Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Adware.Yontoo and PUP.Optional.Ask


  • This topic is locked This topic is locked
3 replies to this topic

#1 rickgu

rickgu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 03 December 2017 - 08:14 AM

Malwarebytes find these every time  I start my PC even though they have been put in quarantine every time they're found. I haven't experienced any special effects yet except from that I was asked to change my Windows password. Two PCs are infected nad the same thing happened on the other one. I don't know how tio get rid of these things..
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by RG (administrator) on RICKARD (01-12-2017 12:56:04)
Running from C:\Users\RG\Downloads
Loaded Profiles: RG (Available Profiles: RG & William & Mathilda & willi)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: Norska, bokmål (Norge)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\RG\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Canon INC.) C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicatorCom.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\RG\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\Run: [TIDAL] => C:\Users\RG\AppData\Local\TIDAL\update.exe [1888992 2017-11-26] ()
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\Run: [Spotify Web Helper] => C:\Users\RG\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-28] (Spotify Ltd)
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\MountPoints2: {2fd4e953-751d-11e7-8a27-806e6f6e6963} - "G:\SETUP.EXE" 
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [217088 2017-09-29] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbfs6-0 - {2E2EC04C-EB18-4654-B18D-66EC5CE6B877} - C:\Program Files\Jungle Disk Desktop\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6-0 - {2E2EC04C-EB18-4654-B18D-66EC5CE6B877} - C:\Program Files\Jungle Disk Desktop\WOW64\cbfsMntNtf6.dll (/n software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Jungle Disk Desktop.lnk [2017-11-26]
ShortcutTarget: Jungle Disk Desktop.lnk -> C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe (Jungle Disk, Inc.)
Startup: C:\Users\RG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2017-11-12]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Startup: C:\Users\RG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Overvåk blekkvarsler - HP Photosmart 6510 series (nettverk).lnk [2015-10-04]
ShortcutTarget: Overvåk blekkvarsler - HP Photosmart 6510 series (nettverk).lnk -> C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\RG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Övervaka bläckvarningar - HP Photosmart 6510 series (nettverk).lnk [2015-11-18]
ShortcutTarget: Övervaka bläckvarningar - HP Photosmart 6510 series (nettverk).lnk -> C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\RG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Övervaka bläckvarningar - HP Photosmart 6510 series (nätverk).lnk [2017-12-01]
ShortcutTarget: Övervaka bläckvarningar - HP Photosmart 6510 series (nätverk).lnk -> C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 193.213.112.4 130.67.15.198
Tcpip\..\Interfaces\{81c51a20-1be5-4bfc-ad56-5a5fd054834b}: [DhcpNameServer] 193.213.112.4 130.67.15.198
 
Internet Explorer:
==================
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default [2017-12-01]
CHR Extension: (Presentationer) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Dokument) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-01]
CHR Extension: (YouTube) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-01]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2017-09-01]
CHR Extension: (Mailto: for Gmail™) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2017-09-01]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2017-10-10]
CHR Extension: (Booking.com for Chrome™) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2017-09-01]
CHR Extension: (Google Dokument Offline) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-01]
CHR Extension: (Inbox by Gmail) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkljgfmjocfalijkgoogmfffkhmkbgol [2017-09-01]
CHR Extension: (Google Calendar (by Google)) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2017-10-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-26]
CHR Extension: (ShareThis) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplpcpijdokpnbjcklakgabohjgneidi [2017-09-01]
CHR Extension: (Office Online) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2017-11-26]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-11-30]
CHR Extension: (Norton Safe) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-10]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01]
CHR Extension: (HubSpot Sales) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2017-11-30]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2017-09-01]
CHR Extension: (Gmail) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\RG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-26]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-29] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-11-30] (SurfRight B.V.)
R2 JungleDiskService; C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe [13025400 2017-11-09] (Jungle Disk, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-09] (Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492256 2017-06-14] (Wondershare)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\AE2500w764.sys [2576632 2016-12-03] (Broadcom Corporation)
R1 cbfs6-0; C:\Program Files\Jungle Disk Desktop\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-01] (Malwarebytes)
R1 MpKsl9c69949e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4CCD35E5-C3DE-49D0-A647-A1C2AD317FEC}\MpKsl9c69949e.sys [58120 2017-12-01] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-01 12:56 - 2017-12-01 12:56 - 000017701 _____ C:\Users\RG\Downloads\FRST.txt
2017-12-01 12:56 - 2017-12-01 12:56 - 000000000 ____D C:\Users\RG\Downloads\FRST-OlderVersion
2017-12-01 11:52 - 2017-12-01 11:52 - 008187336 _____ (Malwarebytes) C:\Users\RG\Downloads\adwcleaner_7.0.5.0.exe
2017-12-01 11:49 - 2017-12-01 12:50 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-01 11:49 - 2017-12-01 12:39 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-01 11:49 - 2017-12-01 12:39 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-01 11:49 - 2017-12-01 12:39 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-01 11:49 - 2017-12-01 11:49 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-01 11:31 - 2017-12-01 11:31 - 000000000 ____D C:\Users\RG\AppData\Local\ElevatedDiagnostics
2017-12-01 11:29 - 2017-12-01 11:29 - 000221662 _____ C:\Users\RG\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-12-01 08:58 - 2017-12-01 08:58 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-30 20:19 - 2017-11-30 20:19 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-11-30 20:11 - 2017-11-30 20:11 - 000001970 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-11-30 20:11 - 2017-11-30 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-11-30 20:11 - 2017-11-30 20:11 - 000000000 ____D C:\Program Files\HitmanPro
2017-11-30 20:10 - 2017-11-30 20:20 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-30 20:01 - 2017-11-30 20:01 - 000000614 _____ C:\Users\RG\Desktop\JRT.txt
2017-11-30 19:29 - 2017-11-30 19:29 - 011584088 _____ (SurfRight B.V.) C:\Users\RG\Downloads\hitmanpro_x64.exe
2017-11-30 19:28 - 2017-11-30 19:29 - 001790024 _____ (Malwarebytes) C:\Users\RG\Downloads\JRT.exe
2017-11-30 12:52 - 2017-11-30 12:52 - 000068752 _____ C:\WINDOWS\system32\cc_20171130_125223.reg
2017-11-30 12:42 - 2017-11-30 12:42 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-30 12:42 - 2017-11-30 12:42 - 000002848 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-11-30 12:42 - 2017-11-30 12:42 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-30 12:42 - 2017-11-30 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-30 12:42 - 2017-11-30 12:42 - 000000000 ____D C:\Program Files\CCleaner
2017-11-30 09:43 - 2017-11-30 09:43 - 010849904 _____ (Piriform Ltd) C:\Users\RG\Downloads\ccsetup537.exe
2017-11-29 20:10 - 2017-11-29 20:10 - 000000000 ____D C:\Users\willi\AppData\Local\FortniteGame
2017-11-29 19:17 - 2017-11-29 19:17 - 000000000 ____D C:\Users\RG\AppData\Local\UnrealEngineLauncher
2017-11-29 19:17 - 2017-11-29 19:17 - 000000000 ____D C:\Users\RG\AppData\Local\UnrealEngine
2017-11-29 19:17 - 2017-11-29 19:17 - 000000000 ____D C:\Users\RG\AppData\Local\EpicGamesLauncher
2017-11-29 19:12 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-11-29 19:12 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-11-29 19:12 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-11-29 19:12 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-11-29 19:12 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-11-29 19:12 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-11-29 19:12 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-11-29 19:12 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-11-29 19:12 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-11-29 19:12 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-11-29 19:12 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-11-29 19:12 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-11-29 19:12 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-11-29 19:11 - 2017-11-29 20:10 - 000000000 ____D C:\Users\willi\AppData\Local\UnrealEngine
2017-11-29 19:11 - 2017-11-29 19:11 - 000000000 ____D C:\Users\willi\AppData\Local\UnrealEngineLauncher
2017-11-29 19:11 - 2017-11-29 19:11 - 000000000 ____D C:\Users\willi\AppData\Local\EpicGamesLauncher
2017-11-29 19:10 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-11-29 19:10 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-11-29 19:10 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-11-29 19:10 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-11-29 19:10 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-11-29 19:09 - 2017-11-29 19:13 - 000000000 ____D C:\ProgramData\Epic
2017-11-29 19:09 - 2017-11-29 19:09 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-11-29 19:09 - 2017-11-29 19:09 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-11-29 19:09 - 2017-11-29 19:09 - 000000000 ____D C:\Program Files (x86)\Epic Games
2017-11-29 19:08 - 2017-11-29 19:08 - 032063488 _____ C:\Users\willi\Downloads\EpicInstaller-6.9.1-fortnite-a340eec11c7f4f7188d7ff9e4f91e7a7.msi
2017-11-28 13:35 - 2017-12-01 12:56 - 002391552 _____ (Farbar) C:\Users\RG\Downloads\FRST64 (1).exe
2017-11-28 11:36 - 2017-11-28 11:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1098376002-1560011732-2901052550-1001
2017-11-26 17:14 - 2017-11-26 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jungle Disk Desktop
2017-11-15 23:01 - 2017-11-15 23:01 - 027020017 _____ C:\Users\RG\Downloads\Photos.zip
2017-11-15 23:00 - 2017-11-15 23:00 - 000000000 ____D C:\Users\RG\Downloads\Emliy
2017-11-15 22:55 - 2017-11-15 22:55 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-15 22:55 - 2017-11-15 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-15 22:55 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-15 22:54 - 2017-11-15 22:54 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-14 22:30 - 2017-10-25 10:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-14 22:30 - 2017-10-25 10:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-14 22:30 - 2017-10-25 10:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-14 22:30 - 2017-10-25 09:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-14 22:30 - 2017-10-25 09:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-14 22:30 - 2017-10-25 09:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-14 22:30 - 2017-10-25 07:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-14 22:30 - 2017-10-25 05:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-14 22:30 - 2017-10-25 05:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 22:30 - 2017-10-25 05:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 22:30 - 2017-10-25 05:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-14 22:30 - 2017-10-25 05:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-14 22:30 - 2017-10-25 05:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 22:30 - 2017-10-25 05:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-14 22:30 - 2017-10-25 05:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-14 22:30 - 2017-10-25 05:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 22:30 - 2017-10-25 05:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 22:30 - 2017-10-25 05:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 22:30 - 2017-10-25 05:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-14 22:30 - 2017-10-25 05:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 22:30 - 2017-10-25 05:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-14 22:30 - 2017-10-25 05:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 22:30 - 2017-10-25 05:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 22:30 - 2017-10-25 05:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-14 22:30 - 2017-10-25 05:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-14 22:30 - 2017-10-25 05:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-14 22:30 - 2017-10-25 05:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-14 22:30 - 2017-10-25 05:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-14 22:30 - 2017-10-25 05:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-14 22:30 - 2017-10-25 05:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-14 22:30 - 2017-10-25 05:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-14 22:30 - 2017-10-25 05:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-14 22:30 - 2017-10-25 05:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 22:30 - 2017-10-25 05:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-14 22:30 - 2017-10-25 05:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-14 22:30 - 2017-10-25 05:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-14 22:30 - 2017-10-25 05:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-14 22:30 - 2017-10-25 05:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-14 22:30 - 2017-10-25 04:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-14 22:30 - 2017-10-25 04:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 22:30 - 2017-10-25 04:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 22:30 - 2017-10-25 04:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-14 22:30 - 2017-10-25 04:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-14 22:30 - 2017-10-25 04:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-14 22:30 - 2017-10-25 04:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-14 22:30 - 2017-10-25 04:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-14 22:30 - 2017-10-25 04:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-14 22:30 - 2017-10-25 04:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-14 22:30 - 2017-10-25 04:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-14 22:30 - 2017-10-25 04:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-14 22:30 - 2017-10-25 04:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 22:30 - 2017-10-25 04:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-14 22:30 - 2017-10-25 04:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 22:30 - 2017-10-25 04:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-14 22:30 - 2017-10-25 04:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 22:30 - 2017-10-25 04:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-14 22:30 - 2017-10-25 04:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-14 22:30 - 2017-10-25 04:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-14 22:30 - 2017-10-25 04:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 22:30 - 2017-10-25 04:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-14 22:30 - 2017-10-25 04:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-14 22:30 - 2017-10-25 04:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 22:30 - 2017-10-25 04:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-14 22:30 - 2017-10-25 04:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-14 22:30 - 2017-10-25 04:13 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 22:30 - 2017-10-25 04:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-14 22:30 - 2017-10-25 04:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-14 22:30 - 2017-10-25 04:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 22:30 - 2017-10-25 04:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-14 22:30 - 2017-10-25 04:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 22:30 - 2017-10-25 04:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 22:30 - 2017-10-25 04:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 22:30 - 2017-10-25 04:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-14 22:30 - 2017-10-25 04:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-14 22:30 - 2017-10-25 04:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 22:30 - 2017-10-25 04:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-14 22:30 - 2017-10-25 04:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 22:30 - 2017-10-25 04:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 22:30 - 2017-10-25 04:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 22:30 - 2017-10-25 04:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 22:30 - 2017-10-25 04:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-14 22:30 - 2017-10-25 04:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-14 22:30 - 2017-10-25 04:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-14 22:30 - 2017-10-25 04:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 22:30 - 2017-10-25 04:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 22:30 - 2017-10-25 04:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-14 22:30 - 2017-10-25 04:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-14 22:30 - 2017-10-25 04:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-14 22:30 - 2017-10-25 04:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-14 22:30 - 2017-10-25 04:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-14 22:30 - 2017-10-25 04:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 22:30 - 2017-10-25 04:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 22:30 - 2017-10-25 04:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 22:30 - 2017-10-25 04:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-14 22:30 - 2017-10-25 04:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 22:30 - 2017-10-25 04:01 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 22:30 - 2017-10-25 04:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 22:30 - 2017-10-25 03:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 22:30 - 2017-10-25 03:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 22:30 - 2017-10-25 03:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-14 22:30 - 2017-10-25 03:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-14 22:30 - 2017-10-25 03:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-14 22:30 - 2017-10-25 03:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 22:30 - 2017-10-25 03:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-14 22:30 - 2017-10-21 13:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-14 22:30 - 2017-10-20 15:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-14 22:30 - 2017-10-20 06:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 22:29 - 2017-10-25 04:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-14 22:29 - 2017-10-25 04:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-14 22:29 - 2017-10-25 04:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 22:29 - 2017-10-25 04:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-14 22:29 - 2017-10-25 04:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 22:29 - 2017-10-25 04:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-14 22:29 - 2017-10-25 04:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-14 22:29 - 2017-10-25 03:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-12 20:43 - 2017-11-14 23:14 - 000000000 ____D C:\Users\RG\AppData\Local\CANON_INC
2017-11-12 20:16 - 2015-08-20 07:06 - 100042992 _____ (CANON INC.) C:\Users\RG\Desktop\euw2.14.20a-updater.exe
2017-11-12 20:14 - 2017-11-12 20:14 - 000000000 _____ C:\WINDOWS\OpPrintServer.INI
2017-11-12 20:13 - 2017-11-12 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon PhotoRecord
2017-11-12 20:11 - 2017-11-12 20:26 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-11-12 20:07 - 2017-11-12 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-11-12 20:07 - 2017-11-12 20:29 - 000000000 ____D C:\Program Files (x86)\Canon
2017-11-12 20:06 - 2017-11-12 21:05 - 000000000 ____D C:\Users\RG\AppData\Roaming\canon
2017-11-12 20:06 - 2017-11-12 20:06 - 000000000 ____D C:\ProgramData\Canon_Inc_IC
2017-11-12 13:41 - 2017-11-12 14:06 - 000001241 _____ C:\Users\William\Desktop\nativelog.txt
2017-11-12 13:41 - 2017-11-12 13:54 - 000000000 ____D C:\Users\William\AppData\Roaming\.minecraft
2017-11-12 13:41 - 2017-11-12 13:41 - 000000000 ____D C:\Users\William\AppData\Local\CEF
2017-11-09 15:36 - 2017-11-09 15:36 - 000000000 ____D C:\Users\willi\Documents\FIFA 18 Demo
2017-11-09 14:38 - 2017-11-09 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-09 14:37 - 2017-11-09 14:37 - 000001820 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-09 14:37 - 2017-11-09 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-09 14:37 - 2017-11-09 14:37 - 000000000 ____D C:\Program Files\iPod
2017-11-09 14:36 - 2017-11-09 14:37 - 000000000 ____D C:\Program Files\iTunes
2017-11-09 13:53 - 2017-11-09 13:53 - 000001214 _____ C:\Users\Public\Desktop\FIFA 18-DEMO.lnk
2017-11-09 13:53 - 2017-11-09 13:53 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2017-11-09 13:53 - 2017-11-09 13:53 - 000000000 ____D C:\ProgramData\Electronic Arts
2017-11-09 12:56 - 2017-11-09 12:57 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-11-09 12:54 - 2017-11-09 16:38 - 000000000 ____D C:\Users\willi\AppData\Roaming\Origin
2017-11-09 12:52 - 2017-11-09 12:52 - 000001070 _____ C:\Users\Public\Desktop\Origin.lnk
2017-11-09 12:52 - 2017-11-09 12:52 - 000000000 ____D C:\Users\RG\AppData\Local\Origin
2017-11-09 12:52 - 2017-11-09 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-11-09 12:52 - 2017-11-09 12:52 - 000000000 ____D C:\Program Files (x86)\Origin
2017-11-09 12:50 - 2017-11-09 16:38 - 000000000 ____D C:\ProgramData\Origin
2017-11-09 12:50 - 2017-11-09 15:35 - 000000000 ____D C:\Users\willi\AppData\Local\Origin
2017-11-09 12:50 - 2017-11-09 12:50 - 000000000 ____D C:\Users\willi\.QtWebEngineProcess
2017-11-09 12:50 - 2017-11-09 12:50 - 000000000 ____D C:\Users\willi\.Origin
2017-11-09 12:49 - 2017-11-09 12:50 - 062397632 _____ (Electronic Arts) C:\Users\willi\Downloads\OriginThinSetup.exe
2017-11-09 12:26 - 2017-11-09 12:26 - 000001854 _____ C:\Users\willi\Desktop\Spotify.lnk
2017-11-09 12:26 - 2017-11-09 12:26 - 000001840 _____ C:\Users\willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-11-09 12:26 - 2017-11-09 12:26 - 000000000 ____D C:\Users\willi\AppData\Local\Spotify
2017-11-09 12:25 - 2017-11-09 12:25 - 000000000 ____D C:\Users\willi\AppData\Local\PlaceholderTileLogoFolder
2017-11-09 11:52 - 2017-11-09 11:52 - 000000020 ___SH C:\Users\William\ntuser.ini
2017-11-09 11:52 - 2017-11-09 11:52 - 000000000 ___RD C:\Users\William\3D Objects
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-01 12:56 - 2016-01-23 22:37 - 000000000 ____D C:\FRST
2017-12-01 12:46 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-01 12:42 - 2017-08-15 14:47 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-01 12:39 - 2017-10-23 15:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-01 12:38 - 2017-09-29 09:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-12-01 12:37 - 2017-10-23 15:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-01 11:53 - 2014-08-22 20:57 - 000000000 ____D C:\AdwCleaner
2017-12-01 09:44 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-01 09:44 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-01 09:34 - 2017-10-23 15:58 - 000004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{57FE92D7-BDF3-4587-B37C-8CFA35740C4E}
2017-12-01 09:30 - 2017-07-30 19:59 - 000000000 ____D C:\Users\RG\AppData\Local\Spotify
2017-12-01 09:30 - 2017-07-30 19:58 - 000000000 ____D C:\Users\RG\AppData\Roaming\Spotify
2017-11-30 18:10 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-11-30 16:06 - 2017-09-23 13:57 - 000000000 ____D C:\Users\willi\AppData\Roaming\Spotify
2017-11-30 12:50 - 2017-10-22 19:41 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-30 12:50 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-30 12:50 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-30 12:50 - 2017-07-30 19:37 - 000000000 ____D C:\Users\RG\AppData\Roaming\TeamViewer
2017-11-30 12:47 - 2017-07-30 20:06 - 000000000 ____D C:\Users\RG\AppData\Roaming\TIDAL
2017-11-30 08:35 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-29 19:12 - 2017-07-30 13:03 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-28 10:38 - 2017-10-23 15:39 - 000000000 ____D C:\Users\RG
2017-11-26 17:19 - 2017-07-30 19:57 - 000002018 _____ C:\Users\Public\Desktop\Sonos.lnk
2017-11-26 17:19 - 2017-07-30 19:57 - 000000000 ____D C:\ProgramData\Sonos,_Inc
2017-11-26 17:19 - 2017-07-30 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2017-11-26 17:19 - 2017-07-30 19:57 - 000000000 ____D C:\Program Files (x86)\Sonos
2017-11-26 17:19 - 2017-07-30 19:56 - 000000000 ____D C:\Users\RG\AppData\Local\Downloaded Installations
2017-11-26 17:14 - 2017-07-30 15:54 - 000000000 ____D C:\Program Files\Jungle Disk Desktop
2017-11-26 17:14 - 2017-07-30 15:47 - 000000000 ____D C:\ProgramData\JungleDisk
2017-11-26 15:40 - 2017-07-30 20:06 - 000000000 ____D C:\Users\RG\AppData\Local\TIDAL
2017-11-26 15:27 - 2017-07-30 14:09 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-19 12:00 - 2017-08-13 20:53 - 000001437 _____ C:\Users\willi\Desktop\Roblox Player.lnk
2017-11-19 12:00 - 2017-08-13 20:53 - 000001252 _____ C:\Users\willi\Desktop\Roblox Studio.lnk
2017-11-19 12:00 - 2017-08-13 20:53 - 000000000 ____D C:\Users\willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-16 09:10 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2017-11-14 23:19 - 2017-10-23 15:31 - 000221864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-14 23:16 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-14 23:16 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-14 23:16 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-14 23:16 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-14 23:16 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-14 23:16 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-14 23:16 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-14 22:46 - 2017-07-30 14:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-14 22:35 - 2017-10-15 17:05 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-14 22:35 - 2017-07-30 14:07 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-14 22:17 - 2017-07-30 14:19 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 22:17 - 2017-07-30 14:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-14 22:10 - 2017-10-23 15:58 - 000003512 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 22:10 - 2017-10-23 15:58 - 000003388 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-12 20:35 - 2014-02-17 05:38 - 000000000 ____D C:\Users\RG\Desktop\Kamera
2017-11-12 13:53 - 2017-08-16 19:24 - 000000000 ____D C:\Users\William\AppData\Local\AMD
2017-11-12 13:43 - 2017-10-23 15:58 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1098376002-1560011732-2901052550-1002
2017-11-12 13:43 - 2017-08-16 19:26 - 000002383 _____ C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-12 13:43 - 2015-08-17 21:17 - 000000000 ___RD C:\Users\William\OneDrive
2017-11-12 13:42 - 2017-10-23 15:40 - 000000000 ____D C:\Users\William\AppData\Local\Packages
2017-11-12 13:42 - 2017-08-16 19:23 - 000000000 ____D C:\Users\William\AppData\Local\Publishers
2017-11-09 14:58 - 2017-10-22 19:47 - 000007628 _____ C:\Users\RG\AppData\Local\Resmon.ResmonCfg
2017-11-09 14:31 - 2017-10-23 15:39 - 000000000 ____D C:\Users\willi
2017-11-09 11:53 - 2017-08-16 19:22 - 000000000 ____D C:\Users\William\AppData\Local\TileDataLayer
2017-11-09 11:52 - 2017-10-23 15:39 - 000000000 ____D C:\Users\William
2017-11-09 11:52 - 2013-11-28 15:59 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-09 11:44 - 2017-08-15 11:37 - 000000000 ____D C:\Users\willi\AppData\Roaming\.minecraft
2017-11-09 11:44 - 2017-08-15 11:37 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-11-09 11:44 - 2017-06-21 20:46 - 000000904 _____ C:\Users\willi\Desktop\nativelog.txt
2017-11-09 11:28 - 2017-10-23 15:58 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1098376002-1560011732-2901052550-1011
2017-11-09 11:27 - 2017-08-13 20:42 - 000002377 _____ C:\Users\willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-09 11:27 - 2017-06-21 20:46 - 000000000 ___RD C:\Users\willi\OneDrive
2017-11-08 18:22 - 2017-10-23 15:58 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1098376002-1560011732-2901052550-1001
2017-11-08 18:19 - 2017-07-30 14:06 - 000002362 _____ C:\Users\RG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-08 18:19 - 2015-08-16 18:42 - 000000000 ___RD C:\Users\RG\OneDrive
2017-11-08 18:08 - 2017-10-23 16:27 - 000000000 ____D C:\Windows.old
2017-11-08 18:05 - 2017-10-23 16:01 - 000831634 _____ C:\WINDOWS\system32\perfh01D.dat
2017-11-08 18:05 - 2017-10-23 16:01 - 000176728 _____ C:\WINDOWS\system32\perfc01D.dat
2017-11-08 18:05 - 2017-10-23 15:53 - 002501746 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-08 18:05 - 2017-09-30 15:27 - 000465206 _____ C:\WINDOWS\system32\perfh014.dat
2017-11-08 18:05 - 2017-09-30 15:27 - 000099750 _____ C:\WINDOWS\system32\perfc014.dat
2017-11-04 02:25 - 2017-09-29 14:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 02:25 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-10-22 19:47 - 2017-11-09 14:58 - 000007628 _____ () C:\Users\RG\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-29 14:04
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by RG (01-12-2017 12:57:08)
Running from C:\Users\RG\Downloads
Windows 10 Home Version 1709 16299.64 (X64) (2017-10-23 15:05:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1098376002-1560011732-2901052550-500 - Administrator - Disabled)
Gjest (S-1-5-21-1098376002-1560011732-2901052550-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1098376002-1560011732-2901052550-1005 - Limited - Enabled)
Mathilda (S-1-5-21-1098376002-1560011732-2901052550-1003 - Limited - Enabled) => C:\Users\Mathilda
RG (S-1-5-21-1098376002-1560011732-2901052550-1001 - Administrator - Enabled) => C:\Users\RG
Standardkonto (S-1-5-21-1098376002-1560011732-2901052550-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1098376002-1560011732-2901052550-504 - Limited - Disabled)
willi (S-1-5-21-1098376002-1560011732-2901052550-1011 - Limited - Enabled) => C:\Users\willi
William (S-1-5-21-1098376002-1560011732-2901052550-1002 - Limited - Enabled) => C:\Users\William
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Apple-programstöd (32-bitar) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple-programstöd (64-bitar) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Camera Support Core Library (HKLM-x32\...\{5662C158-CA24-4228-BF6C-596FADA08682}) (Version: 7.2.0.4 - Canon) Hidden
Camera Window DS (HKLM-x32\...\{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}) (Version: 5.1 - Canon) Hidden
Camera Window DVC (HKLM-x32\...\{A70D14C6-FF2C-4B8E-A643-7E74EC607614}) (Version: 5.1 - Canon) Hidden
Camera Window MC (HKLM-x32\...\{E73534D5-CC93-4C63-9072-5A9734255C74}) (Version: 5.1 - Canon) Hidden
Canon Camera Support Core Library (HKLM-x32\...\InstallShield_{5662C158-CA24-4228-BF6C-596FADA08682}) (Version: 7.2.0.4 - Canon)
Canon Camera WIA Driver (HKLM-x32\...\{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}) (Version: 5.6 - Canon) Hidden
Canon Camera Window DS for ZoomBrowser EX (HKLM-x32\...\InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}) (Version: 5.1 - Canon)
Canon Camera Window DVC for ZoomBrowser EX (HKLM-x32\...\InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}) (Version: 5.1 - Canon)
Canon Camera Window for ZoomBrowser EX (HKLM-x32\...\InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}) (Version: 5.1 - Canon)
Canon EOS Kiss_N REBEL_XT 350D WIA Driver (HKLM-x32\...\InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}) (Version: 5.6 - Canon)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}) (Version: 1.3.3 - Canon Inc.)
Canon PhotoRecord (HKLM-x32\...\{862983D7-FA08-493E-A9ED-6B7859E069D3}) (Version: 02.02.01000 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}) (Version: 2.0 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}) (Version: 1.1 - Canon)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.15.0.0 - Canon Inc.)
Canon Utilities EOS Capture 1.3 (HKLM-x32\...\InstallShield_{16480125-0428-4097-9A2A-74464004D169}) (Version: 1.3 - Canon)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.3.0.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.2.10.0 - Canon Inc.)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.19.10.0 - Canon Inc.)
Canon ZoomBrowser EX (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.00.0000 - Canon)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
CheatBreaker 0.3.0 (HKLM\...\a5d9757f-0ecd-505a-a3ae-340ce0104ae9) (Version: 0.3.0 - CheatBreaker, LLC)
EOS Capture 1.3 (HKLM-x32\...\{16480125-0428-4097-9A2A-74464004D169}) (Version: 1.3 - Canon) Hidden
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FIFA 18-DEMO (HKLM-x32\...\{5D17162D-8095-4B35-B41F-6F55D154E9F9}) (Version: 1.0.49.32463 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grundläggande enhetsprogramvara för HP Photosmart 6510 series (HKLM\...\{0E33F44B-D287-4E9A-A1E5-89A95D932D15}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6510 series Hjälp (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
Internet Library (HKLM-x32\...\{2F81FBFC-9A37-431F-9050-14B55485DF5A}) (Version: 1.3.3 - Canon Inc.) Hidden
iTunes (HKLM\...\{506F9A0F-3C1A-4B68-9AB6-0A38419150B0}) (Version: 12.7.1.14 - Apple Inc.)
Jungle Disk Desktop (HKLM\...\{4837C529-3700-5555-95FC-80C653003223}) (Version: 3.22.3 - Jungle Disk) Hidden
Jungle Disk Desktop (HKLM-x32\...\{1f5b5d1d-f6d5-4940-8786-d84246ca8eda}) (Version: 3.22.3.0 - Jungle Disk)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 10.5.5.6040 - Electronic Arts, Inc.)
PhotoStitch (HKLM-x32\...\{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon) Hidden
Pixelmon Launcher (Beta) (HKLM-x32\...\{0B31EBFD-AABF-4746-B0B9-2E6191118A71}) (Version: 2.1.2 - Ikara Software Limited) Hidden
Pixelmon Launcher (Beta) (HKLM-x32\...\Pixelmon Launcher (Beta) 2.1.2) (Version: 2.1.2 - Ikara Software Limited)
Produktförbättringsstudie för HP Photosmart 6510 series (HKLM\...\{20F3BBDB-1192-4B1C-A366-49F86C418A03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
RAW Image Task 2.0 (HKLM-x32\...\{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}) (Version: 2.0 - Canon) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RemoteCapture Task 1.1 (HKLM-x32\...\{28291BD5-92D2-4685-82DC-CCA925C53CCA}) (Version: 1.1 - Canon) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 39.2.47170 - Sonos, Inc.)
Spotify (HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\Spotify) (Version: 1.0.68.407.g6864aaaf - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
TIDAL (HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\TIDAL) (Version: 2.1.11 - TIDAL Music AS)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6-0] -> {6FE60A21-4F36-4AAE-A15C-6F3FCB192572} => C:\Program Files\Jungle Disk Desktop\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
ShellIconOverlayIdentifiers: [JungleDisk1_Complete] -> {78061A12-1E91-4446-8B65-8ED2FF328D4A} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2017-11-01] (Jungle Disk, LLC)
ShellIconOverlayIdentifiers: [JungleDisk2_InProgress] -> {700AD13D-E86F-41C9-9A8F-39B4C438806F} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2017-11-01] (Jungle Disk, LLC)
ShellIconOverlayIdentifiers: [JungleDisk3_Conflicted] -> {48C7A606-0F84-4DC8-8AFD-A157BDF18A08} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2017-11-01] (Jungle Disk, LLC)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6-0] -> {6FE60A21-4F36-4AAE-A15C-6F3FCB192572} => C:\Program Files\Jungle Disk Desktop\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
ContextMenuHandlers1: [ContextMenuPublicShare] -> {CD8AB07F-7AD1-4efb-BB33-FCF82F17B943} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2017-11-01] (Jungle Disk, LLC)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {57A7597B-A4E6-4B37-9850-9706F921CC38} - System32\Tasks\S-1-5-21-1098376002-1560011732-2901052550-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {6460E97C-932E-4C4E-89B3-437DB55A1A6F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {6DBBF64B-ABE3-46E0-89C8-164BD33ACB2B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {7FC23F04-0FB7-4C0B-900B-9D976A2D3615} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {AFBD9C0D-E764-436A-9E50-C79441709AA9} - System32\Tasks\HPCustParticipation HP Photosmart 6510 series => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {CE310F9D-9303-401A-A4CB-AC519ED739BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-30] (Google Inc.)
Task: {FDF63551-2680-45A6-87C7-AE05E52A2D1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-30] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\RG\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-11-04 15:43 - 2015-11-04 15:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-07-13 19:50 - 2017-07-13 19:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-09 11:01 - 2017-11-09 11:01 - 000262656 _____ () C:\Program Files\Jungle Disk Desktop\monitor_images.dll
2017-11-15 22:55 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-15 22:55 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 14:42 - 2017-09-30 15:28 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 14:42 - 2017-09-30 15:28 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 15:43 - 2015-11-04 15:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-11-14 22:17 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-14 22:17 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-07-13 19:51 - 2017-07-13 19:51 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-07-21 09:35 - 2015-07-21 09:35 - 000512000 _____ () C:\Program Files (x86)\Canon\EOS Utility\EDSDK.dll
2017-09-03 11:04 - 2016-07-21 09:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-09-03 11:04 - 2016-10-08 15:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-07-30 13:28 - 2017-07-30 13:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RG\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 193.213.112.4 - 130.67.15.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-1098376002-1560011732-2901052550-1001\...\StartupApproved\Run: => "TIDAL"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C2570A31-2B44-4D7A-9AD3-E415204BB465}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{CD6180AB-6ED5-4F26-8569-97F5F7D9E8EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{EAF43D0D-71A2-4544-A690-37DBFEDC8C6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{58F0E7BB-B0F0-4BCE-8FA1-86A926FF7111}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{1A40F701-0235-4B30-A7F0-119872714C9A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{084D4DC3-809B-43F9-8753-6C9A0B0DE7B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{87488E37-8E95-4815-8117-691D4FF950D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{96BF9C2C-7F61-4E02-ADC0-68E2B45F0012}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2160845A-0BAB-4F02-B2D9-0669B4F1DD53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BDF66729-4BC4-4095-85CD-319E70B4900E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{31F64B3E-1E57-4E61-97E8-3A369277C1CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{6E480777-CBCC-4A0C-AE4B-CCAEB84C7795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{7823825D-D227-4DD7-AAB5-B049395677A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{D1E0C096-5C51-44E7-B41B-8AA43341C212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{99DB584F-6D36-4822-9306-F886030B8BAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super POTUS Trump\SuperPotusTrump.exe
FirewallRules: [{673A0151-BF0A-4752-A34F-E1AE22D127B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super POTUS Trump\SuperPotusTrump.exe
FirewallRules: [{9FCFD9D8-5AE1-4DA2-9615-98CECB2DE37D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{72C05E8C-814C-48A1-8BB1-6CBBC424C72A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{19A60DC7-74AC-44E0-B3C2-EFBD5D09D93B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{69D5904F-ED46-4D15-A711-411B56F21E1F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{4939156D-C5E4-4D38-A1B4-2F55C1DCCDA1}C:\program files\cheatbreaker\cheatbreaker.exe] => (Block) C:\program files\cheatbreaker\cheatbreaker.exe
FirewallRules: [TCP Query User{437B9AC3-185A-460C-A72C-7BC2B41FCB2B}C:\program files\cheatbreaker\cheatbreaker.exe] => (Block) C:\program files\cheatbreaker\cheatbreaker.exe
FirewallRules: [UDP Query User{BE784D80-FA1B-4D6E-A5E7-48E5C7989A80}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{293ECC1C-71D1-4480-947F-7DD3DABBA3B2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6A9E4AC6-9AE0-46BE-97AD-1AA923DC92C8}C:\users\rg\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\rg\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{93C092B2-B9C5-41BD-9F36-0BE3F7D8A07C}C:\users\rg\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\rg\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{83441D29-F350-48A0-AAD0-E5D20D4EF94C}C:\users\rg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rg\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{969BCC10-60EC-45B9-A362-119DAE05DEC1}C:\users\rg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rg\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5728EEFD-1E2F-4A7A-824D-980B4FFC4ED6}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [TCP Query User{A3433A68-0713-418F-B6BB-58B46F150265}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [{4C755AA9-E91E-45A8-B0E2-0FF1219EEE20}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{771A725A-2F21-40FE-A651-AEB9E42464F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3440568F-038F-4B6C-8454-40345D807E2A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01CBDD29-DD0E-47C9-807E-0984F04F2BE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6115ADA-93E1-4398-B454-56FDB3254F0F}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B2CC7651-4ADC-461D-8B81-7AC7B80D8C91}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DC5E272F-23EB-4F1A-ADD7-1BE823959A5B}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{18590406-C819-4331-A634-9FEEB7CE8D58}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18 DEMO\FIFASetup\fifaconfig.exe
FirewallRules: [{0EE16805-6BE1-4146-8A1C-6753F18572E2}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18 DEMO\FIFASetup\fifaconfig.exe
FirewallRules: [{2881414B-4727-4084-9D00-E988CBBBB650}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{94409A63-AEEA-4EF5-A2E2-BD7FAC3AB84C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{B151A4A3-214E-465A-B209-8D9CB81B0BBD}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{FDEF9582-3DEE-4F11-B8F0-B1FF0D4BBBB9}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{416413F8-B42A-4C1B-BA2D-35B23EFD1DF4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{9706F28E-F265-47B4-B227-EAE5F13B7EF2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{1FB52D01-4EB3-4C00-B85E-6CD802C9EB97}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{63A2085B-05E8-4927-ABF0-9635E14E1901}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
 
==================== Restore Points =========================
 
26-11-2017 16:32:57 Planlagt kontrollpunkt
30-11-2017 19:56:43 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2017 08:55:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: bad_module_info, version 0.0.0.0, tidsstämpel 0x00000000
, felet uppstod i modulen med namn: unknown, version 0.0.0.0, tidsstämpel 0x00000000
Undantagskod: 0x00000000
Felförskjutning: 0x0000000000000000
Process-ID: 0x24c4
Programmets starttid: 0x01d36a119c115cdb
Sökväg till program: bad_module_info
Sökväg till modul: unknown
Rapport-ID: 2cd2a957-689c-45d8-8d49-33b7e6b97af5
Fullständigt namn på felaktigt paket: 
Program-ID relativt till felaktigt paket:
 
Error: (11/30/2017 08:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66422
 
Error: (11/30/2017 08:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66422
 
Error: (11/30/2017 08:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/30/2017 12:41:30 PM) (Source: COM) (EventID: 10031) (User: )
Description: En principkontroll för återkonvertering utfördes vid återkonvertering av ett anpassat konverterat objekt och klassen {95CABCC9-BC57-4C12-B8DF-BA193232AA01} nekades
 
Error: (11/29/2017 07:13:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när rutinen QueryFullProcessImageNameW anropades. hr = 0x8007001f, En enhet koblet til systemet virker ikke.
.
 
 
Operasjon:
   Utfører asynkron operasjon
 
Kontekst:
   Gjeldende tilstand: DoSnapshotSet
 
Error: (11/29/2017 07:11:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när rutinen QueryFullProcessImageNameW anropades. hr = 0x8007001f, En enhet koblet til systemet virker ikke.
.
 
 
Operasjon:
   Utfører asynkron operasjon
 
Kontekst:
   Gjeldende tilstand: DoSnapshotSet
 
Error: (11/29/2017 05:03:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1328
 
Error: (11/29/2017 05:03:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1328
 
Error: (11/29/2017 05:03:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (12/01/2017 12:43:47 PM) (Source: DCOM) (EventID: 10016) (User: RICKARD)
Description: Behörighetsinställningarna programspesifikk ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 och APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 till användaren Rickard\RG SID (S-1-5-21-1098376002-1560011732-2901052550-1001) från adress LocalHost (bruker LRPC) som körs i programbehållaren Ikke tilgjengelig SID (Ikke tilgjengelig). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (12/01/2017 12:39:03 PM) (Source: NTFS) (EventID: 137) (User: )
Description: Det gick inte att starta standardresurshanteraren för transaktioner på volym E: på grund av ett fel där nya försök inte kunde utföras. Data innehåller felkoden.
 
Error: (12/01/2017 12:39:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: Det finns ett felaktigt block på enhet \Device\Harddisk1\DR1.
 
Error: (12/01/2017 12:38:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.
 
Modulsökväg: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (12/01/2017 12:38:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.
 
Modulsökväg: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (12/01/2017 12:38:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.
 
Modulsökväg: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (12/01/2017 12:37:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten JungleDiskService avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 60000 millisekunder: Start tjenesten på nytt.
 
Error: (12/01/2017 12:37:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten iPod Service avslutades oväntat. Detta har skett 1 gånger.
 
Error: (12/01/2017 12:37:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Bonjour-tjänst avslutades oväntat. Detta har skett 1 gånger.
 
Error: (12/01/2017 12:37:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Wondershare Application Framework Service avslutades oväntat. Detta har skett 1 gånger.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-01 12:57:03.225
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-01 12:57:03.222
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-01 12:49:25.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-01 12:49:25.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-01 12:49:24.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-01 12:49:24.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-01 12:49:23.023
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-01 12:49:23.021
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-01 12:46:40.774
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-01 12:46:40.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-5700 APU with Radeon™ HD Graphics 
Percentage of memory in use: 20%
Total physical RAM: 16348.37 MB
Available physical RAM: 12950.54 MB
Total Virtual: 18780.37 MB
Available Virtual: 15018.11 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:919.92 GB) (Free:501.9 GB) NTFS
Drive d: (DATA) (Fixed) (Total:921.51 GB) (Free:857.91 GB) NTFS
Drive e: (My Book) (Fixed) (Total:931.51 GB) (Free:218.75 GB) NTFS
Drive j: (jungle) (Network) (Total:500 GB) (Free:500 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 81A648B0)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,205 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 AM

Posted 03 December 2017 - 09:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean.

It's probably a Syncing issue.
To remove this you will possibly have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

#3 rickgu

rickgu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 06 December 2017 - 02:23 PM

Thanks a lot for your help. It worked  :bananas:  :bananas:



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,205 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 AM

Posted 07 December 2017 - 07:40 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users