntuser.pol
2019-01-18 01:30 - 2014-10-25 15:44 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-18 01:30 - 2014-10-25 15:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-18 01:18 - 2014-10-25 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-16 03:46 - 2018-12-17 12:45 - 000000000 ____D C:\Users\in-je_000\AppData\Local\VirtualStore
2019-01-14 10:22 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-01-11 20:37 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\WinStore
2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Windows Defender
2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-01-11 20:37 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-01-11 20:37 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\servicing
2019-01-11 20:36 - 2014-09-24 06:26 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-01-11 20:36 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-01-11 03:19 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-01-11 03:19 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-10 19:38 - 2014-06-19 18:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-01-09 14:08 - 2014-10-25 15:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 14:06 - 2014-10-25 15:43 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2019-02-03 15:20 - 2019-02-06 15:52 - 000002001 _____ () C:\Users\in-je_000\AppData\Local\00000000000000000000000.0x0

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-07 01:20

==================== End of FRST.txt ============================

 

And the Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019
Ran by in-je_000 (07-02-2019 02:43:30)
Running from C:\Users\in-je_000\Downloads
Windows 8.1 Pro (Update) (X64) (2014-11-04 16:17:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1023177784-507962552-4034174640-500 - Administrator - Enabled) => C:\Users\Administrator
Gjest (S-1-5-21-1023177784-507962552-4034174640-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1023177784-507962552-4034174640-1004 - Limited - Enabled)
in-je_000 (S-1-5-21-1023177784-507962552-4034174640-1007 - Administrator - Enabled) => C:\Users\in-je_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.06 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1806-000001000000}) (Version: 18.06.00.0 - Igor Pavlov)
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe Acrobat Reader DC - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.81 - Google Inc.)
HWiNFO64 Version 6.00 (HKLM\...\HWiNFO64_is1) (Version: 6.00 - Martin Malík - REALiX)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 202 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180202F0}) (Version: 8.0.2020.8 - Oracle Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
LibreOffice 6.1.4.2 (HKLM\...\{080C0C39-B1B5-48BB-85AB-4F9A8768CD10}) (Version: 6.1.4.2 - The Document Foundation)
Malwarebytes versjon 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219.473 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219.473 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810 (HKLM\...\{2CD849A7-86A1-34A6-B8F9-D72F5B21A9AE}) (Version: 14.12.25810 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810 (HKLM\...\{C99E2ADC-0347-336E-A603-F1992B09D582}) (Version: 14.12.25810 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810 (HKLM-x32\...\{7FED75A1-600C-394B-8376-712E2A8861F2}) (Version: 14.12.25810 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810 (HKLM-x32\...\{828952EB-5572-3666-8CA9-000B6CE79350}) (Version: 14.12.25810 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 nb-NO) (HKLM\...\Mozilla Firefox 65.0 (x64 nb-NO)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.63.0 - Goversoft LLC)
Python Launcher (HKLM-x32\...\{FA2A3867-8965-4CF7-83E2-C8960652F5AD}) (Version: 3.7.6565.0 - Python Software Foundation)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Spotify (HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\Spotify) (Version: 1.0.99.250.g936eab8d - Spotify AB)
Språkpakke for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) – NOR (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NOR) (Version: 10.0.50903 - Microsoft Corporation)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1026 - SUPERAntiSpyware.com)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] ()
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2015-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2019-02-03] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A7787C-3B74-47D0-B251-771FAA37A01B} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2019-01-17] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {33991FA0-707B-4068-9F3E-CC45EF53CF0C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {3CD9BFFC-1E6B-4889-BE80-0F74C1F02B11} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2019-02-03] (Goversoft LLC -> Goversoft LLC)
Task: {3D3BD175-D93D-4EC6-83DF-25440C8AF574} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc -> Google Inc.)
Task: {40AD2D64-14D0-42BE-8F9F-27F1417C61C9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {5152B0C2-1609-4E02-9504-BF3E1545CE62} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1023177784-507962552-4034174640-500 => C:\Users\Administrator\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-10-29] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {68A3BF54-3987-4798-BAE8-3F267B313A4F} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {C5931B5D-5A38-4DC4-8619-F7516CB558F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E852DDF1-DE3F-494E-9321-DE1384B5D0F5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {E9B72E6E-0865-4B7E-A111-6BB7D27DA81C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-02-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FCB488CD-1C47-4091-8EE4-6188722D7D3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-02-03 14:51 - 2019-02-03 14:51 - 003525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2014-01-29 23:02 - 2015-06-01 20:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-25 01:22 - 2019-01-25 01:22 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-25 01:22 - 2019-01-25 01:22 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1023177784-507962552-4034174640-1007\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2019-01-04 12:50 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-1023177784-507962552-4034174640-1007\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 148.122.16.253 - 148.122.164.253
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B433356B-4F6F-49AB-927B-6F4D909802F7}C:\users\in-je_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\in-je_000\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{1794126E-1AA7-4306-BF24-36BC0B5C9D95}C:\users\in-je_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\in-je_000\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F4540D78-A444-4C52-95C9-26B3D2B041A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{173CD989-181F-4364-B519-67B64E62BA61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A5B8457-6032-41FF-A909-B722918D8EB3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{0809D250-8828-4350-A080-FA1B1A50916D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{1F40C333-225A-45F9-8C72-3D640461DC18}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{AE69C29F-FF56-44B2-AA49-24DB310E49A1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{5A45BE7D-DAAC-4D33-8AB8-9C6BE3AAE006}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

06-02-2019 19:16:49 Windows Update

==================== Faulty Device Manager Devices =============

Name: Standardsystemenhet
Description: Standardsystemenhet
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/06/2019 03:50:09 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Skyggekopiene av volum C: ble avbrutt fordi skyggekopilageret ikke kunne vokse på grunn av en brukerdefinert grense.


Windows Defender:
===================================
Date: 2019-01-23 19:06:14.058
Description:
Skanning av Windows Defender er stoppet før fullføring.
Skanne-ID: {8D8AB703-7704-4ABE-AF80-148DCD529AB5}
Skannetype: Beskyttelse mot skadelig programvare
Skanneparametere: Hurtigskanning
Bruker: NT-MYNDIGHET\SYSTEM

Date: 2019-01-22 13:46:09.072
Description:
Skanning av Windows Defender er stoppet før fullføring.
Skanne-ID: {69C00C53-5527-455D-9509-4324F9BC0A2E}
Skannetype: Beskyttelse mot skadelig programvare
Skanneparametere: Hurtigskanning
Bruker: NT-MYNDIGHET\SYSTEM

Date: 2019-01-18 07:51:15.092
Description:
Skanning av Windows Defender er stoppet før fullføring.
Skanne-ID: {26894FC1-5A09-4E5A-B878-22DFB32C6704}
Skannetype: Beskyttelse mot skadelig programvare
Skanneparametere: Hurtigskanning
Bruker: NT-MYNDIGHET\SYSTEM

Date: 2019-01-16 12:37:57.215
Description:
Skanning av Windows Defender er stoppet før fullføring.
Skanne-ID: {EFCA68AC-51C5-42FA-838B-EC5C7941ED06}
Skannetype: Beskyttelse mot skadelig programvare
Skanneparametere: Fullstendig skanning
Bruker: LT1\in-je_000

Date: 2019-01-13 20:35:14.117
Description:
Skanning av Windows Defender er stoppet før fullføring.
Skanne-ID: {A5E197D1-5DB8-41AF-88BF-9EE6D01EC92D}
Skannetype: Beskyttelse mot skadelig programvare
Skanneparametere: Hurtigskanning
Bruker: NT-MYNDIGHET\SYSTEM

Date: 2018-10-18 23:56:28.770
Description:
Windows Defender har støtt på en feil under forsøk på å oppdatere signaturer.
Ny signaturversjon: 1.279.67.0
Forrige signaturversjon: 1.277.1228.0
Oppdateringskilde: Bruker
Signaturtype: Antispionvare
Oppdateringstype: Fullstendig
Bruker: NT-MYNDIGHET\SYSTEM
Gjeldende motorversjon: 1.1.15400.4
Forrige motorversjon: 1.1.15300.6
Feilkode: 0x80509004
Feilbeskrivelse: Det oppstod et uventet problem. Installer eventuelle tilgjengelige oppdateringer, og prøv deretter å starte programmet på nytt. Se Hjelp og støtte hvis du vil ha informasjon om installering av oppdateringer.

Date: 2018-10-18 23:56:28.770
Description:
Windows Defender har støtt på en feil under forsøk på å oppdatere signaturer.
Ny signaturversjon: 1.279.67.0
Forrige signaturversjon: 1.277.1228.0
Oppdateringskilde: Bruker
Signaturtype: AntiVirus
Oppdateringstype: Fullstendig
Bruker: NT-MYNDIGHET\SYSTEM
Gjeldende motorversjon: 1.1.15400.4
Forrige motorversjon: 1.1.15300.6
Feilkode: 0x80509004
Feilbeskrivelse: Det oppstod et uventet problem. Installer eventuelle tilgjengelige oppdateringer, og prøv deretter å starte programmet på nytt. Se Hjelp og støtte hvis du vil ha informasjon om installering av oppdateringer.

Date: 2018-10-18 23:56:28.770
Description:
Windows Defender har støtt på en feil under forsøk på å oppdatere motoren.
Ny motorversjon: 1.1.15400.4
Forrige motorversjon: 1.1.15300.6
Bruker: NT-MYNDIGHET\SYSTEM
Feilkode: 0x80509004
Feilbeskrivelse: Det oppstod et uventet problem. Installer eventuelle tilgjengelige oppdateringer, og prøv deretter å starte programmet på nytt. Se Hjelp og støtte hvis du vil ha informasjon om installering av oppdateringer.

Date: 2018-10-18 23:54:59.260
Description:
Windows Defender har støtt på en feil under forsøk på å oppdatere signaturer.
Ny signaturversjon:
Forrige signaturversjon: 1.277.1228.0
Oppdateringskilde: Microsofts oppdateringsserver
Signaturtype: AntiVirus
Oppdateringstype: Fullstendig
Bruker: NT-MYNDIGHET\SYSTEM
Gjeldende motorversjon:
Forrige motorversjon: 1.1.15300.6
Feilkode: 0x80240016
Feilbeskrivelse: Det oppstod et uventet problem da det ble sett etter nye oppdateringer. Se Hjelp og støtte hvis du vil ha informasjon om installering eller feilsøking av oppdateringer.

Date: 2018-10-18 23:54:59.260
Description:
Windows Defender har støtt på en feil under forsøk på å oppdatere signaturer.
Ny signaturversjon:
Forrige signaturversjon: 1.277.1228.0
Oppdateringskilde: Microsofts oppdateringsserver
Signaturtype: AntiVirus
Oppdateringstype: Fullstendig
Bruker: NT-MYNDIGHET\SYSTEM
Gjeldende motorversjon:
Forrige motorversjon: 1.1.15300.6
Feilkode: 0x80240016
Feilbeskrivelse: Det oppstod et uventet problem da det ble sett etter nye oppdateringer. Se Hjelp og støtte hvis du vil ha informasjon om installering eller feilsøking av oppdateringer.

CodeIntegrity:
===================================

Date: 2018-12-18 17:22:33.177
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-18 17:16:07.011
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-18 16:59:59.491
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-18 16:17:54.509
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-18 16:08:00.315
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-17 23:25:40.607
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-16 21:15:55.502
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-26 15:57:42.186
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 26%
Total physical RAM: 8075.23 MB
Available physical RAM: 5929.63 MB
Total Virtual: 9355.23 MB
Available Virtual: 7221.29 MB

==================== Drives ================================

Drive c: (STFKSYS) (Fixed) (Total:178.85 GB) (Free:152.11 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (STFKData) (Fixed) (Total:119.24 GB) (Free:118.95 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 31D31A78)
Partition 1: (Active) - (Size=178.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings
===

Please post the Addition.txt log and let me know what problem persists with this computer.

fixlist.txt

Link to post
Share on other sites

Hi,

All we did with the first fix was to remove restrictions on some programs.

Now clean what I found in the Addition.txt logs.
Just some cleanup nothing to worry about.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists with Firefox then reset it as suggested.
If all is well you can forget about it.

Any remaining issues with this computer?

fixlist.txt

Edited by nasdaq
Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.