Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Google Is Testing a New Chrome UI

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Windows Defender found PSW: Win32/Frethog.gen!B

Started by bazaba , Jun 26 2017 03:38 AM

Please log in to reply

1 reply to this topic

#1 bazaba

Members
3 posts
OFFLINE

Local time:04:21 PM

Posted 26 June 2017 - 03:38 AM

A few days ago windows defender found something it called PSW: Win32/Frethog.gen!B on my laptop.

It quarantined it and I then removed it and my computer has been working fine since then. Though I am still afraid something might still be laying around on my computer and therefore I am asking for help to check if I really managed to get the virus gone.

I recently had the same problem on my other stationary computer and then changed most of my passwords as well as added two-factor authentication for logins.

The file was found in a .dll file in the folder of a program called overwolf, an extension of the teamspeak 3 voice application which also seems weird. Googling it I found others with the same problem considering overwolf which makes me hope this is only a false-positive and windows defender found something that was not there.

Posting FRST logs below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01

Ran by Mattias (administrator) on DESKTOP-5BVTH95 (26-06-2017 10:16:03)

Running from C:\Users\Mattias\Desktop

Loaded Profiles: Mattias (Available Profiles: Mattias)

Platform: Windows 10 Pro Version 1607 (X64) Language: Svenska (Sverige)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Lenovo.) C:\Windows\System32\LPlatSvc.exe

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(Lenovo.) C:\Windows\System32\LPlatSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Windows\System32\igfxTray.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8941\Battle.net.exe

(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5676\Agent.exe

() C:\Program Files (x86)\Battle.net\Battle.net.8941\Battle.net Helper.exe

(Microsoft Corporation) C:\Windows\System32\SndVol.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804616 2015-11-16] (NVIDIA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3951280 2016-01-07] (Synaptics Incorporated)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-05] (Adobe Systems Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [526648 2016-09-05] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2016-09-05] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)

HKU\S-1-5-21-3012962461-3671602065-3955836566-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-05] (Adobe Systems Incorporated)

HKU\S-1-5-21-3012962461-3671602065-3955836566-1001\...\RunOnce: [Uninstall C:\Users\Mattias\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mattias\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"

HKU\S-1-5-21-3012962461-3671602065-3955836566-1001\...\MountPoints2: {40fee1b9-b101-11e6-9144-40f02f5b0871} - "E:\LaunchU3.exe" -a

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)

Startup: C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2016-11-17]

ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{cf4bb55b-e694-4a5e-8814-b30b5d32851d}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{ef06c952-b19e-45fb-87b5-c1c67a347624}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-28] (Oracle Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-16] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-28] (Oracle Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-16] (Microsoft Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-03] (Adobe Systems Incorporated)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

FireFox:

========

FF DefaultProfile: 60jnqcro.default

FF ProfilePath: C:\Users\Mattias\AppData\Roaming\Zotero\Zotero\Profiles\60jnqcro.default [2016-08-04]

FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-08-04] [not signed]

FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-08-04] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn

FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-14]

FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-28] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-28] (Oracle Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-09-05] (Citrix Systems, Inc.)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

Chrome:

=======

CHR Profile: C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]

CHR Extension: (Google Presentationer) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-21]

CHR Extension: (Google Dokument) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-21]

CHR Extension: (Google Drive) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-21]

CHR Extension: (YouTube) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-21]

CHR Extension: (Google Cast) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-06-18]

CHR Extension: (Adblock Plus) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-24]

CHR Extension: (Capture EndNote Reference) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\clpkhgghemklmnojcjmfgjjijaekobnm [2017-04-03]

CHR Extension: (Adobe Acrobat) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]

CHR Extension: (Zotero Connector) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2017-06-08]

CHR Extension: (Google Kalkylark) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-21]

CHR Extension: (Google Dokument Offline) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-21]

CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]

CHR Extension: (Abios eSports Match Ticker) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\opaikbihdaombgcfglhnmpjjpmjmglnm [2017-05-05]

CHR Extension: (Gmail) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-21]

CHR Extension: (Chrome Media Router) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] ()

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-02] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-02] (Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)

R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-04-22] (Lenovo.)

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246448 2016-01-07] (Synaptics Incorporated)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)

R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-09] (Intel Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-23] (Malwarebytes)

R1 MpKsl2cc0d76a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B14FFDCA-2D98-4004-ADF2-ED45B173C424}\MpKsl2cc0d76a.sys [44928 2017-06-22] (Microsoft Corporation)

R1 MpKsl6fdcbb7a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8CAAFB4-B2DF-418D-BACE-322D6548C5EA}\MpKsl6fdcbb7a.sys [44928 2017-06-25] (Microsoft Corporation)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )

R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [615728 2015-06-04] (Realtek Semiconductor Corporation)

R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42664 2016-01-07] (Synaptics Incorporated)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)

S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 10:16 - 2017-06-26 10:17 - 00025964 _____ C:\Users\Mattias\Desktop\FRST.txt

2017-06-26 10:15 - 2017-06-26 10:16 - 00000000 ____D C:\FRST

2017-06-26 10:13 - 2017-06-26 10:13 - 02441216 _____ (Farbar) C:\Users\Mattias\Desktop\FRST64.exe

2017-06-21 19:35 - 2017-06-21 19:35 - 00000000 ____D C:\WINDOWS\system32\appmgmt

2017-06-21 19:30 - 2017-06-21 19:31 - 141957912 _____ (Microsoft Corporation) C:\Users\Mattias\Downloads\msert.exe

2017-06-20 16:03 - 2017-06-20 16:03 - 01692887 _____ C:\Users\Mattias\Downloads\ME1310-TEN2-2017-06-07 (1).pdf

2017-06-19 20:47 - 2017-06-19 20:47 - 07376133 _____ C:\Users\Mattias\Downloads\Final_thesis_CarlAxelJönsson_EmilTarukoski (2).pdf

2017-06-16 16:30 - 2017-06-16 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2017-06-16 11:34 - 2017-06-16 11:34 - 00393814 _____ C:\Users\Mattias\Downloads\SF2812-TEN1-2017-06-07.pdf

2017-06-14 13:21 - 2017-06-14 13:21 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2

2017-06-14 10:16 - 2017-06-14 10:16 - 01605883 _____ C:\Users\Mattias\Downloads\Final_thesis_SagaAbdulAmir_OscarUngård.pdf.pdf

2017-06-14 10:16 - 2017-06-14 10:16 - 01605883 _____ C:\Users\Mattias\Downloads\Final_thesis_SagaAbdulAmir_OscarUngård.pdf (1).pdf

2017-06-14 01:18 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2017-06-14 01:18 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-06-14 01:18 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2017-06-14 01:18 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-06-14 01:18 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-06-14 01:18 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2017-06-14 01:18 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-06-14 01:18 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll

2017-06-14 01:18 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2017-06-14 01:18 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll

2017-06-14 01:18 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2017-06-14 01:18 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2017-06-14 01:18 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll

2017-06-14 01:18 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-06-14 01:18 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2017-06-14 01:18 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2017-06-14 01:18 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2017-06-14 01:18 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2017-06-14 01:18 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-06-14 01:18 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-06-14 01:18 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2017-06-14 01:17 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2017-06-14 01:17 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-06-14 01:17 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-06-14 01:17 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-06-14 01:17 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys

2017-06-14 01:17 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2017-06-14 01:17 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2017-06-14 01:17 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll

2017-06-14 01:17 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2017-06-14 01:17 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2017-06-14 01:17 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2017-06-14 01:17 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2017-06-14 01:17 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2017-06-14 01:17 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2017-06-14 01:17 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-06-14 01:17 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-06-14 01:17 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2017-06-14 01:17 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-06-14 01:17 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll

2017-06-14 01:17 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll

2017-06-14 01:17 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2017-06-14 01:17 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll

2017-06-14 01:17 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll

2017-06-14 01:17 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe

2017-06-14 01:17 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2017-06-14 01:17 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-06-14 01:17 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-06-14 01:17 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-06-14 01:17 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-06-14 01:17 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-06-14 01:17 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-06-14 01:17 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll

2017-06-14 01:17 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll

2017-06-14 01:17 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2017-06-14 01:17 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2017-06-14 01:17 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll

2017-06-14 01:17 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2017-06-14 01:17 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2017-06-14 01:17 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-06-14 01:17 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2017-06-14 01:17 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2017-06-14 01:17 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2017-06-14 01:17 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2017-06-14 01:17 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2017-06-14 01:17 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-06-14 01:17 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe

2017-06-14 01:17 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll

2017-06-14 01:17 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll

2017-06-14 01:16 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll

2017-06-14 01:16 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2017-06-14 01:16 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2017-06-14 01:16 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys

2017-06-14 01:16 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-06-14 01:16 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2017-06-14 01:16 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-06-14 01:16 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2017-06-14 01:16 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-06-14 01:16 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-06-14 01:16 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-06-14 01:16 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-06-14 01:16 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll

2017-06-14 01:16 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-06-14 01:16 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-06-14 01:16 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2017-06-14 01:16 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-06-14 01:16 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2017-06-14 01:16 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-06-14 01:16 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-06-14 01:16 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-06-14 01:16 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-06-14 01:16 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-06-14 01:16 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-06-14 01:16 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-06-14 01:16 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2017-06-14 01:16 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2017-06-14 01:16 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll

2017-06-14 01:16 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll

2017-06-14 01:16 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll

2017-06-14 01:16 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2017-06-14 01:16 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll

2017-06-14 01:16 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-06-14 01:16 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-06-14 01:16 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2017-06-14 01:16 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-06-14 01:16 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll

2017-06-14 01:16 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-06-14 01:16 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

2017-06-14 01:16 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-06-14 01:16 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2017-06-14 01:16 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll

2017-06-14 01:16 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-06-14 01:16 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll

2017-06-14 01:16 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-06-14 01:16 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-06-14 01:16 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-06-14 01:16 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe

2017-06-14 01:16 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll

2017-06-14 01:16 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe

2017-06-14 01:16 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-06-14 01:16 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-06-14 01:16 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2017-06-14 01:16 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2017-06-14 01:16 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-06-14 01:16 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2017-06-14 01:16 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-06-14 01:16 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll

2017-06-14 01:16 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2017-06-14 01:16 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-06-14 01:16 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls

2017-06-14 01:16 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2017-06-14 01:16 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2017-06-12 13:55 - 2017-06-12 13:55 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys

2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

2017-06-11 16:57 - 2017-06-11 16:57 - 00666495 _____ C:\Users\Mattias\Documents\Hemtentamen_ME2312_Mattias_Fahlén.pdf

2017-06-10 12:43 - 2017-06-10 12:43 - 00005675 _____ C:\Users\Mattias\Downloads\savedrecs (3).ciw

2017-06-10 12:14 - 2017-06-10 12:14 - 00000326 _____ C:\Users\Mattias\Downloads\savedrecs (2).ciw

2017-06-10 12:09 - 2017-06-10 12:09 - 00000951 _____ C:\Users\Mattias\Downloads\10.1111%2Fradm.12045.enw

2017-06-10 12:08 - 2017-06-10 12:08 - 00002758 _____ C:\Users\Mattias\Downloads\science33407f7c.ris

2017-06-10 12:07 - 2017-06-10 12:07 - 00001429 _____ C:\Users\Mattias\Downloads\scienceb4d1f5f3.ris

2017-06-10 12:05 - 2017-06-10 12:05 - 00000488 _____ C:\Users\Mattias\Downloads\CaptureToDesktop.ris

2017-06-10 11:58 - 2017-06-10 11:58 - 00001879 _____ C:\Users\Mattias\Downloads\savedrecs.ciw

2017-06-10 11:58 - 2017-06-10 11:58 - 00001879 _____ C:\Users\Mattias\Downloads\savedrecs (1).ciw

2017-06-10 11:47 - 2017-06-10 11:47 - 01160130 _____ C:\Users\Mattias\Downloads\shi&gregory.pdf

2017-06-10 11:47 - 2017-06-10 11:47 - 00255664 _____ C:\Users\Mattias\Downloads\pisano et al.pdf

2017-06-10 11:40 - 2017-06-11 17:00 - 00040090 _____ C:\Users\Mattias\Documents\My EndNote Library.enl

2017-06-10 11:40 - 2017-06-10 11:40 - 00000000 ____D C:\Users\Mattias\Documents\My EndNote Library.Data

2017-06-10 11:39 - 2017-06-10 11:39 - 00015549 _____ C:\Users\Mattias\Downloads\exportlist.txt

2017-06-08 20:38 - 2017-06-08 20:38 - 01692887 _____ C:\Users\Mattias\Downloads\ME1310-TEN2-2017-06-07.pdf

2017-06-05 10:38 - 2017-06-05 10:38 - 09442627 _____ C:\Users\Mattias\Downloads\Mattias Fahlén - Sommarjobbsavtal.pdf

2017-06-04 14:30 - 2017-06-04 14:30 - 01392514 _____ C:\Users\Mattias\Downloads\SF1811-TEN1-2017-04-10.pdf

2017-06-04 14:26 - 2017-06-04 14:26 - 01307334 _____ C:\Users\Mattias\Downloads\SF2930-TENA-2017-03-14 (1).pdf

2017-06-04 14:26 - 2017-06-04 14:26 - 01031458 _____ C:\Users\Mattias\Downloads\SF2930-TENA-2017-03-14.pdf

2017-06-03 16:19 - 2017-06-03 16:19 - 00042588 _____ C:\Users\Mattias\Downloads\Bilaga1.pdf

2017-05-29 12:26 - 2017-05-15 11:57 - 00714745 _____ C:\Users\Mattias\Documents\Green_and_Competitive_INLUP2_Grupp1_MattiasFahlén_NiklasJohansson.pdf

2017-05-28 16:56 - 2017-05-28 16:56 - 00013648 _____ C:\Users\Mattias\Downloads\4317_05.pdf

2017-05-28 14:09 - 2017-05-28 14:09 - 00791071 _____ C:\Users\Mattias\Downloads\Final_thesis_WilmerLöfgren_SinaMozayyan (1).pdf

2017-05-28 14:08 - 2017-05-28 14:08 - 00768777 _____ C:\Users\Mattias\Downloads\Final_thesis_WilmerLöfgren_SinaMozayyan.pdf

2017-05-28 13:52 - 2017-05-28 13:52 - 00391091 _____ C:\Users\Mattias\Downloads\Tenta-nek.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 10:16 - 2016-05-22 13:34 - 00000000 ____D C:\Users\Mattias\AppData\Local\Battle.net

2017-06-26 10:07 - 2016-08-03 22:04 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-06-26 07:59 - 2016-05-22 13:31 - 00000000 ____D C:\Program Files (x86)\Battle.net

2017-06-26 07:54 - 2016-08-03 22:08 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2017-06-26 07:54 - 2016-05-21 15:05 - 00000000 __SHD C:\Users\Mattias\IntelGraphicsProfiles

2017-06-25 22:22 - 2016-05-22 15:51 - 00000000 ____D C:\Users\Mattias\AppData\Roaming\TS3Client

2017-06-24 15:38 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-06-24 12:59 - 2017-05-23 08:23 - 00000000 ____D C:\AdwCleaner

2017-06-23 13:57 - 2016-08-03 22:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-06-23 13:57 - 2016-08-03 22:09 - 00000000 ____D C:\ProgramData\NVIDIA

2017-06-23 13:56 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI

2017-06-23 13:30 - 2017-01-27 10:25 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

2017-06-23 13:30 - 2016-05-21 14:50 - 00002379 _____ C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-06-23 13:30 - 2016-05-21 14:50 - 00000000 ___RD C:\Users\Mattias\OneDrive

2017-06-23 13:17 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps

2017-06-23 12:19 - 2017-05-23 08:48 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-06-23 12:17 - 2016-12-23 19:49 - 00000000 ____D C:\Program Files (x86)\Overwatch

2017-06-23 12:15 - 2016-08-20 13:28 - 00000000 ____D C:\Program Files (x86)\World of Warcraft

2017-06-20 22:24 - 2017-02-15 11:59 - 00000000 ____D C:\Users\Mattias\AppData\Local\CrashDumps

2017-06-20 16:12 - 2016-05-21 16:18 - 00000000 ____D C:\Program Files (x86)\Steam

2017-06-20 15:40 - 2016-07-17 00:09 - 01182780 _____ C:\WINDOWS\system32\perfh01D.dat

2017-06-20 15:40 - 2016-07-17 00:09 - 00301818 _____ C:\WINDOWS\system32\perfc01D.dat

2017-06-20 15:40 - 2016-05-21 14:46 - 02869548 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-06-18 15:26 - 2016-05-21 17:36 - 00000000 ____D C:\Users\Mattias\AppData\Roaming\Skype

2017-06-16 17:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache

2017-06-16 16:31 - 2016-06-02 14:06 - 00000000 ____D C:\Program Files (x86)\Dropbox

2017-06-16 11:23 - 2016-06-06 13:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2017-06-16 00:30 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-06-15 09:37 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF

2017-06-15 00:00 - 2016-02-13 15:22 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-06-14 23:57 - 2016-08-03 22:03 - 00334648 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-06-14 13:21 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2017-06-14 13:21 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-06-14 13:21 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences

2017-06-14 11:16 - 2016-05-21 15:08 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-06-14 11:04 - 2016-05-21 15:08 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-06-14 11:03 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-06-14 10:03 - 2017-05-19 17:32 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

2017-06-14 00:14 - 2017-04-15 17:10 - 00000000 ____D C:\Program Files (x86)\Hearthstone

2017-06-11 17:27 - 2016-08-03 22:14 - 00000000 ____D C:\Users\Mattias

2017-06-10 12:03 - 2017-04-02 14:11 - 00000000 ____D C:\Users\Mattias\Documents\ME2312

2017-06-10 11:42 - 2017-03-30 20:58 - 00000000 ____D C:\Users\Mattias\AppData\Roaming\EndNote

2017-06-10 01:05 - 2017-05-23 08:47 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

2017-06-08 20:34 - 2016-05-21 14:45 - 00000000 ____D C:\Users\Mattias\AppData\Local\Packages

2017-06-05 09:49 - 2017-05-23 08:48 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2017-06-03 15:29 - 2016-06-02 14:06 - 00000000 ____D C:\Users\Mattias\AppData\Local\Dropbox

2017-06-03 11:30 - 2017-05-23 08:48 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys

2017-06-03 11:30 - 2017-05-23 08:48 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2017-06-03 11:30 - 2017-05-23 08:48 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-05-31 20:44 - 2016-05-21 15:13 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2017-03-10 08:34 - 2017-04-10 20:08 - 0063488 _____ () C:\Users\Mattias\AppData\Local\WebpageIcons.db

2016-08-03 22:06 - 2016-08-03 22:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

2017-04-28 17:03 - 2017-04-28 17:03 - 0739904 _____ (Oracle Corporation) C:\Users\Mattias\AppData\Local\Temp\jre-8u131-windows-au.exe

2017-03-30 20:56 - 2015-05-26 07:52 - 0250472 _____ (Thomson Reuters) C:\Users\Mattias\AppData\Local\Temp\Risweb32.exe

2016-11-05 01:29 - 2016-11-05 01:29 - 0192512 _____ () C:\Users\Mattias\AppData\Local\Temp\sfamcc00001.dll

2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 _____ () C:\Users\Mattias\AppData\Local\Temp\sfextra.dll

2016-10-05 09:58 - 2016-09-27 11:36 - 6795376 _____ (Spotify Ltd) C:\Users\Mattias\AppData\Local\Temp\SpotifyUninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-25 14:20

==================== End of FRST.txt ============================

Attached Files

Addition.txt 37.6KB 6 downloads

Edited by bazaba, 26 June 2017 - 03:47 AM.

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 nasdaq

Malware Response Team
38,580 posts
ONLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:10:21 AM

Posted 27 June 2017 - 07:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key

+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
S3 dbx; system32\DRIVERS\dbx.sys [X]
AlternateDataStreams: C:\Users\Mattias\Documents\bodyfatmen.csv:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mattias\Documents\bodyfatmen1.csv:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mattias\Documents\bodyfatmen2.csv:com.dropbox.attributes [183]
AlternateDataStreams: C:\Users\Mattias\Documents\functions_SF2930.R:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mattias\Documents\Green_and_Competitive_INLUP2_Grupp1_MattiasFahlén_NiklasJohansson.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mattias\Documents\Green_and_Competitive_INLUP2_ny.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mattias\Documents\Projekt_20170502.m:com.dropbox.attributes [256]
AlternateDataStreams: C:\Users\Mattias\Documents\Projekt_20170503_graphs.m:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mattias\Documents\SF2930 Project 2- MattiasFahlen, RamLange.xlsx:com.dropbox.attributes [183]
AlternateDataStreams: C:\Users\Mattias\Documents\SF2930_IF_RM_2_age.R:com.dropbox.attributes [304]
AlternateDataStreams: C:\Users\Mattias\Documents\SF2930_IF_RM_2_Weight_Age_Climate.R:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mattias\Documents\SF2930_IF_RM_2_Weight_Age_Climate_ActivityCode.R:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mattias\Documents\SF2930_IF_RM_Weight_ActivityCode.R:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mattias\Documents\tp_test.m:com.dropbox.attributes [168]

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

Right-click the icon and select Run as administrator.
Click Yes to accept any security warnings that may appear.
Click the Next button.
Select 'I accept the terms in the license agreement', then click Next twice.
Click the Install button and wait until the installation is complete.
Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
Click Yes to accept any security warnings that may appear.
After it updates and a "Start Scanning" button appears in the lower right:
- Disconnect from the Internet or physically unplug your Internet cable connection.
- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
- Temporarily disable your anti-virus and real-time anti-spyware protection.

Click the "Start Scanning" button in the lower right to start the scan.
After starting the scan, do not use the computer until the scan has completed.
When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
If any threats are found click Details, then View Log file (bottom left-hand corner).
Copy and paste its contents in your next reply and note any errors encountered.
Close the Notepad document, close the Threat Details screen, then click Start cleanup.
Click Exit to close the program.
If no threats were found, please confirm that result.

Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

Please let me know of any issues with this computer.