Solved mail.ru & newcityinworld.ru ad malware on google chrome

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Mike

PCHF Member
Jan 6, 2017
7
2
27
Hello!
So a couple of days ago I accidentally downloaded an addon to google chrome that's called mail.ru. It has since then messed up my browser by adding addons, changing homepage address, ads that pop on and you know the stuff that ad malwares do. I usually fix this problem by just uninstalling them. But this malware, I am not able to remove the virus. I keep getting popup on this page called newcityinworld.com & sosalovodro4ik.xyz. I have norton security on my computer so I ran a full system scan but no virus was found. I tried removing every file that had mail.ru in discreption with help of "regedit". Still this **** page keeps on popping up. Currently I have an addon "block site" that obvoiusly blocks these sites by redirecting them to google.com. But it's still annoying and chrome feels slower. Any suggestions? Thanks
 
Welcome to PCHF 🙂





Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

icon2-jpg.794


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

frst-disclaimer-jpg.795

  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan

frst-jpg.796


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002-jpg.797


Please Copy and Paste the contents of these logs in your next post for review
 
Welcome to PCHF 🙂





Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

icon2-jpg.794


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

frst-disclaimer-jpg.795

  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan

frst-jpg.796


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002-jpg.797


Please Copy and Paste the contents of these logs in your next post for review

Here are the logs I got
Hope this helps
 

Attachments

I see that you have BitTorrent installed. Though P2P programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop, and I would appreciate if you disabled the software and refrained from using it while we are working on your current issue. For all we know, this could be how your system was infiltrated.

Also, it is better for us helper for the FRST & Addition.txt logs to be copy and pasted in your reply not attached. Can you please remove or confirm that you will not use Bittorrent for the duration of us assisting you with your issue and paste the two logs rather than attach them. This will speed up the process of you getting help. 🙂
 
I see that you have BitTorrent installed. Though P2P programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop, and I would appreciate if you disabled the software and refrained from using it while we are working on your current issue. For all we know, this could be how your system was infiltrated.

Also, it is better for us helper for the FRST & Addition.txt logs to be copy and pasted in your reply not attached. Can you please remove or confirm that you will not use Bittorrent for the duration of us assisting you with your issue and paste the two logs rather than attach them. This will speed up the process of you getting help. 🙂

Oh sorry I am new to this forum, anyway I have uninstalled BitTorrent and ran a new scan


FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by michael96 (administrator) on 5CG4391DJR (06-01-2017 20:00:17)
Running from C:\Users\michael96\Desktop
Loaded Profiles: michael96 (Available Profiles: michael96)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\ns.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\ns.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\michael96\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\michael96\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [147160 2013-08-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-09-04] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [BitTorrent Sync] => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [BingSvc] => C:\Users\michael96\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [AceStream] => C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe [28024 2016-12-15] (Innovative Digital Technologies)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [Spotify Web Helper] => C:\Users\michael96\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-24] (Spotify Ltd)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [Spotify] => C:\Users\michael96\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-24] (Spotify Ltd)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\MountPoints2: {a0127733-022f-11e5-8263-18cf5eb3a663} - "D:\SISetup.exe"
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
Startup: C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-29]
ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\michael96\AppData\Local\Facebook\Games\FacebookGames.exe ()
Startup: C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skicka till OneNote.lnk [2017-01-04]
ShortcutTarget: Skicka till OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{04EE8B03-B476-4835-9D7D-8D2249FDB8C0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-06] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-06] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)

FireFox:
========
FF DefaultProfile: 6wy7q6u7.default
FF ProfilePath: C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default [2017-01-06]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\6wy7q6u7.default -> Поиск@Mail.Ru
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\6wy7q6u7.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6wy7q6u7.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\6wy7q6u7.default -> hxxp://mail.ru/cnt/10445?gp=818411
FF Keyword.URL: Mozilla\Firefox\Profiles\6wy7q6u7.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BC6A9996A-BF5C-4D3A-9C97-5C0278603673%7D&gp=811041
FF Extension: (Bing Search) - C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-05-08]
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\homepage@mail.ru [2017-01-04]
FF Extension: (Поиск@Mail.Ru) - C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\search@mail.ru [2017-01-04]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-01-04]
FF SearchPlugin: C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\searchplugins\bing-.xml [2016-05-08]
FF SearchPlugin: C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\searchplugins\mailru.xml [2017-01-04]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2016-12-05]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\michael96\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\michael96\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3641276461-1987637529-1729258412-1001: @acestream.net/acestreamplugin,version=3.1.11 -> C:\Users\michael96\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=818410","hxxps://www.google.com/search?hl=en&newwindow=1&safe=off&site=&source=hp&q=how+to+set+homepage+in+chrome&oq=how+to+set+ho&aq=0&aqi=g10&aql=&gs_l=hp.3.0.0l10.1749.4171.0.5161.13.13.0.0.0.0.204.1709.5j7j1.13.0...0.0.xKQStdg3t2o","hxxp://browsers.about.com/od/googlechrome/ss/chromehomepage_3.htm","hxxps://www.facebook.com/","hxxps://www.facebook.com/","hxxp://Vosteran.com/?f=7&a=vst_vit_15_02_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByByDyDzyyB0DtDtAyB0DtDtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0D0B0F0D0EtCtAtG0AyB0CtBtG0Azz0A0FtG0A0DyCyCtGtByD0D0Fzy0BtBtC0EyE0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0DzztByDyDyBtGtAzz0E0DtGyE0D0B0AtG0ByB0EyBtGyB0ByCtCtAtDyByB0BtDtD0C2Q&cr=507446387&ir="
CHR Profile: C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default [2017-01-06]
CHR Extension: (Entanglement Web App) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-05-07]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-05-07]
CHR Extension: (Angry Birds) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-05-07]
CHR Extension: (Google Drive) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Turn Off the Lights) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-01-03]
CHR Extension: (YouTube) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Facebook) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-05-07]
CHR Extension: (Adblock Plus) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Block site) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2017-01-06]
CHR Extension: (Klocka) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2015-05-07]
CHR Extension: (Google Dokument Offline) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (SparkChess 9) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2016-10-14]
CHR Extension: (Quick Earth) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2015-05-07]
CHR Extension: (Hootsuite) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2015-05-07]
CHR Extension: (Little Alchemy) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-07]
CHR Extension: (Google Play) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-05-07]
CHR Extension: (Plants vs Zombies) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-05-07]
CHR Extension: (Frontline Defense 2 HD) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\nincmkjomngcmklpdkmdkioemlhdieim [2015-05-07]
CHR Extension: (Facebook Notifications) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2015-05-07]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile [2015-07-23]
CHR Extension: (Google Presentationer) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Dokument) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-23]
CHR Extension: (YouTube) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-23]
CHR Extension: (Google Search) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-23]
CHR Extension: (Google Kalkylark) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (Norton Identity Safe) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-23]
CHR Extension: (Gmail) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-23]
CHR HKLM\...\Chrome\Extension: [aaaabpccljmmhilhhndnjkobdedbpkjp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - <not found>
CHR HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaabpccljmmhilhhndnjkobdedbpkjp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - <not found>
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [7673856 2014-03-31] (Remote Monitoring) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S2 BcmBtRSupport; C:\windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [42792 2016-09-26] (Windows (R) Win 7 DDK provider)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3519400 2015-08-10] (INCA Internet Co., Ltd.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe [289080 2016-11-12] (Symantec Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2016-03-08] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339968 2013-09-04] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_NS; C:\windows\system32\drivers\NSx64\1608010.00E\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
R1 ccSet_NST; C:\windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\windows\system32\DRIVERS\e1d64x64.sys [468240 2013-09-22] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20170105.001\IDSvia64.sys [1038032 2016-12-17] (Symantec Corporation)
R3 MEIx64; C:\windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
S3 mvusbews; C:\windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
R3 SRTSP; C:\windows\System32\Drivers\NSx64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NSx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\windows\System32\drivers\NSx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation)
S4 SymELAM; C:\windows\system32\drivers\NSx64\1608010.00E\SymELAM.sys [24192 2016-06-02] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-15] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NSx64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\Drivers\NSx64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation)
R3 VSTWinDriver6; C:\windows\system32\drivers\VSTwindrvr6.sys [252928 2015-01-20] (Jungo)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160623.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160623.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-06 20:00 - 2017-01-06 19:59 - 02418176 _____ (Farbar) C:\Users\michael96\Desktop\FRST64.exe
2017-01-06 19:59 - 2017-01-06 19:59 - 02418176 _____ (Farbar) C:\Users\michael96\Downloads\FRST64.exe
2017-01-06 18:37 - 2017-01-06 20:00 - 00031567 _____ C:\Users\michael96\Desktop\FRST.txt
2017-01-06 18:36 - 2017-01-06 18:36 - 00031446 _____ C:\Users\michael96\Downloads\FRST.txt
2017-01-06 15:36 - 2017-01-06 20:00 - 00000000 ____D C:\FRST
2017-01-05 14:46 - 2017-01-05 14:46 - 00000000 ____D C:\Users\michael96\AppData\Local\ElevatedDiagnostics
2017-01-05 14:24 - 2017-01-05 14:24 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Curiolab
2017-01-05 14:22 - 2017-01-06 11:44 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2017-01-05 14:22 - 2017-01-05 14:22 - 00001103 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2017-01-05 14:22 - 2017-01-05 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2017-01-04 23:16 - 2017-01-04 23:17 - 00237060 _____ C:\TDSSKiller.3.1.0.12_04.01.2017_23.16.16_log.txt
2017-01-04 22:27 - 2017-01-04 22:27 - 00002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-04 22:27 - 2017-01-04 22:27 - 00002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-04 21:20 - 2017-01-04 21:20 - 00000000 _____ C:\autoexec.bat
2017-01-04 17:04 - 2017-01-04 17:51 - 00000000 ____D C:\Users\michael96\AppData\LocalLow\Unity
2017-01-04 17:04 - 2017-01-04 17:51 - 00000000 ____D C:\Users\michael96\AppData\Local\Unity
2017-01-04 17:03 - 2017-01-04 17:04 - 00000000 ____D C:\Users\michael96\AppData\Local\Mail.Ru
2017-01-04 17:03 - 2017-01-04 17:04 - 00000000 ____D C:\Users\michael96\AppData\Local\Amigo
2017-01-04 17:03 - 2017-01-04 17:03 - 00003652 _____ C:\windows\System32\Tasks\newcityinworld
2017-01-04 17:03 - 2017-01-04 17:03 - 00000000 ____D C:\ProgramData\Mail.Ru
2017-01-04 14:20 - 2017-01-04 18:09 - 00000000 ____D C:\Users\michael96\Downloads\Football Manager 2017
2016-12-29 15:37 - 2016-12-29 15:37 - 00016823 _____ C:\Users\michael96\Downloads\20161020 Tidsplan.docx
2016-12-29 15:36 - 2016-12-29 15:36 - 00013366 _____ C:\Users\michael96\Downloads\Handledare-elev 150916.docx
2016-12-29 14:59 - 2016-12-30 21:20 - 00063147 _____ C:\Users\michael96\Downloads\Automatiserad rapportmall Harvard.docx
2016-12-29 11:38 - 2016-12-29 11:38 - 00022401 _____ C:\Users\michael96\Downloads\MallRapportGymnasiearbete.docx
2016-12-26 21:47 - 2016-12-26 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-26 21:44 - 2016-12-26 21:44 - 00000000 ____D C:\Users\michael96\AppData\Local\Chromium
2016-12-20 22:29 - 2016-12-20 22:29 - 00110299 _____ C:\Users\michael96\Downloads\15625990_1793540337563448_4661246222832539786_o.jpg
2016-12-20 14:37 - 2016-12-20 14:37 - 00013099 _____ C:\Users\michael96\Downloads\Michael (4).docx
2016-12-19 14:29 - 2016-12-19 14:29 - 00001771 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-19 14:29 - 2016-12-19 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-19 14:29 - 2016-12-19 14:29 - 00000000 ____D C:\Program Files\iTunes
2016-12-19 14:29 - 2016-12-19 14:29 - 00000000 ____D C:\Program Files\iPod
2016-12-17 21:10 - 2015-07-21 08:33 - 00068742 ____N C:\Users\michael96\Downloads\The.Pianist.2002.1080p.BrRip.x264.YIFY.srt
2016-12-17 21:10 - 2015-07-19 10:33 - 00000049 ____N C:\Users\michael96\Downloads\mvsubtitles.com.txt
2016-12-17 21:09 - 2016-12-17 21:09 - 00025938 _____ C:\Users\michael96\Downloads\the-pianist-2002-1080p-brrip-x264-vppv-english-90578.zip
2016-12-17 21:06 - 2017-01-04 18:09 - 00000000 ____D C:\Users\michael96\Downloads\the-pianist-english-yify-10680
2016-12-17 21:06 - 2016-12-17 21:06 - 00025681 _____ C:\Users\michael96\Downloads\the-pianist-english-yify-10680.zip
2016-12-17 12:55 - 2016-12-17 12:55 - 00082919 _____ C:\Users\michael96\Downloads\Julpyssel-Infobrev.docx
2016-12-17 12:55 - 2016-12-17 12:55 - 00013087 _____ C:\Users\michael96\Downloads\Schema-julfest-2016.xlsx
2016-12-14 16:37 - 2016-12-01 15:13 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-12-14 16:37 - 2016-12-01 15:13 - 00678592 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-12-14 16:37 - 2016-12-01 15:11 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-12-14 16:37 - 2016-12-01 15:11 - 00536768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-12-14 16:37 - 2016-10-20 14:14 - 00029888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2016-12-14 16:37 - 2016-10-20 14:10 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2016-12-14 14:34 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-12-14 14:34 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-12-14 14:34 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-12-14 14:34 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-12-14 14:34 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-12-14 14:34 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-12-14 14:34 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-12-14 14:34 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-12-14 14:34 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-12-14 14:34 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-12-14 14:34 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2016-12-14 14:34 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2016-12-14 14:34 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2016-12-14 14:34 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-12-14 14:34 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2016-12-14 14:33 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-12-14 14:33 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2016-12-14 14:33 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-12-14 14:33 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-12-14 14:33 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-12-14 14:33 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2016-12-14 14:33 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2016-12-14 14:33 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-12-14 14:33 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-12-14 14:33 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-12-14 14:33 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-12-14 14:33 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-12-14 14:33 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-12-14 14:33 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-12-14 14:33 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-12-14 14:33 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-12-14 14:33 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-12-14 14:33 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-12-14 14:33 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-12-14 14:33 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-12-14 14:33 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-12-14 14:33 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-12-14 14:33 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-12-14 14:33 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-12-14 14:33 - 2016-11-05 21:46 - 00422744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-12-14 14:33 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-12-14 14:33 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-12-14 14:33 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-12-14 14:33 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-12-14 14:33 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-12-14 14:33 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-12-14 14:33 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2016-12-14 14:33 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\TpmTasks.dll
2016-12-14 14:33 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2016-12-14 14:33 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-12-14 14:33 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cmimcext.sys
2016-12-14 14:33 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\ActionQueue.dll
2016-12-14 14:33 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\shsetup.dll
2016-12-14 14:33 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\shsetup.dll
2016-12-14 14:33 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2016-12-14 14:33 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2016-12-14 14:33 - 2016-10-05 14:52 - 00513456 _____ C:\windows\SysWOW64\locale.nls
2016-12-14 14:33 - 2016-10-05 14:52 - 00513456 _____ C:\windows\system32\locale.nls
2016-12-14 14:33 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-12-14 14:33 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-12-14 14:33 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-12-14 14:33 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-12-14 14:33 - 2016-09-27 21:16 - 00445873 _____ C:\windows\system32\ApnDatabase.xml
2016-12-13 19:58 - 2017-01-04 21:46 - 00000000 __SHD C:\Config.Msi
2016-12-09 09:53 - 2016-12-09 09:53 - 00073604 _____ C:\Users\michael96\Downloads\15317808_1373043136092841_1745243370572163512_n.jpg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-06 19:58 - 2015-07-08 20:27 - 00000000 ____D C:\Users\michael96\AppData\Roaming\BitTorrent
2017-01-06 19:51 - 2015-08-28 12:02 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Skype
2017-01-06 19:24 - 2014-11-22 12:45 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2017-01-06 19:20 - 2014-11-22 12:46 - 00000868 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-01-06 18:59 - 2015-05-07 22:26 - 00000000 ____D C:\Users\michael96\Documents\Svenska
2017-01-06 18:37 - 2016-09-29 16:26 - 00000000 ____D C:\Users\michael96\AppData\Local\Spotify
2017-01-06 18:35 - 2016-12-04 13:54 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Spotify
2017-01-06 18:35 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2017-01-06 18:27 - 2015-05-06 12:51 - 00003948 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{0AB009DC-DDA8-4C85-A04F-1BA51681E84E}
2017-01-06 15:01 - 2015-05-08 09:22 - 00000000 ____D C:\Users\michael96\Documents\Engelska
2017-01-06 14:59 - 2015-12-06 13:24 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2017-01-06 13:38 - 2016-08-31 16:40 - 00000000 ____D C:\Users\michael96\Documents\Gymnasiearbete
2017-01-06 11:07 - 2014-03-18 11:04 - 01740478 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-06 11:07 - 2014-03-18 10:32 - 00733830 _____ C:\windows\system32\perfh01D.dat
2017-01-06 11:07 - 2014-03-18 10:32 - 00152166 _____ C:\windows\system32\perfc01D.dat
2017-01-06 11:07 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2017-01-06 11:06 - 2015-06-20 20:14 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-06 11:01 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-05 23:07 - 2016-02-23 20:49 - 00000000 ____D C:\Users\michael96\AppData\Roaming\.ACEStream
2017-01-05 23:05 - 2016-02-23 21:01 - 00000000 ___HD C:\_acestream_cache_
2017-01-05 15:46 - 2015-05-06 13:57 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3641276461-1987637529-1729258412-1001
2017-01-05 15:26 - 2015-08-05 20:48 - 00000000 ____D C:\Users\michael96\AppData\Local\CrashDumps
2017-01-05 14:46 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2017-01-05 11:10 - 2015-05-06 12:50 - 00000000 ____D C:\Users\michael96\AppData\Local\Packages
2017-01-04 23:53 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-04 23:28 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-01-04 23:27 - 2015-11-04 20:10 - 00000000 ____D C:\ProgramData\APN
2017-01-04 23:27 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-01-04 22:27 - 2014-11-22 12:46 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-04 21:19 - 2015-05-06 12:50 - 00000000 ____D C:\Users\michael96
2017-01-04 18:09 - 2015-10-29 21:14 - 00012816 _____ C:\Users\michael96\Downloads\Öppna-anteckningsbok.onetoc2
2017-01-04 17:13 - 2016-05-04 15:12 - 00000000 ____D C:\Users\michael96\AppData\Local\NPE
2017-01-04 17:03 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2017-01-04 16:49 - 2016-01-23 01:46 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2017-01-04 16:49 - 2016-01-23 01:46 - 00000000 ____D C:\Users\michael96\Documents\Sports Interactive
2017-01-04 16:49 - 2016-01-23 01:46 - 00000000 ____D C:\Users\michael96\AppData\Local\Sports Interactive
2017-01-04 16:48 - 2015-08-31 08:53 - 00000000 ____D C:\Users\michael96\Documents\Samhällskunskap
2017-01-04 14:17 - 2015-07-31 21:43 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-03 14:09 - 2015-05-06 17:15 - 00000000 ____D C:\Users\michael96\AppData\Roaming\.minecraft
2017-01-03 14:07 - 2016-09-06 16:28 - 00001139 _____ C:\Users\michael96\Desktop\nativelog.txt
2016-12-28 23:25 - 2013-08-22 16:36 - 00000000 __SHD C:\windows\Installer
2016-12-26 22:12 - 2015-07-31 21:49 - 00063799 _____ C:\windows\DirectX.log
2016-12-26 22:12 - 2013-08-22 16:36 - 00000000 __RSD C:\windows\assembly
2016-12-26 21:51 - 2016-05-05 20:42 - 00000000 ____D C:\Users\michael96\Documents\RCT3
2016-12-26 21:51 - 2015-05-06 12:50 - 00000000 ___RD C:\Users\michael96\Documents
2016-12-26 21:51 - 2014-11-22 11:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-26 21:51 - 2013-08-22 14:36 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-26 21:50 - 2016-05-05 20:48 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Atari
2016-12-26 21:45 - 2015-06-20 20:16 - 00000000 ____D C:\Users\michael96\AppData\Local\Steam
2016-12-23 05:00 - 2014-04-17 08:37 - 00524288 ___SH C:\windows\system32\config\COMPONENTS{c76a3384-ae7f-11e3-80bb-90b11c2672e5}.TMContainer00000000000000000002.regtrans-ms
2016-12-23 04:30 - 2013-08-22 16:31 - 00000000 ____D C:\windows\system32\DriverStore
2016-12-23 04:30 - 2013-08-22 14:36 - 00000000 ____D C:\windows\WinSxS
2016-12-19 14:29 - 2016-01-16 20:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-18 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-12-18 20:35 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-12-18 14:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\catroot2
2016-12-17 19:12 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-12-17 19:12 - 2013-08-22 15:44 - 00609680 _____ C:\windows\system32\FNTCACHE.DAT
2016-12-17 19:12 - 2013-08-22 14:36 - 00000000 ____D C:\windows\SysWOW64
2016-12-17 19:11 - 2014-07-01 12:00 - 00524288 ___SH C:\windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 19:11 - 2014-07-01 12:00 - 00065536 ___SH C:\windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf
2016-12-17 19:11 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\sv-SE
2016-12-17 19:11 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sv-SE
2016-12-17 19:11 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\wbem
2016-12-17 19:11 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\oobe
2016-12-17 09:48 - 2015-05-21 15:56 - 00003298 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 09:48 - 2014-11-22 12:46 - 00003426 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 09:48 - 2013-08-22 16:36 - 00000000 ____D C:\windows\Tasks
2016-12-15 18:12 - 2014-07-01 12:12 - 00000000 ____D C:\windows\system32\MRT
2016-12-15 18:10 - 2014-07-01 12:12 - 135632432 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-12-14 16:39 - 2014-11-22 12:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 16:36 - 2014-11-22 12:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-13 22:20 - 2014-11-22 12:46 - 00003756 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 22:20 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-12-13 22:20 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\Macromed
2016-12-13 20:00 - 2013-08-22 14:25 - 00000167 _____ C:\windows\win.ini
2016-12-12 00:00 - 2015-07-23 16:52 - 00835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:00 - 2014-11-22 12:42 - 00177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-07 16:47 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\wdi

==================== Files in the root of some directories =======

2016-07-07 18:18 - 2016-07-07 18:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-07-06 15:58 - 2016-07-06 15:58 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\michael96\AppData\Local\Temp\siinst.exe
C:\Users\michael96\AppData\Local\Temp\strings.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-06 15:42

==================== End of FRST.txt ============================

Addition log


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by michael96 (06-01-2017 20:00:51)
Running from C:\Users\michael96\Desktop
Windows 8.1 Enterprise (Update) (X64) (2015-05-06 11:50:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-3641276461-1987637529-1729258412-500 - Administrator - Disabled)
Gäst (S-1-5-21-3641276461-1987637529-1729258412-501 - Limited - Disabled)
michael96 (S-1-5-21-3641276461-1987637529-1729258412-1001 - Administrator - Enabled) => C:\Users\michael96

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(Street-Boy) All Cards Unlocker (HKLM-x32\...\(Street-Boy) All Cards Unlocker) (Version: 2.0 - )
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Ace Stream Media 3.1.11 (HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\AceStream) (Version: 3.1.11 - Ace Stream Media) <==== ATTENTION
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Monitoring Agent (HKLM-x32\...\Advanced Monitoring Agent_is1) (Version: - )
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Apple-programstöd (32-bitar) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple-programstöd (64-bitar) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
BankID säkerhetsprogram (HKLM-x32\...\{81F0D54A-F439-424E-9872-FB9B56C24AEB}) (Version: 7.0.0.41 - Finansiell ID-Teknik BID AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Facebook Games Arcade 0.11.2.4 (HKLM-x32\...\{923578AC-231E-4A7C-8AB8-A90C16B8A507}) (Version: 0.11.2.4 - Facebook)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Gemote (HKLM-x32\...\Gemote) (Version: 2.0.2 - Greenflow AS)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.274.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grundläggande enhetsprogramvara för HP DeskJet 3630 series (HKLM\...\{0808B0A4-3D85-4CBE-85B7-BD017C9CB6C6}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{A3876D50-4A88-4A34-92E1-5D7BC8F886E1}) (Version: 1.0.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{875EBF89-F7DA-4780-A476-9C0EC8F75294}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6492.0 - IDT)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Logger Pro 3.8.7 (HKLM-x32\...\{91723F06-AEC9-48CA-7AAE-806AD81D8C60}) (Version: 5.182.429 - Ditt företagsnamn)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools för Office Runtime (x64) Language Pack - SVE (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - SVE) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 43.0.4 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 sv-SE)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.8.1.14 - Symantec Corporation)
Produktförbättringsstudie för HP DeskJet 3630 series (HKLM\...\{0AA50975-E4D3-46B5-8B27-2E280CC1B783}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - www.sopcast.com)
Spotify (HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TI-Nspire™ CAS Student Software (HKLM-x32\...\{F03A8756-7FCB-4DCD-9AC1-12C63A6075F1}) (Version: 3.9.0.463 - Texas Instruments Inc.)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041D-0000-0000000FF1CE}_Office15.PROPLUS_{6ECCE4C2-43B8-4EE1-AACB-53E596ECAEC2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041D-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01CCD03B-9684-4383-9455-9AD71435896C} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {01EA7CA8-5909-4B00-9976-75A9051A4AA2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2096C5EB-1A43-44CE-87C4-6492AD2BAB9E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {46571CC0-55D6-4914-96F2-E7885583FDA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {84536A27-506E-4371-9C95-C2F907AAE2A1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\WSCStub.exe [2016-11-12] (Symantec Corporation)
Task: {8597E74C-9D8D-4F4D-8010-54F33498559C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {87DA8585-B34C-4622-BD03-212E698AF417} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {9FAD5ABC-9610-4500-8F27-08C884E4E9DA} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A34C1C68-404B-4289-BFBE-7725F5DFFB30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {AE257175-3107-44D9-A63E-E12F128471D4} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B00AF2F2-782A-4636-B31B-7BEDD7F75DA8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {B01E779E-E2EB-49D9-851B-9F090B786143} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {B2B7EA39-2367-4B8A-80C3-E1E88A383935} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-11-12] (Symantec Corporation)
Task: {C3336BE0-BEC9-4B97-9D23-9ACB1E493903} - System32\Tasks\{890F82FE-F5EE-4547-BE2C-169BD15FD43C} => Chrome.exe hxxp://ui.skype.com/ui/0/7.21.0.100/sv/abandoninstall?page=tsMain
Task: {C464685C-75BF-41CF-B2C6-261BF5EA6BFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {CE7FBCF8-E036-43BD-AC0E-0B983C41DEEC} - System32\Tasks\newcityinworld => Chrome.exe hxxp://newcityinworld.ru/gvotesm
Task: {D216C4A7-4D0F-4C51-B186-B246567347FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {E8775389-A75C-421A-B29A-2D4447D87FF7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {F2CF05EC-5ECC-4F75-819F-75D6F9129A5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\michael96\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2499456594_sv-se.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=itunes&cc=SE&setlang=sv-SE&inlang=sv-SE&adlt=moderate&scale=100&contrast=none&hw=768%2C1366&CVID=52865A8FCCB8472AA0CEC02DE0BDF34

ShortcutWithArgument: C:\Users\michael96\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"

==================== Loaded Modules (Whitelisted) ==============

2015-05-25 09:54 - 2012-08-31 14:03 - 00288768 _____ () C:\windows\System32\HP1100LM.DLL
2015-05-25 09:53 - 2012-08-31 14:02 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-08 23:30 - 2016-03-08 23:30 - 00066872 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2017-01-04 22:27 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-04 22:27 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-04 22:34 - 2016-12-11 12:41 - 31164504 _____ () C:\Users\michael96\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
2016-07-06 16:02 - 2016-02-24 05:48 - 00062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2016-07-06 16:02 - 2016-02-24 05:47 - 00110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-06-20 20:15 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-20 20:15 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-20 20:15 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-20 20:15 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-20 20:15 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-20 20:15 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 23:16 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-26 21:44 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-06-20 20:15 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-06-20 20:15 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2014-01-24 09:26 - 2014-01-24 09:26 - 00660344 _____ () C:\Program Files (x86)\Microsoft Office\OFFICE15\PROOF\1053\MSGRSW32.DLL
2015-07-21 13:12 - 2015-07-21 13:12 - 00194728 _____ () C:\Program Files (x86)\Microsoft Office\Office15\IEAWSDC.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\michael96\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows fotovisare Skrivbordsunderlägg.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\StartupApproved\Run: => "AceStream"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{F107F45E-EA0B-4255-A517-88AE6022322E}] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{8263924B-F5C1-4AA4-B29D-E90D91889E05}] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B12657D9-8FDE-48F6-B925-05FE8BA2444D}] => C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{238EA208-DF3A-439E-9CDE-32303CCA6B76}] => C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{DF4C98AA-B194-4E6E-8F3B-E4EF09B4AB3D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{39A7F358-3BCE-46A4-AF7F-D32151821948}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{643AC37A-5414-42B2-8D41-12CF20C36B15}C:\users\michael96\appdata\roaming\spotify\spotify.exe] => C:\users\michael96\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3E37A5E0-FB14-4481-A768-49345776C207}C:\users\michael96\appdata\roaming\spotify\spotify.exe] => C:\users\michael96\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2AACFD23-1D2E-44C1-9AE2-937BF56ACBE2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{178E3AED-2238-46C3-B9E2-F11157427A1D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F7AB17AA-7F27-4A9F-9E9F-DF12E8F08DE6}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [UDP Query User{210792F8-F6C7-4987-8098-0B8A81C4288C}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [TCP Query User{B9427E4E-0E56-41E6-8F43-938BFCECFDD7}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [UDP Query User{5F1AE6F2-0AB2-4643-9494-92E9BC6AF0B0}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [{ECE95682-D6D4-41C5-B92E-773F31D5194D}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3DE19C2-D973-4248-979E-3A10F0D6AC90}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0563B201-BF7A-4EBE-A5A8-52A8088E7F3E}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CCB32168-50CA-4968-AC06-CD55F6239C2B}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB74C1CE-BCFF-4324-80EE-EB32D740FC7E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D8E4FC8B-A4AE-408A-B470-F1A0A47AA200}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F714888-BB45-4153-A5E5-B491CE175185}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED2006DB-2A99-46A7-8449-F26C8AF8F94B}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DE782526-9B63-46C9-84ED-B0F944405F2C}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CE7019A7-B1E0-4A1B-8619-AC9F0D02F52B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC496645-1C64-495C-B005-392A73B11994}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{801EFEDB-F8F3-4784-81D4-D41F5006A089}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7B86D26E-A00D-40A2-AAF4-CC03E3CF4FD1}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E5F8E529-A1B8-4FE6-9061-F385FC0A18F2}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DB7CC3CC-5828-4F21-B843-620C39B0DDAB}] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{07D36750-0FB1-489C-899E-C6BAA0D9FF90}] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5E9A8BEA-C94D-4AA9-BC2A-68A61F8776AB}] => C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4ABF92EE-9DD4-4BC7-B01D-970E8179474B}] => C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B8575FE4-D2C4-4272-A29D-7AE333226E07}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{AAB82590-C1F9-45B0-99B4-D30D69B9D774}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C67D7595-E163-4E6F-8059-306C691E40DF}] => LPort=50248
FirewallRules: [{EA10DB94-F868-4C87-8667-6D5A7F260C26}] => C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe
FirewallRules: [{DF55B2F0-4337-452D-B9FE-61EC14A5A73B}] => LPort=5357
FirewallRules: [{C0307468-3265-4DC2-93A8-01091D527E36}] => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0223B81A-5A0A-47D3-B938-D30EA189E5D1}] => C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{75EC5FB0-23F5-47A2-9269-6F6EB7E64CE0}] => C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{79731D6B-E535-45C8-8009-E0D16139E7A9}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{36318D76-61E5-4BA5-86D8-5446DB61669D}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0CAFED9D-CD69-461E-AB84-F70A4360B9B4}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{19DA06B4-E9B1-40BE-A251-5973CFB4EC64}] => C:\Users\michael96\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{99F72D7E-10B9-4613-842C-2782A7996F35}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-01-2017 15:44:32 Schemalagd kontrollpunkt

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2017 11:57:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ett problem hindrade data för Programmet för kvalitetsförbättring i Windows från att skickas till Microsoft, (Fel 80070005).

Error: (01/06/2017 11:01:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: Connect.Service.ContentService.exe, version 20.1.49.0, tidsstämpel 0x54d43c57
, felet uppstod i modulen med namn: KERNELBASE.dll, version 6.3.9600.18340, tidsstämpel 0x57366075
Undantagskod: 0xe0434352
Felförskjutning: 0x0000000000008a5c
Process-ID: 0x648
Programmets starttid: 0x01d26803cb91d7c5
Sökväg till program: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Sökväg till modul: C:\windows\system32\KERNELBASE.dll
Rapport-ID: 12604602-d3f7-11e6-82ae-3464a9d004ce
Fullständigt namn på felaktigt paket:
Program-ID relativt till felaktigt paket:

Error: (01/06/2017 11:01:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Tillämpningsprogram: Connect.Service.ContentService.exe
Framework-version: v4.0.30319
Beskrivning: Processen avslutades på grund av ett ohanterat undantag.
Undantagsinformation: System.ArgumentNullException
Stack:
vid System.Globalization.CultureInfo..ctor(System.String, Boolean)
vid Connect.IVault.Program.Main()

Error: (01/06/2017 05:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172

Error: (01/06/2017 05:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172

Error: (01/06/2017 05:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2017 05:19:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10801531

Error: (01/06/2017 05:19:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10801531

Error: (01/06/2017 05:19:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2017 04:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1918062


System errors:
=============
Error: (01/06/2017 06:35:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x80070002: Microsoft.Reader.

Error: (01/06/2017 03:43:07 PM) (Source: DCOM) (EventID: 10010) (User: 5CG4391DJR)
Description: Servern {1B1F472E-3221-4826-97DB-2C2324D389AE} registrerades inte med DCOM inom erforderlig timeout.

Error: (01/06/2017 03:42:37 PM) (Source: DCOM) (EventID: 10010) (User: 5CG4391DJR)
Description: Servern {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} registrerades inte med DCOM inom erforderlig timeout.

Error: (01/06/2017 03:42:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x80070002: Microsoft.Reader.

Error: (01/06/2017 11:45:03 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\windows\SysWow64\drivers\extit.sys

Error: (01/06/2017 11:44:45 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\windows\SysWow64\drivers\extit.sys

Error: (01/06/2017 11:12:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x80070002: Microsoft.Reader.

Error: (01/06/2017 11:01:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Autodesk Content Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (01/06/2017 11:01:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Autodesk Content Service skulle ansluta.

Error: (01/06/2017 11:01:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten MBAMChameleon kunde inte startas på grund av följande fel:
Det går inte att hitta filen.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 2950M @ 2.00GHz
Percentage of memory in use: 83%
Total physical RAM: 4009.11 MB
Available physical RAM: 678.2 MB
Total Virtual: 6953.11 MB
Available Virtual: 2158.57 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:97.27 GB) (Free:15.98 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7547F7F8)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Zemana Deep Scan.

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • bOVO6lY.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png


The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
Fresh FRST Logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply
 

Attachments

FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Zemana Deep Scan.

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • bOVO6lY.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png


The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
Fresh FRST Logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply

Alright so here are the logs :

Fixlog :

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by michael96 (06-01-2017 20:18:07) Run:1
Running from C:\Users\michael96\Desktop
Loaded Profiles: michael96 (Available Profiles: michael96)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\MountPoints2: {a0127733-022f-11e5-8263-18cf5eb3a663} - "D:\SISetup.exe"
Startup: C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-29]
ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\michael96\AppData\Local\Facebook\Games\FacebookGames.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{04EE8B03-B476-4835-9D7D-8D2249FDB8C0}: [DhcpNameServer] 192.168.1.1
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\6wy7q6u7.default -> Поиск@Mail.Ru
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\6wy7q6u7.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6wy7q6u7.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\6wy7q6u7.default -> hxxp://mail.ru/cnt/10445?gp=818411
FF Keyword.URL: Mozilla\Firefox\Profiles\6wy7q6u7.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BC6A9996A-BF5C-4D3A-9C97-5C0278603673%7D&gp=811041
FF Extension: (Bing Search) - C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-05-08]
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\homepage@mail.ru [2017-01-04]
FF Extension: (Поиск@Mail.Ru) - C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\search@mail.ru [2017-01-04]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-01-04]
FF SearchPlugin: C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\searchplugins\bing-.xml [2016-05-08]
FF SearchPlugin: C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\searchplugins\mailru.xml [2017-01-04]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn => not found
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=818410","hxxps://www.google.com/search?hl=en&newwindow=1&safe=off&site=&source=hp&q=how+to+set+homepage+in+chrome&oq=how+to+set+ho&aq=0&aqi=g10&aql=&gs_l=hp.3.0.0l10.1749.4171.0.5161.13.13.0.0.0.0.204.1709.5j7j1.13.0...0.0.xKQStdg3t2o","hxxp://browsers.about.com/od/googlechrome/ss/chromehomepage_3.htm","hxxps://www.facebook.com/","hxxps://www.facebook.com/","hxxp://Vosteran.com/?f=7&a=vst_vit_15_02_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByByDyDzyyB0DtDtAyB0DtDtN0D0Tzu0StCtCtDtAtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0D0B0F0D0EtCtAtG0AyB0CtBtG0Azz0A0FtG0A0DyCyCtGtByD0D0Fzy0BtBtC0EyE0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0DzztByDyDyBtGtAzz0E0DtGyE0D0B0AtG0ByB0EyBtGyB0ByCtCtAtDyByB0BtDtD0C2Q&cr=507446387&ir="
CHR Extension: (Facebook) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-05-07]
CHR Extension: (Google Dokument Offline) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Facebook Notifications) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2015-05-07]
CHR Extension: (Google Search) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-23]
CHR Extension: (Gmail) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-23]
CHR HKLM\...\Chrome\Extension: [aaaabpccljmmhilhhndnjkobdedbpkjp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - <not found>
CHR HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaabpccljmmhilhhndnjkobdedbpkjp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - <not found>
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160623.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160623.001\EX64.SYS [X]
C:\Users\michael96\AppData\Local\Mail.Ru
C:\ProgramData\Mail.Ru
2016-07-07 18:18 - 2016-07-07 18:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-07-06 15:58 - 2016-07-06 15:58 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
CustomCLSID: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll => No File
Task: {A34C1C68-404B-4289-BFBE-7725F5DFFB30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
Task: {C3336BE0-BEC9-4B97-9D23-9ACB1E493903} - System32\Tasks\{890F82FE-F5EE-4547-BE2C-169BD15FD43C} => Chrome.exe hxxp://ui.skype.com/ui/0/7.21.0.100/sv/abandoninstall?page=tsMain
Task: {CE7FBCF8-E036-43BD-AC0E-0B983C41DEEC} - System32\Tasks\newcityinworld => Chrome.exe hxxp://newcityinworld.ru/gvotesm
Task: {D216C4A7-4D0F-4C51-B186-B246567347FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-21] (Google Inc.)
ShortcutWithArgument: C:\Users\michael96\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
FirewallRules: [TCP Query User{F7AB17AA-7F27-4A9F-9E9F-DF12E8F08DE6}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [UDP Query User{210792F8-F6C7-4987-8098-0B8A81C4288C}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [{B818A6EF-1A72-47E2-AE87-DF7C6144BB8D}] => C:\Users\michael96\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C84797BF-D276-45F2-88B1-80736AEF9352}] => C:\Users\michael96\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A745AA81-304F-47B9-8A74-588FA1A204EF}] => C:\Users\michael96\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{64DDB27E-3693-4F8F-A722-8587671057FF}] => C:\Users\michael96\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3350FF72-E5C4-4E71-8061-91D151148435}] => C:\Users\michael96\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{80BC569A-607D-490C-8353-C7C1F37A7248}] => C:\Users\michael96\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C67D7595-E163-4E6F-8059-306C691E40DF}] => LPort=50248
FirewallRules: [{DF55B2F0-4337-452D-B9FE-61EC14A5A73B}] => LPort=5357
FirewallRules: [{99F72D7E-10B9-4613-842C-2782A7996F35}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Hosts:
Emptytemp:
CMD: ipconfig /flushdns
end



*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0127733-022f-11e5-8263-18cf5eb3a663} => key removed successfully
HKCR\CLSID\{a0127733-022f-11e5-8263-18cf5eb3a663} => key not found.
C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk => moved successfully
C:\Users\michael96\AppData\Local\Facebook\Games\FacebookGames.exe => moved successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\windows\system32\GroupPolicy\User => moved successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{04EE8B03-B476-4835-9D7D-8D2249FDB8C0}\\DhcpNameServer => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key removed successfully
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox SearchEngineOrder.3 removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\bingsearch.full@microsoft.com.xpi => moved successfully
C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\homepage@mail.ru => moved successfully
C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\search@mail.ru => moved successfully
C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} => moved successfully
C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\searchplugins\bing-.xml => moved successfully
C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\searchplugins\mailru.xml => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D} => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm => moved successfully
C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi => moved successfully
C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo => moved successfully
C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaabpccljmmhilhhndnjkobdedbpkjp => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob => key removed successfully
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => key removed successfully
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaabpccljmmhilhhndnjkobdedbpkjp => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd => key removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMChameleon => key removed successfully
MBAMChameleon => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
C:\Users\michael96\AppData\Local\Mail.Ru => moved successfully
C:\ProgramData\Mail.Ru => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc => moved successfully
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6} => key removed successfully
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98} => key removed successfully
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D} => key removed successfully
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A34C1C68-404B-4289-BFBE-7725F5DFFB30} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A34C1C68-404B-4289-BFBE-7725F5DFFB30} => key removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3336BE0-BEC9-4B97-9D23-9ACB1E493903} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3336BE0-BEC9-4B97-9D23-9ACB1E493903} => key removed successfully
C:\windows\System32\Tasks\{890F82FE-F5EE-4547-BE2C-169BD15FD43C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{890F82FE-F5EE-4547-BE2C-169BD15FD43C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE7FBCF8-E036-43BD-AC0E-0B983C41DEEC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7FBCF8-E036-43BD-AC0E-0B983C41DEEC} => key removed successfully
C:\windows\System32\Tasks\newcityinworld => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\newcityinworld => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D216C4A7-4D0F-4C51-B186-B246567347FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D216C4A7-4D0F-4C51-B186-B246567347FF} => key removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
C:\Users\michael96\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk => Shortcut argument removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F7AB17AA-7F27-4A9F-9E9F-DF12E8F08DE6}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{210792F8-F6C7-4987-8098-0B8A81C4288C}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B818A6EF-1A72-47E2-AE87-DF7C6144BB8D} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C84797BF-D276-45F2-88B1-80736AEF9352} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A745AA81-304F-47B9-8A74-588FA1A204EF} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64DDB27E-3693-4F8F-A722-8587671057FF} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3350FF72-E5C4-4E71-8061-91D151148435} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80BC569A-607D-490C-8353-C7C1F37A7248} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C67D7595-E163-4E6F-8059-306C691E40DF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF55B2F0-4337-452D-B9FE-61EC14A5A73B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99F72D7E-10B9-4613-842C-2782A7996F35} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95737662 B
Java, Flash, Steam htmlcache => 65248701 B
Windows/system/drivers => 1241892 B
Edge => 0 B
Chrome => 349055164 B
Firefox => 239603372 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 2323068 B
LocalService => 515208 B
NetworkService => 67754 B
michael96 => 43930589 B

RecycleBin => 0 B
EmptyTemp: => 768.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:18:40 ====


Zemana deep scan:

Zemana AntiMalware 2.70.2.341 (installerad)

-------------------------------------------------------
Scan Result : Avslutad
Scan Date : 2017-1-6
Operating System : Windows 8.1 64-bit
Processor : 2X Intel(R) Celeron(R) CPU 2950M @ 2.00GHz
BIOS Mode : Legacy
CUID : 12CF12D28E8E909C952E1E
Scan Type : Anpassad skanning
Duration : 17m 41s
Scanned Objects : 291370
Detected Objects : 7
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

YGO! The Final Duel - Normal.exe
Status : Skannad
Object : %homedrive%\yugi\yu-gi-oh! duel in the shadow realm - the final duel\ygo! the final duel - normal.exe
MD5 : FA7AF448F3DFA19712C0384592E683D3
Publisher : -
Size : 3088384
Version : -
Detection : Malware:Win32/Vorniac.A!Keae
Cleaning Action : Karantän
Related Objects :
Fil - %homedrive%\yugi\yu-gi-oh! duel in the shadow realm - the final duel\ygo! the final duel - normal.exe

AllCards.exe
Status : Skannad
Object : %homedrive%\yugi\yu-gi-oh! duel in the shadow realm - the final duel\all cards - unlocker\allcards.exe
MD5 : BEC4C128A57E6224AE6A719052A9C2A6
Publisher : -
Size : 50348
Version : 1.2.0.715
Detection : Adware:Win32/Nevoros.B!Aclk
Cleaning Action : Karantän
Related Objects :
Fil - %homedrive%\yugi\yu-gi-oh! duel in the shadow realm - the final duel\all cards - unlocker\allcards.exe

apn
Status : Skannad
Object : NE->c:\programdata\apn
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/AskToolbar.F!Neng
Cleaning Action : Karantän
Related Objects :
(null) - (null)

amigo
Status : Skannad
Object : NE->c:\users\michael96\appdata\local\amigo
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Amigo.A!Neng
Cleaning Action : Karantän
Related Objects :
(null) - (null)

MSIB29A.tmp
Status : Skannad
Object : %systemroot%\installer\msib29a.tmp
MD5 : 5E1199DCF674CC477E249311D2C2AC45
Publisher : APN LLC
Size : 109968
Version : 1.0.0.1
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Karantän
Related Objects :
Fil - %systemroot%\installer\msib29a.tmp

Setup-SopCast-4.0.0-2015-8-21.exe
Status : Skannad
Object : %userprofile%\downloads\sopcast\setup-sopcast-4.0.0-2015-8-21.exe
MD5 : 0A1BC34FFD2B5953303D5F45F892FE98
Publisher : -
Size : 7124983
Version : -
Detection : Adware:Win32/Tamaca!Klka
Cleaning Action : Karantän
Related Objects :
Fil - %userprofile%\downloads\sopcast\setup-sopcast-4.0.0-2015-8-21.exe

mrkeeper.exe
Status : Skannad
Object : %homedrive%\frst\quarantine\c\users\michael96\appdata\local\mail.ru\mrkeeper.exe
MD5 : AA73105D2BFF5C9FC335EA04A759D446
Publisher : LLC Mail.Ru
Size : 1448152
Version : -
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Karantän
Related Objects :
Fil - %homedrive%\frst\quarantine\c\users\michael96\appdata\local\mail.ru\mrkeeper.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 0


ZHP Cleaner:

~ ZHPCleaner v2017.1.5.3 by Nicolas Coolman (2017/01/05)
~ Run by michael96 (Administrator) (06/01/2017 20:55:20)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\michael96\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\michael96\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Enterprise, 64-bit (Build 9600)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (1)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (13)
MOVED file: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{3540181E-340A-4E7A-B409-31663472B2F7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\windows\Installer\MSIEF7D.tmp- =>.Superfluous.Empty
MOVED folder: C:\windows\Installer\MSIF105.tmp- =>.Superfluous.Empty
MOVED folder: C:\windows\Installer\MSIF1E1.tmp- =>.Superfluous.Empty
MOVED folder: C:\windows\Installer\MSIF31A.tmp- =>.Superfluous.Empty
MOVED folder: C:\windows\Installer\MSIF3F6.tmp- =>.Superfluous.Empty
MOVED folder: C:\windows\Installer\MSIFC28.tmp- =>.Superfluous.Empty
MOVED folder: C:\windows\Installer\MSIFD23.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (3)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} [OCComSDK 1.0 Type Library] =>PUP.Optional.OpenCandy
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} [OCComSDK 1.0 Type Library] =>PUP.Optional.OpenCandy
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect


---\\ Summary of the elements found (4)
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime
https://www.nicolascoolman.com/fr/adware-opencandy/ =>PUP.Optional.OpenCandy
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect


---\\ Other deletions. (26)
~ Registry Keys Tracing deleted (26)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 620
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 16


~ End of clean in 00h00mn26s
~====================
ZHPCleaner-[R]-06012017-20_55_46.txt
ZHPCleaner--06012017-20_52_20.txt


FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by michael96 (administrator) on 5CG4391DJR (06-01-2017 21:39:08)
Running from C:\Users\michael96\Desktop
Loaded Profiles: michael96 (Available Profiles: michael96)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\ns.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\ns.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(© 2015 Microsoft Corporation) C:\Users\michael96\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Spotify Ltd) C:\Users\michael96\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Users\michael96\Downloads\ZHPCleaner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [147160 2013-08-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-09-04] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14075632 2017-01-06] (Zemana Ltd.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [BitTorrent Sync] => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [BingSvc] => C:\Users\michael96\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [AceStream] => C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe [28024 2016-12-15] (Innovative Digital Technologies)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [Spotify Web Helper] => C:\Users\michael96\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-24] (Spotify Ltd)
HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Run: [Spotify] => C:\Users\michael96\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-24] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
Startup: C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skicka till OneNote.lnk [2017-01-04]
ShortcutTarget: Skicka till OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{04EE8B03-B476-4835-9D7D-8D2249FDB8C0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-06] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-06] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)

FireFox:
========
FF DefaultProfile: 6wy7q6u7.default
FF ProfilePath: C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default [2017-01-06]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2016-12-05]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\michael96\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\michael96\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2015-12-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3641276461-1987637529-1729258412-1001: @acestream.net/acestreamplugin,version=3.1.11 -> C:\Users\michael96\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default [2017-01-06]
CHR Extension: (Entanglement Web App) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-05-07]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-05-07]
CHR Extension: (Angry Birds) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-05-07]
CHR Extension: (Google Drive) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Turn Off the Lights) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-01-03]
CHR Extension: (YouTube) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Block site) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2017-01-06]
CHR Extension: (Klocka) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2015-05-07]
CHR Extension: (SparkChess 9) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2016-10-14]
CHR Extension: (Quick Earth) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2015-05-07]
CHR Extension: (Hootsuite) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2015-05-07]
CHR Extension: (Little Alchemy) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-07]
CHR Extension: (Google Play) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-05-07]
CHR Extension: (Plants vs Zombies) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-05-07]
CHR Extension: (Frontline Defense 2 HD) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\nincmkjomngcmklpdkmdkioemlhdieim [2015-05-07]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-06]
CHR Extension: (Google Presentationer) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Dokument) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-23]
CHR Extension: (YouTube) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-23]
CHR Extension: (Google Kalkylark) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (Norton Identity Safe) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\michael96\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-23]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [7673856 2014-03-31] (Remote Monitoring) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S2 BcmBtRSupport; C:\windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [42792 2016-09-26] (Windows (R) Win 7 DDK provider)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3519400 2015-08-10] (INCA Internet Co., Ltd.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe [289080 2016-11-12] (Symantec Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2016-03-08] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339968 2013-09-04] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14075632 2017-01-06] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_NS; C:\windows\system32\drivers\NSx64\1608010.00E\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
R1 ccSet_NST; C:\windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\windows\system32\DRIVERS\e1d64x64.sys [468240 2013-09-22] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20170105.001\IDSvia64.sys [1038032 2016-12-17] (Symantec Corporation)
R3 MEIx64; C:\windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
S3 mvusbews; C:\windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
R3 SRTSP; C:\windows\System32\Drivers\NSx64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NSx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\windows\System32\drivers\NSx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation)
S4 SymELAM; C:\windows\system32\drivers\NSx64\1608010.00E\SymELAM.sys [24192 2016-06-02] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-15] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NSx64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\Drivers\NSx64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation)
R3 VSTWinDriver6; C:\windows\system32\drivers\VSTwindrvr6.sys [252928 2015-01-20] (Jungo)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2017-01-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-01-06] (Zemana Ltd.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160623.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160623.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-06 20:52 - 2017-01-06 20:55 - 00003349 _____ C:\Users\michael96\Desktop\ZHPCleaner.txt
2017-01-06 20:45 - 2017-01-06 20:55 - 00000000 ____D C:\Users\michael96\AppData\Roaming\ZHP
2017-01-06 20:45 - 2017-01-06 20:45 - 02670592 _____ C:\Users\michael96\Downloads\ZHPCleaner.exe
2017-01-06 20:45 - 2017-01-06 20:45 - 00511034 _____ (glax24 (safezone.cc)) C:\Users\michael96\Downloads\SecurityCheck.exe
2017-01-06 20:45 - 2017-01-06 20:45 - 00000848 _____ C:\Users\michael96\Desktop\ZHPCleaner.lnk
2017-01-06 20:23 - 2017-01-06 21:39 - 00033294 _____ C:\windows\ZAM.krnl.trace
2017-01-06 20:23 - 2017-01-06 21:39 - 00017013 _____ C:\windows\ZAM_Guard.krnl.trace
2017-01-06 20:22 - 2017-01-06 20:22 - 05472096 _____ ( ) C:\Users\michael96\Downloads\Zemana.AntiMalware.Setup.exe
2017-01-06 20:22 - 2017-01-06 20:22 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2017-01-06 20:22 - 2017-01-06 20:22 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2017-01-06 20:22 - 2017-01-06 20:22 - 00001170 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-01-06 20:22 - 2017-01-06 20:22 - 00000000 ____D C:\Users\michael96\AppData\Local\Zemana
2017-01-06 20:22 - 2017-01-06 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-01-06 20:22 - 2017-01-06 20:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-06 20:18 - 2017-01-06 20:18 - 00021880 _____ C:\Users\michael96\Desktop\Fixlog.txt
2017-01-06 20:16 - 2017-01-06 20:16 - 00019964 _____ C:\Users\michael96\Downloads\fixlist.txt
2017-01-06 20:00 - 2017-01-06 20:01 - 00035530 _____ C:\Users\michael96\Desktop\Addition.txt
2017-01-06 20:00 - 2017-01-06 19:59 - 02418176 _____ (Farbar) C:\Users\michael96\Desktop\FRST64.exe
2017-01-06 18:37 - 2017-01-06 21:39 - 00025819 _____ C:\Users\michael96\Desktop\FRST.txt
2017-01-06 18:36 - 2017-01-06 18:36 - 00031446 _____ C:\Users\michael96\Downloads\FRST.txt
2017-01-06 15:36 - 2017-01-06 21:39 - 00000000 ____D C:\FRST
2017-01-05 14:46 - 2017-01-05 14:46 - 00000000 ____D C:\Users\michael96\AppData\Local\ElevatedDiagnostics
2017-01-05 14:24 - 2017-01-05 14:24 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Curiolab
2017-01-05 14:22 - 2017-01-06 11:44 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2017-01-05 14:22 - 2017-01-05 14:22 - 00001103 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2017-01-05 14:22 - 2017-01-05 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2017-01-04 23:16 - 2017-01-04 23:17 - 00237060 _____ C:\TDSSKiller.3.1.0.12_04.01.2017_23.16.16_log.txt
2017-01-04 22:27 - 2017-01-04 22:27 - 00002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-04 22:27 - 2017-01-04 22:27 - 00002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-04 21:20 - 2017-01-04 21:20 - 00000000 _____ C:\autoexec.bat
2017-01-04 17:04 - 2017-01-04 17:51 - 00000000 ____D C:\Users\michael96\AppData\LocalLow\Unity
2017-01-04 17:04 - 2017-01-04 17:51 - 00000000 ____D C:\Users\michael96\AppData\Local\Unity
2017-01-04 14:20 - 2017-01-04 18:09 - 00000000 ____D C:\Users\michael96\Downloads\Football Manager 2017
2016-12-29 15:37 - 2016-12-29 15:37 - 00016823 _____ C:\Users\michael96\Downloads\20161020 Tidsplan.docx
2016-12-29 15:36 - 2016-12-29 15:36 - 00013366 _____ C:\Users\michael96\Downloads\Handledare-elev 150916.docx
2016-12-29 14:59 - 2016-12-30 21:20 - 00063147 _____ C:\Users\michael96\Downloads\Automatiserad rapportmall Harvard.docx
2016-12-29 11:38 - 2016-12-29 11:38 - 00022401 _____ C:\Users\michael96\Downloads\MallRapportGymnasiearbete.docx
2016-12-26 21:47 - 2016-12-26 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-26 21:44 - 2016-12-26 21:44 - 00000000 ____D C:\Users\michael96\AppData\Local\Chromium
2016-12-20 22:29 - 2016-12-20 22:29 - 00110299 _____ C:\Users\michael96\Downloads\15625990_1793540337563448_4661246222832539786_o.jpg
2016-12-20 14:37 - 2016-12-20 14:37 - 00013099 _____ C:\Users\michael96\Downloads\Michael (4).docx
2016-12-19 14:29 - 2016-12-19 14:29 - 00001771 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-19 14:29 - 2016-12-19 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-19 14:29 - 2016-12-19 14:29 - 00000000 ____D C:\Program Files\iTunes
2016-12-19 14:29 - 2016-12-19 14:29 - 00000000 ____D C:\Program Files\iPod
2016-12-17 21:10 - 2015-07-21 08:33 - 00068742 ____N C:\Users\michael96\Downloads\The.Pianist.2002.1080p.BrRip.x264.YIFY.srt
2016-12-17 21:10 - 2015-07-19 10:33 - 00000049 ____N C:\Users\michael96\Downloads\mvsubtitles.com.txt
2016-12-17 21:09 - 2016-12-17 21:09 - 00025938 _____ C:\Users\michael96\Downloads\the-pianist-2002-1080p-brrip-x264-vppv-english-90578.zip
2016-12-17 21:06 - 2017-01-04 18:09 - 00000000 ____D C:\Users\michael96\Downloads\the-pianist-english-yify-10680
2016-12-17 21:06 - 2016-12-17 21:06 - 00025681 _____ C:\Users\michael96\Downloads\the-pianist-english-yify-10680.zip
2016-12-17 12:55 - 2016-12-17 12:55 - 00082919 _____ C:\Users\michael96\Downloads\Julpyssel-Infobrev.docx
2016-12-17 12:55 - 2016-12-17 12:55 - 00013087 _____ C:\Users\michael96\Downloads\Schema-julfest-2016.xlsx
2016-12-14 16:37 - 2016-12-01 15:13 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-12-14 16:37 - 2016-12-01 15:13 - 00678592 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-12-14 16:37 - 2016-12-01 15:11 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-12-14 16:37 - 2016-12-01 15:11 - 00536768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-12-14 16:37 - 2016-10-20 14:14 - 00029888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2016-12-14 16:37 - 2016-10-20 14:10 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2016-12-14 14:34 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-12-14 14:34 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-12-14 14:34 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-12-14 14:34 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-12-14 14:34 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-12-14 14:34 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-12-14 14:34 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-12-14 14:34 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-12-14 14:34 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-12-14 14:34 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-12-14 14:34 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2016-12-14 14:34 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2016-12-14 14:34 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2016-12-14 14:34 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-12-14 14:34 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2016-12-14 14:33 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-12-14 14:33 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2016-12-14 14:33 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-12-14 14:33 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-12-14 14:33 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-12-14 14:33 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2016-12-14 14:33 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2016-12-14 14:33 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-12-14 14:33 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-12-14 14:33 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-12-14 14:33 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-12-14 14:33 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-12-14 14:33 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-12-14 14:33 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-12-14 14:33 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-12-14 14:33 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-12-14 14:33 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-12-14 14:33 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-12-14 14:33 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-12-14 14:33 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-12-14 14:33 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-12-14 14:33 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-12-14 14:33 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-12-14 14:33 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-12-14 14:33 - 2016-11-05 21:46 - 00422744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-12-14 14:33 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-12-14 14:33 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-12-14 14:33 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-12-14 14:33 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-12-14 14:33 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-12-14 14:33 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-12-14 14:33 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2016-12-14 14:33 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\TpmTasks.dll
2016-12-14 14:33 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2016-12-14 14:33 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-12-14 14:33 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cmimcext.sys
2016-12-14 14:33 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\ActionQueue.dll
2016-12-14 14:33 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\shsetup.dll
2016-12-14 14:33 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\shsetup.dll
2016-12-14 14:33 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2016-12-14 14:33 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2016-12-14 14:33 - 2016-10-05 14:52 - 00513456 _____ C:\windows\SysWOW64\locale.nls
2016-12-14 14:33 - 2016-10-05 14:52 - 00513456 _____ C:\windows\system32\locale.nls
2016-12-14 14:33 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-12-14 14:33 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-12-14 14:33 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-12-14 14:33 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-12-14 14:33 - 2016-09-27 21:16 - 00445873 _____ C:\windows\system32\ApnDatabase.xml
2016-12-13 19:58 - 2017-01-04 21:46 - 00000000 __SHD C:\Config.Msi
2016-12-09 09:53 - 2016-12-09 09:53 - 00073604 _____ C:\Users\michael96\Downloads\15317808_1373043136092841_1745243370572163512_n.jpg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-06 21:26 - 2014-11-22 12:45 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2017-01-06 21:20 - 2015-08-28 12:02 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Skype
2017-01-06 21:20 - 2014-11-22 12:46 - 00000868 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-01-06 21:03 - 2015-12-06 13:24 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2017-01-06 20:44 - 2015-11-04 20:08 - 00000000 ____D C:\Users\michael96\Downloads\SopCast
2017-01-06 20:26 - 2016-09-29 16:26 - 00000000 ____D C:\Users\michael96\AppData\Local\Spotify
2017-01-06 20:26 - 2014-03-18 11:04 - 01740478 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-06 20:26 - 2014-03-18 10:32 - 00733830 _____ C:\windows\system32\perfh01D.dat
2017-01-06 20:26 - 2014-03-18 10:32 - 00152166 _____ C:\windows\system32\perfc01D.dat
2017-01-06 20:26 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2017-01-06 20:25 - 2015-06-20 20:14 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-06 20:25 - 2015-05-06 12:50 - 00000000 ____D C:\Users\michael96
2017-01-06 20:20 - 2016-12-04 13:54 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Spotify
2017-01-06 20:19 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-06 20:18 - 2015-11-12 14:44 - 00000000 ____D C:\Users\michael96\AppData\LocalLow\Temp
2017-01-06 20:18 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\system32\GroupPolicy
2017-01-06 20:18 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2017-01-06 20:14 - 2016-08-31 16:40 - 00000000 ____D C:\Users\michael96\Documents\Gymnasiearbete
2017-01-06 19:58 - 2015-07-08 20:27 - 00000000 ____D C:\Users\michael96\AppData\Roaming\BitTorrent
2017-01-06 18:59 - 2015-05-07 22:26 - 00000000 ____D C:\Users\michael96\Documents\Svenska
2017-01-06 18:35 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2017-01-06 18:27 - 2015-05-06 12:51 - 00003948 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{0AB009DC-DDA8-4C85-A04F-1BA51681E84E}
2017-01-06 15:01 - 2015-05-08 09:22 - 00000000 ____D C:\Users\michael96\Documents\Engelska
2017-01-05 23:07 - 2016-02-23 20:49 - 00000000 ____D C:\Users\michael96\AppData\Roaming\.ACEStream
2017-01-05 23:05 - 2016-02-23 21:01 - 00000000 ___HD C:\_acestream_cache_
2017-01-05 15:46 - 2015-05-06 13:57 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3641276461-1987637529-1729258412-1001
2017-01-05 15:26 - 2015-08-05 20:48 - 00000000 ____D C:\Users\michael96\AppData\Local\CrashDumps
2017-01-05 14:46 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2017-01-05 11:10 - 2015-05-06 12:50 - 00000000 ____D C:\Users\michael96\AppData\Local\Packages
2017-01-04 23:53 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-04 23:28 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-01-04 23:27 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-01-04 22:27 - 2014-11-22 12:46 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-04 18:09 - 2015-10-29 21:14 - 00012816 _____ C:\Users\michael96\Downloads\Öppna-anteckningsbok.onetoc2
2017-01-04 17:13 - 2016-05-04 15:12 - 00000000 ____D C:\Users\michael96\AppData\Local\NPE
2017-01-04 16:49 - 2016-01-23 01:46 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2017-01-04 16:49 - 2016-01-23 01:46 - 00000000 ____D C:\Users\michael96\Documents\Sports Interactive
2017-01-04 16:49 - 2016-01-23 01:46 - 00000000 ____D C:\Users\michael96\AppData\Local\Sports Interactive
2017-01-04 16:48 - 2015-08-31 08:53 - 00000000 ____D C:\Users\michael96\Documents\Samhällskunskap
2017-01-04 14:17 - 2015-07-31 21:43 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-03 14:09 - 2015-05-06 17:15 - 00000000 ____D C:\Users\michael96\AppData\Roaming\.minecraft
2017-01-03 14:07 - 2016-09-06 16:28 - 00001139 _____ C:\Users\michael96\Desktop\nativelog.txt
2016-12-26 22:12 - 2015-07-31 21:49 - 00063799 _____ C:\windows\DirectX.log
2016-12-26 22:12 - 2013-08-22 16:36 - 00000000 __RSD C:\windows\assembly
2016-12-26 21:51 - 2016-05-05 20:42 - 00000000 ____D C:\Users\michael96\Documents\RCT3
2016-12-26 21:51 - 2015-05-06 12:50 - 00000000 ___RD C:\Users\michael96\Documents
2016-12-26 21:51 - 2014-11-22 11:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-26 21:51 - 2013-08-22 14:36 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-26 21:50 - 2016-05-05 20:48 - 00000000 ____D C:\Users\michael96\AppData\Roaming\Atari
2016-12-26 21:45 - 2015-06-20 20:16 - 00000000 ____D C:\Users\michael96\AppData\Local\Steam
2016-12-23 05:00 - 2014-04-17 08:37 - 00524288 ___SH C:\windows\system32\config\COMPONENTS{c76a3384-ae7f-11e3-80bb-90b11c2672e5}.TMContainer00000000000000000002.regtrans-ms
2016-12-23 04:30 - 2013-08-22 16:31 - 00000000 ____D C:\windows\system32\DriverStore
2016-12-23 04:30 - 2013-08-22 14:36 - 00000000 ____D C:\windows\WinSxS
2016-12-19 14:29 - 2016-01-16 20:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-18 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-12-18 20:35 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-12-18 14:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\catroot2
2016-12-17 19:12 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-12-17 19:12 - 2013-08-22 15:44 - 00609680 _____ C:\windows\system32\FNTCACHE.DAT
2016-12-17 19:12 - 2013-08-22 14:36 - 00000000 ____D C:\windows\SysWOW64
2016-12-17 19:11 - 2014-07-01 12:00 - 00524288 ___SH C:\windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 19:11 - 2014-07-01 12:00 - 00065536 ___SH C:\windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf
2016-12-17 19:11 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\sv-SE
2016-12-17 19:11 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sv-SE
2016-12-17 19:11 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\wbem
2016-12-17 19:11 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\oobe
2016-12-17 09:48 - 2013-08-22 16:36 - 00000000 ____D C:\windows\Tasks
2016-12-15 18:12 - 2014-07-01 12:12 - 00000000 ____D C:\windows\system32\MRT
2016-12-15 18:10 - 2014-07-01 12:12 - 135632432 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-12-14 16:39 - 2014-11-22 12:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 16:36 - 2014-11-22 12:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-13 22:20 - 2014-11-22 12:46 - 00003756 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 22:20 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-12-13 22:20 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\Macromed
2016-12-13 20:00 - 2013-08-22 14:25 - 00000167 _____ C:\windows\win.ini
2016-12-12 00:00 - 2015-07-23 16:52 - 00835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:00 - 2014-11-22 12:42 - 00177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-07 16:47 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\wdi

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-06 15:42

==================== End of FRST.txt ============================



Addition log:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by michael96 (06-01-2017 21:39:36)
Running from C:\Users\michael96\Desktop
Windows 8.1 Enterprise (Update) (X64) (2015-05-06 11:50:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-3641276461-1987637529-1729258412-500 - Administrator - Disabled)
Gäst (S-1-5-21-3641276461-1987637529-1729258412-501 - Limited - Disabled)
michael96 (S-1-5-21-3641276461-1987637529-1729258412-1001 - Administrator - Enabled) => C:\Users\michael96

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(Street-Boy) All Cards Unlocker (HKLM-x32\...\(Street-Boy) All Cards Unlocker) (Version: 2.0 - )
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Ace Stream Media 3.1.11 (HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\AceStream) (Version: 3.1.11 - Ace Stream Media) <==== ATTENTION
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Monitoring Agent (HKLM-x32\...\Advanced Monitoring Agent_is1) (Version: - )
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Apple-programstöd (32-bitar) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple-programstöd (64-bitar) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
BankID säkerhetsprogram (HKLM-x32\...\{81F0D54A-F439-424E-9872-FB9B56C24AEB}) (Version: 7.0.0.41 - Finansiell ID-Teknik BID AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Facebook Games Arcade 0.11.2.4 (HKLM-x32\...\{923578AC-231E-4A7C-8AB8-A90C16B8A507}) (Version: 0.11.2.4 - Facebook)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Gemote (HKLM-x32\...\Gemote) (Version: 2.0.2 - Greenflow AS)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.274.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grundläggande enhetsprogramvara för HP DeskJet 3630 series (HKLM\...\{0808B0A4-3D85-4CBE-85B7-BD017C9CB6C6}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{A3876D50-4A88-4A34-92E1-5D7BC8F886E1}) (Version: 1.0.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{875EBF89-F7DA-4780-A476-9C0EC8F75294}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6492.0 - IDT)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Logger Pro 3.8.7 (HKLM-x32\...\{91723F06-AEC9-48CA-7AAE-806AD81D8C60}) (Version: 5.182.429 - Ditt företagsnamn)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools för Office Runtime (x64) Language Pack - SVE (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - SVE) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 43.0.4 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 sv-SE)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.8.1.14 - Symantec Corporation)
Produktförbättringsstudie för HP DeskJet 3630 series (HKLM\...\{0AA50975-E4D3-46B5-8B27-2E280CC1B783}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - www.sopcast.com)
Spotify (HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TI-Nspire™ CAS Student Software (HKLM-x32\...\{F03A8756-7FCB-4DCD-9AC1-12C63A6075F1}) (Version: 3.9.0.463 - Texas Instruments Inc.)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041D-0000-0000000FF1CE}_Office15.PROPLUS_{6ECCE4C2-43B8-4EE1-AACB-53E596ECAEC2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041D-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.341 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01CCD03B-9684-4383-9455-9AD71435896C} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {01EA7CA8-5909-4B00-9976-75A9051A4AA2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2096C5EB-1A43-44CE-87C4-6492AD2BAB9E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {46571CC0-55D6-4914-96F2-E7885583FDA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {5891B43A-E2AE-4A9B-AFAA-E6EFD08116C5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-11-12] (Symantec Corporation)
Task: {84536A27-506E-4371-9C95-C2F907AAE2A1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\WSCStub.exe [2016-11-12] (Symantec Corporation)
Task: {8597E74C-9D8D-4F4D-8010-54F33498559C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {87DA8585-B34C-4622-BD03-212E698AF417} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {9FAD5ABC-9610-4500-8F27-08C884E4E9DA} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {AE257175-3107-44D9-A63E-E12F128471D4} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B00AF2F2-782A-4636-B31B-7BEDD7F75DA8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {B01E779E-E2EB-49D9-851B-9F090B786143} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {C464685C-75BF-41CF-B2C6-261BF5EA6BFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {E8775389-A75C-421A-B29A-2D4447D87FF7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {F2CF05EC-5ECC-4F75-819F-75D6F9129A5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\michael96\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2499456594_sv-se.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=itunes&cc=SE&setlang=sv-SE&inlang=sv-SE&adlt=moderate&scale=100&contrast=none&hw=768%2C1366&CVID=52865A8FCCB8472AA0CEC02DE0BDF34

==================== Loaded Modules (Whitelisted) ==============

2015-05-25 09:54 - 2012-08-31 14:03 - 00288768 _____ () C:\windows\System32\HP1100LM.DLL
2015-05-25 09:53 - 2012-08-31 14:02 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-08 23:30 - 2016-03-08 23:30 - 00066872 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2017-01-06 20:22 - 2017-01-06 20:22 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-01-06 20:45 - 2017-01-06 20:45 - 02670592 _____ () C:\Users\michael96\Downloads\ZHPCleaner.exe
2017-01-04 22:27 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-04 22:27 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-07-06 16:02 - 2016-02-24 05:48 - 00062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2016-07-06 16:02 - 2016-02-24 05:47 - 00110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-06-20 20:15 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-20 20:15 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-20 20:15 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-20 20:15 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-20 20:15 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-20 20:15 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-20 20:15 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 23:16 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-26 21:44 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-06-20 20:15 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-06-20 20:15 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-01-06 20:18 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\michael96\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows fotovisare Skrivbordsunderlägg.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\StartupApproved\Run: => "AceStream"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{F107F45E-EA0B-4255-A517-88AE6022322E}] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{8263924B-F5C1-4AA4-B29D-E90D91889E05}] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B12657D9-8FDE-48F6-B925-05FE8BA2444D}] => C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{238EA208-DF3A-439E-9CDE-32303CCA6B76}] => C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{DF4C98AA-B194-4E6E-8F3B-E4EF09B4AB3D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{39A7F358-3BCE-46A4-AF7F-D32151821948}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{643AC37A-5414-42B2-8D41-12CF20C36B15}C:\users\michael96\appdata\roaming\spotify\spotify.exe] => C:\users\michael96\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3E37A5E0-FB14-4481-A768-49345776C207}C:\users\michael96\appdata\roaming\spotify\spotify.exe] => C:\users\michael96\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2AACFD23-1D2E-44C1-9AE2-937BF56ACBE2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{178E3AED-2238-46C3-B9E2-F11157427A1D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{B9427E4E-0E56-41E6-8F43-938BFCECFDD7}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [UDP Query User{5F1AE6F2-0AB2-4643-9494-92E9BC6AF0B0}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [{ECE95682-D6D4-41C5-B92E-773F31D5194D}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3DE19C2-D973-4248-979E-3A10F0D6AC90}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0563B201-BF7A-4EBE-A5A8-52A8088E7F3E}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CCB32168-50CA-4968-AC06-CD55F6239C2B}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB74C1CE-BCFF-4324-80EE-EB32D740FC7E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D8E4FC8B-A4AE-408A-B470-F1A0A47AA200}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F714888-BB45-4153-A5E5-B491CE175185}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED2006DB-2A99-46A7-8449-F26C8AF8F94B}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DE782526-9B63-46C9-84ED-B0F944405F2C}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CE7019A7-B1E0-4A1B-8619-AC9F0D02F52B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC496645-1C64-495C-B005-392A73B11994}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{801EFEDB-F8F3-4784-81D4-D41F5006A089}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7B86D26E-A00D-40A2-AAF4-CC03E3CF4FD1}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E5F8E529-A1B8-4FE6-9061-F385FC0A18F2}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DB7CC3CC-5828-4F21-B843-620C39B0DDAB}] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{07D36750-0FB1-489C-899E-C6BAA0D9FF90}] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5E9A8BEA-C94D-4AA9-BC2A-68A61F8776AB}] => C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4ABF92EE-9DD4-4BC7-B01D-970E8179474B}] => C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B8575FE4-D2C4-4272-A29D-7AE333226E07}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{AAB82590-C1F9-45B0-99B4-D30D69B9D774}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EA10DB94-F868-4C87-8667-6D5A7F260C26}] => C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe
FirewallRules: [{C0307468-3265-4DC2-93A8-01091D527E36}] => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0223B81A-5A0A-47D3-B938-D30EA189E5D1}] => C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{75EC5FB0-23F5-47A2-9269-6F6EB7E64CE0}] => C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{79731D6B-E535-45C8-8009-E0D16139E7A9}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{36318D76-61E5-4BA5-86D8-5446DB61669D}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0CAFED9D-CD69-461E-AB84-F70A4360B9B4}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{19DA06B4-E9B1-40BE-A251-5973CFB4EC64}] => C:\Users\michael96\AppData\Local\Amigo\Application\amigo.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2017 08:23:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest. Det finns ett fel i manifest- eller principfilen C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL på rad 1.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition är UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (01/06/2017 08:19:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: Connect.Service.ContentService.exe, version 20.1.49.0, tidsstämpel 0x54d43c57
, felet uppstod i modulen med namn: KERNELBASE.dll, version 6.3.9600.18340, tidsstämpel 0x57366075
Undantagskod: 0xe0434352
Felförskjutning: 0x0000000000008a5c
Process-ID: 0x66c
Programmets starttid: 0x01d26851c9e07b56
Sökväg till program: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Sökväg till modul: C:\windows\system32\KERNELBASE.dll
Rapport-ID: 10aff07e-d445-11e6-82af-3464a9d004ce
Fullständigt namn på felaktigt paket:
Program-ID relativt till felaktigt paket:

Error: (01/06/2017 08:19:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Tillämpningsprogram: Connect.Service.ContentService.exe
Framework-version: v4.0.30319
Beskrivning: Processen avslutades på grund av ett ohanterat undantag.
Undantagsinformation: System.ArgumentNullException
Stack:
vid System.Globalization.CultureInfo..ctor(System.String, Boolean)
vid Connect.IVault.Program.Main()

Error: (01/06/2017 08:18:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när gränssnittet IVssWriterCallback skulle erhållas. hr = 0x80070005, Åtkomst nekad.
.
Det orsakas ofta av inkorrekta säkerhetsinställningar i processen för antingen skrivaren eller beställaren.


Åtgärd:
Samlar in skrivardata

Kontext:
Skrivarklass-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Skrivarnamn: System Writer
Skrivarinstans-ID: {1642d07e-7e7b-4755-b67a-baba494ace5d}

Error: (01/06/2017 11:57:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ett problem hindrade data för Programmet för kvalitetsförbättring i Windows från att skickas till Microsoft, (Fel 80070005).

Error: (01/06/2017 11:01:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: Connect.Service.ContentService.exe, version 20.1.49.0, tidsstämpel 0x54d43c57
, felet uppstod i modulen med namn: KERNELBASE.dll, version 6.3.9600.18340, tidsstämpel 0x57366075
Undantagskod: 0xe0434352
Felförskjutning: 0x0000000000008a5c
Process-ID: 0x648
Programmets starttid: 0x01d26803cb91d7c5
Sökväg till program: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Sökväg till modul: C:\windows\system32\KERNELBASE.dll
Rapport-ID: 12604602-d3f7-11e6-82ae-3464a9d004ce
Fullständigt namn på felaktigt paket:
Program-ID relativt till felaktigt paket:

Error: (01/06/2017 11:01:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Tillämpningsprogram: Connect.Service.ContentService.exe
Framework-version: v4.0.30319
Beskrivning: Processen avslutades på grund av ett ohanterat undantag.
Undantagsinformation: System.ArgumentNullException
Stack:
vid System.Globalization.CultureInfo..ctor(System.String, Boolean)
vid Connect.IVault.Program.Main()

Error: (01/06/2017 05:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172

Error: (01/06/2017 05:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172

Error: (01/06/2017 05:19:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/06/2017 09:19:17 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Skuggkopiorna för volymen C: avbröts eftersom lagringsutrymmet för skuggkopian inte kunde växa på grund av en begränsning som angetts av användaren.

Error: (01/06/2017 08:19:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Autodesk Content Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (01/06/2017 08:19:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Autodesk Content Service skulle ansluta.

Error: (01/06/2017 08:18:58 PM) (Source: DCOM) (EventID: 10010) (User: 5CG4391DJR)
Description: Servern {9BA05972-F6A8-11CF-A442-00A0C90A8F39} registrerades inte med DCOM inom erforderlig timeout.

Error: (01/06/2017 08:18:58 PM) (Source: DCOM) (EventID: 10010) (User: 5CG4391DJR)
Description: Servern {9BA05972-F6A8-11CF-A442-00A0C90A8F39} registrerades inte med DCOM inom erforderlig timeout.

Error: (01/06/2017 08:18:50 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tjänsthanteraren försökte utföra en korrigeringsåtgärd (Starta om tjänsten) efter att tjänsten Windows Search avslutats oväntat, men denna åtgärd misslyckades med följande fel:
Det finns redan en aktiv session av tjänsten.

Error: (01/06/2017 08:18:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Windows Search avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

Error: (01/06/2017 08:18:19 PM) (Source: DCOM) (EventID: 10010) (User: 5CG4391DJR)
Description: Servern {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} registrerades inte med DCOM inom erforderlig timeout.

Error: (01/06/2017 08:18:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten HP Support Solutions Framework Service avslutades oväntat. Detta har skett 1 gånger.

Error: (01/06/2017 08:18:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Steam Client Service avslutades oväntat. Detta har skett 1 gånger.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 2950M @ 2.00GHz
Percentage of memory in use: 60%
Total physical RAM: 4009.11 MB
Available physical RAM: 1599.94 MB
Total Virtual: 6953.11 MB
Available Virtual: 3809.09 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:97.27 GB) (Free:17.44 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7547F7F8)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Adware Removal Tool Scan.


Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png


Hit Ok.

sYFsqHx.png


Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

How is your machine running?
 
Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Adware Removal Tool Scan.


Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png


Hit Ok.

sYFsqHx.png


Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

How is your machine running?
Done, no pop ups since the all the malware scans
Here are the logs, hope I didn't forget something
SecurityCheck

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 06.01.2017 22:30:19
Path starting: C:\Users\michael96\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: michael96
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________

Windows 8.1(6.3.9600) (x64) Enterprise Lang: Swedish(041D)
Installation date OS: 06.05.2015 11:50:35
LicenseStatus: Office 15, OfficeProPlusVL_MAK edition The machine is permanently activated.
LicenseStatus: Windows(R), Enterprise edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Internet Explorer (C:\Program Files\Internet Explorer\iexplore.exe)
SystemDrive: C: FS: [NTFS] Capacity: [97.3 Gb] Used: [79.9 Gb] Free: [17.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18538
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2016-12-18 19:35:08
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4569.1506
---------------------------- [ Antivirus_WMI ] ----------------------------
Norton Security (disabled)
Windows Defender (disabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Norton Security
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Norton Security (disabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Norton Security v.22.8.1.14
Norton Identity Safe v.2014.7.11.42
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.70.341
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.21 (64-bit) v.5.21.0 Warning! Download Update
Microsoft Silverlight v.5.1.50901.0
WinRAR 5.21 (32-bit) v.5.21.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.27 v.7.27.101 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 101 v.8.0.1010.13 Warning! Download Update
Uninstall old version and install new one (jre-8u112-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.5.4.42
QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour-tjänst (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 24 NPAPI v.24.0.0.186
Adobe Reader XI (11.0.11) - Svenska v.11.0.11 Warning! Download Update
^Please run Adobe Reader XI and go Help - Check for updates...^
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
Mozilla Firefox 43.0.4 (x86 sv-SE) v.43.0.4 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Ace Stream Media 3.1.11 v.3.1.11 Unwanted software.
Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------

Adware cleaner scan

# AdwCleaner v6.042 - Logfile created 06/01/2017 at 22:34:22
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Server]
# Operating System : Windows 8.1 Enterprise (X64)
# Username : michael96 - 5CG4391DJR
# Running from : C:\Users\michael96\Downloads\adwcleaner_6.042.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Users\michael96\AppData\LocalLow\.acestream
Folder Found: C:\Users\michael96\AppData\Roaming\.acestream
Folder Found: C:\Users\michael96\AppData\Roaming\acestream
Folder Found: C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
Folder Found: C:\_acestream_cache_


***** [ Files ] *****

File Found: C:\Users\michael96\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
File Found: C:\Users\michael96\Favorites\Mail.Ru.url
File Found: C:\Users\michael96\Favorites\Mail.Ru Агент - используй для общения!.url


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.acelive
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.acemedia
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.acestream
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.tslive
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\acestream
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.CDAudio
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.DVDMovie
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.file
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.OPENFolder
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.SVCDMovie
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.VCDMovie
Key Found: HKCU\Software\Classes\.acelive
Key Found: HKCU\Software\Classes\.acemedia
Key Found: HKCU\Software\Classes\.acestream
Key Found: HKCU\Software\Classes\.tslive
Key Found: HKCU\Software\Classes\acestream
Key Found: HKCU\Software\Classes\AceStream.CDAudio
Key Found: HKCU\Software\Classes\AceStream.DVDMovie
Key Found: HKCU\Software\Classes\AceStream.file
Key Found: HKCU\Software\Classes\AceStream.OPENFolder
Key Found: HKCU\Software\Classes\AceStream.SVCDMovie
Key Found: HKCU\Software\Classes\AceStream.VCDMovie
Key Found: HKLM\SOFTWARE\Classes\.acestream
Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: [x64] HKCU\Software\Classes\.acelive
Key Found: [x64] HKCU\Software\Classes\.acemedia
Key Found: [x64] HKCU\Software\Classes\.acestream
Key Found: [x64] HKCU\Software\Classes\.tslive
Key Found: [x64] HKCU\Software\Classes\acestream
Key Found: [x64] HKCU\Software\Classes\AceStream.CDAudio
Key Found: [x64] HKCU\Software\Classes\AceStream.DVDMovie
Key Found: [x64] HKCU\Software\Classes\AceStream.file
Key Found: [x64] HKCU\Software\Classes\AceStream.OPENFolder
Key Found: [x64] HKCU\Software\Classes\AceStream.SVCDMovie
Key Found: [x64] HKCU\Software\Classes\AceStream.VCDMovie
Key Found: [x64] HKLM\SOFTWARE\Classes\.acestream
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\AceStream
Key Found: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Key Found: HKCU\Software\AceStream
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Key Found: [x64] HKCU\Software\AceStream
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Key Found: HKCU\Software\Classes\Applications\ace_player.exe
Key Found: HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Key Found: HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Key Found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Key Found: HKCU\SOFTWARE\Classes\Applications\ace_player.exe
Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
Value Found: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ajkgkhepjponelmnplpciplmhagpknbg
Chrome pref Found: [C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oelpkepjlgmehajehfeicfbjdiobdkfj
Chrome pref Found: [C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ojlcebdkbpjdpiligkdbbkdkfjmchbfd

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [8232 Bytes] - [06/01/2017 22:34:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8305 Bytes] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 Enterprise x64
Ran by michael96 (Administrator) on 2017-01-06 at 22:36:22,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


Deleted the following from C:\Users\michael96\AppData\Roaming\Mozilla\Firefox\Profiles\6wy7q6u7.default\prefs.js
user_pref(extensions.homepage@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7BE1816071-39E8-416A-A566-BC7704085B0D%7D&install_id=%7BAAA18FCC-E94F-4040-9
user_pref(extensions.homepage@mail.ru.install_id, {AAA18FCC-E94F-4040-9B82-D72789D65DCA});
user_pref(extensions.homepage@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7BE1816071-39E8-416A-A566-BC7704085B0
user_pref(extensions.homepage@mail.ru.partner_product_online_url, hxxp://ec2-54-229-84-172.eu-west-1.compute.amazonaws.com/affect?guid={guid}&sid=16045&homesearch=1&label=8
user_pref(extensions.homepage@mail.ru.product_id, {E1816071-39E8-416A-A566-BC7704085B0D});
user_pref(extensions.homepage@mail.ru.product_type, ff_xtnhp);
user_pref(extensions.homepage@mail.ru.rfr, 818411);
user_pref(extensions.search@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7BFB7E6C51-CDB6-4589-86F2-680B0CA6305B%7D&install_id=%7BAAA18FCC-E94F-4040-9B8
user_pref(extensions.search@mail.ru.install_id, {AAA18FCC-E94F-4040-9B82-D72789D65DCA});
user_pref(extensions.search@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7BFB7E6C51-CDB6-4589-86F2-680B0CA6305B%
user_pref(extensions.search@mail.ru.partner_product_online_url, hxxp://ec2-54-229-84-172.eu-west-1.compute.amazonaws.com/affect?guid={guid}&sid=16045&homesearch=1&label=811
user_pref(extensions.search@mail.ru.product_id, {FB7E6C51-CDB6-4589-86F2-680B0CA6305B});
user_pref(extensions.search@mail.ru.product_type, ff_xtndse);
user_pref(extensions.search@mail.ru.rfr, 811041);
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7BE811E15D-B785-4DD3-85E3-8479ABBB3A45%7D&install_id=%
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7BE811E15D-B785



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-01-06 at 22:38:58,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adware removal tool

[-] Deleted ->> Folder ->> C:\Program Files (x86)\SopCast
[-] Deleted ->> Folder ->> C:\ProgramData\Application Data\Start Menu\Programs\SopCast
[-] Deleted ->> Folder ->> C:\ProgramData\Start Menu\Programs\SopCast
[-] Deleted ->> Folder ->> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[-] Deleted ->> Folder ->> C:\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\SopCast
[-] Deleted ->> Folder ->> C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[-] Deleted ->> Folder ->> C:\Users\michael96\Appdata\Local\VirtualStore\Program Files (x86)\SopCast
[-] Repaired ->> File ->> C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default\Preferences
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\SopCast
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\Software\WOW6432Node\SopCast
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\SopCast
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\microsoft\windows\Currentversion\Uninstall\SopCast
 
  • Like
Reactions: Malnutrition
Please follow the suggestions in the security check log, and update your software. You can also use Patch My PC

WinRAR 5.21 (64-bit) v.5.21.0 Warning! Download Update
Microsoft Silverlight v.5.1.50901.0
WinRAR 5.21 (32-bit) v.5.21.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.27 v.7.27.101 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 101 v.8.0.1010.13 Warning! Download Update
Uninstall old version and install new one (jre-8u112-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.5.4.42
QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour-tjänst (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 24 NPAPI v.24.0.0.186
Adobe Reader XI (11.0.11) - Svenska v.11.0.11 Warning! Download Update
^Please run Adobe Reader XI and go Help - Check for updates...^
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
Mozilla Firefox 43.0.4 (x86 sv-SE) v.43.0.4 Warning! Download Update

Also, you will need to re-run Adware Cleaner I need to see a new log to make sure all was removed.


I need to see the following in your next post.

Updated Security Check log after updating apps.
A fresh Adware Cleaner log, that shows me you have deleted the adware from your machine.
Tell me if any issues are present on your machine.
If after I see that you are updated and all bad items are removed, we will clean up the tools we used. 🙂
 
alright, I think that the admalware is now removed, haven't had any pop ups in a while.
here are the updated logs
Adw cleaner
# AdwCleaner v6.042 - Logfile created 07/01/2017 at 00:17:19
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Local]
# Operating System : Windows 8.1 Enterprise (X64)
# Username : michael96 - 5CG4391DJR
# Running from : C:\Users\michael96\Downloads\adwcleaner_6.042 (1).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\michael96\AppData\LocalLow\.acestream
[-] Folder deleted: C:\Users\michael96\AppData\Roaming\.acestream
[-] Folder deleted: C:\Users\michael96\AppData\Roaming\acestream
[-] Folder deleted: C:\Users\michael96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
[-] Folder deleted: C:\_acestream_cache_


***** [ Files ] *****

[-] File deleted: C:\Users\michael96\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[-] File deleted: C:\Users\michael96\Favorites\Mail.Ru.url
[-] File deleted: C:\Users\michael96\Favorites\Mail.Ru Агент - используй для общения!.url


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.acelive
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.acemedia
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.acestream
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\.tslive
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\acestream
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.CDAudio
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.DVDMovie
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.file
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.OPENFolder
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.SVCDMovie
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Classes\AceStream.VCDMovie
[#] Key deleted on reboot: HKCU\Software\Classes\.acelive
[#] Key deleted on reboot: HKCU\Software\Classes\.acemedia
[#] Key deleted on reboot: HKCU\Software\Classes\.acestream
[#] Key deleted on reboot: HKCU\Software\Classes\.tslive
[#] Key deleted on reboot: HKCU\Software\Classes\acestream
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.CDAudio
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.DVDMovie
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.file
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.OPENFolder
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.SVCDMovie
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.VCDMovie
[-] Key deleted: HKLM\SOFTWARE\Classes\.acestream
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acelive
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acemedia
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.tslive
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.CDAudio
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.DVDMovie
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.file
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.OPENFolder
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.SVCDMovie
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.VCDMovie
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\.acestream
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\AceStream
[-] Key deleted: HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Key deleted on reboot: HKCU\Software\AceStream
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Key deleted on reboot: [x64] HKCU\Software\AceStream
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[-] Key deleted: HKCU\Software\Classes\Applications\ace_player.exe
[-] Key deleted: HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
[-] Key deleted: HKCU\Software\Classes\DVD\shell\PlayWithACEStream
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Key deleted on reboot: HKCU\SOFTWARE\Classes\Applications\ace_player.exe
[-] Value deleted: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]


***** [ Web browsers ] *****

[-] [C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ajkgkhepjponelmnplpciplmhagpknbg
[-] [C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: oelpkepjlgmehajehfeicfbjdiobdkfj
[-] [C:\Users\michael96\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ojlcebdkbpjdpiligkdbbkdkfjmchbfd


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8983 Bytes] - [07/01/2017 00:17:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [8472 Bytes] - [06/01/2017 22:34:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [8548 Bytes] - [07/01/2017 00:13:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9202 Bytes] ##########


SecurityCheck

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 07.01.2017 00:22:21
Path starting: C:\Users\michael96\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: michael96
VersionXML: 3.68is-07.01.2017
___________________________________________________________________________

Windows 8.1(6.3.9600) (x64) Enterprise Lang: Swedish(041D)
Installation date OS: 06.05.2015 11:50:35
LicenseStatus: Office 15, OfficeProPlusVL_MAK edition The machine is permanently activated.
LicenseStatus: Windows(R), Enterprise edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Internet Explorer (C:\Program Files\Internet Explorer\iexplore.exe)
SystemDrive: C: FS: [NTFS] Capacity: [97.3 Gb] Used: [81.4 Gb] Free: [15.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18538
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2016-12-18 19:35:08
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is starting
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4569.1506
---------------------------- [ Antivirus_WMI ] ----------------------------
Norton Security (disabled)
Windows Defender (disabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Norton Security
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Norton Security (disabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Norton Security v.22.8.1.14
Norton Identity Safe v.2014.7.11.42
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.70.341
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.40 (64-bit) v.5.40.0
Microsoft Silverlight v.5.1.50901.0
WinRAR 5.40 (32-bit) v.5.40.0
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.30 v.7.30.105
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 112 v.8.0.1120.15
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.5.4.42
Bonjour-tjänst (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 24 NPAPI v.24.0.0.186
Adobe Reader XI (11.0.18) - Svenska v.11.0.18
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 50.1.0 (x64 sv-SE) v.50.1.0
Google Chrome v.55.0.2883.87
Mozilla Firefox 43.0.4 (x86 sv-SE) v.43.0.4 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 
Step 1: Update -- Reset FF IE

Download ResetBrowser To your desktop.
Now close all open browsers.
Right click and run as administrator.

vwUeyaZ.png


Click on Reset Firefox-- Allow completion.
Complete the same for internet explorer.
Now reboot your machine.


Step 2: Rogue Killer Scan.


Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.

Step 3: Clean up the tools we used and create a new restore point.



Glad to have helped!! Please tell a friend ...... or two about us.
smile.png


Optimize your internet connection.

Click here for instructions.



suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.



Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.



Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
Last edited:
Step 1: Update -- Reset FF IE

Download ResetBrowser To your desktop.
Now close all open browsers.
Right click and run as administrator.

vwUeyaZ.png


Click on Reset Firefox-- Allow completion.
Complete the same for internet explorer.
Now reboot your machine.


Step 2: Rogue Killer Scan.


Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.

Step 3: Clean up the tools we used and create a new restore point.



Glad to have helped!! Please tell a friend ...... or two about us.
smile.png


suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.



Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.



Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

Sorry for the late respond,
Man thank you so much for the help I appreciate it alot ! I will definitely suggest this forum to my friends 🙂
Here are the last logs

RogueKiller V12.9.1.0 (x64) [Jan 2 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : michael96 [Administrator]
Started from : C:\Users\michael96\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 01/07/2017 11:18:45 (Duration : 00:25:22)

¤¤¤ Processes : 1 ¤¤¤
[Adw.DNSUnlocker] ZAM.exe(4496) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 5 ¤¤¤
[PUP.Gen1|Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Microsoft\Windows\CurrentVersion\Run | AceStream : C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe [x] -> Not selected
[PUP.Gen1|Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3641276461-1987637529-1729258412-1001\Software\Microsoft\Windows\CurrentVersion\Run | AceStream : C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe [x] -> Not selected
[PUP.Gen1|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0223B81A-5A0A-47D3-B938-D30EA189E5D1} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe|Name=AceStream| [x] -> Not selected
[PUP.Gen1|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {75EC5FB0-23F5-47A2-9269-6F6EB7E64CE0} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe|Name=AceStream| [x] -> Not selected
[PUP.Gen0|PUP.Gen1|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {19DA06B4-E9B1-40BE-A251-5973CFB4EC64} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\michael96\AppData\Local\Amigo\Application\amigo.exe|Name=Amigo (mDNS-In)|Desc=Regel som tillåter inkommande mDNS-trafik för Amigo.|EmbedCtxt=Amigo| [x] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 4 ¤¤¤
[PUP.Gen1][File] C:\Users\michael96\Desktop\Ace Player.lnk [LNK@] C:\Users\michael96\AppData\Roaming\ACEStream\player\ace_player.exe -> Deleted
[PUP.Gen1][File] C:\Users\michael96\Desktop\Ace Stream Media Center.lnk [LNK@] C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe --onstart-webui-open-page proxy-server-main -> Deleted
[PUP.Gen1][File] C:\Users\michael96\Desktop\Ace Player.lnk [LNK@] C:\Users\michael96\AppData\Roaming\ACEStream\player\ace_player.exe -> Removed at reboot [2]
[PUP.Gen1][File] C:\Users\michael96\Desktop\Ace Stream Media Center.lnk [LNK@] C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe --onstart-webui-open-page proxy-server-main -> Removed at reboot [2]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://www.google.com/search?hl=en...tGyB0ByCtCtAtDyByB0BtDtD0C2Q&cr=507446387&ir=] -> Not selected
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [google.se] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: MTFDDAK128MAY-1AH1ZABHA +++++
--- User ---
[MBR] b9ccba0fa2db7b3564c2c37023ec4e1f
[BSP] a4d16bafb76d158f644ef19f8cf2ed7b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1024000 | Size: 22000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 46080000 | Size: 99603 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK



# DelFix v1.013 - Logfile created 07/01/2017 at 11:56:47
# Updated 17/04/2016 by Xplode
# Username : michael96 - 5CG4391DJR
# Operating System : Windows 8.1 Enterprise (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\SecurityCheck
Deleted : C:\TDSSKiller.3.1.0.12_04.01.2017_23.16.16_log.txt
Deleted : C:\Users\michael96\Desktop\Addition.txt
Deleted : C:\Users\michael96\Desktop\Fixlog.txt
Deleted : C:\Users\michael96\Desktop\FRST.txt
Deleted : C:\Users\michael96\Desktop\FRST64.exe
Deleted : C:\Users\michael96\Desktop\JRT.txt
Deleted : C:\Users\michael96\Desktop\RogueKillerX64.exe
Deleted : C:\Users\michael96\Desktop\ZHPCleaner.lnk
Deleted : C:\Users\michael96\Desktop\ZHPCleaner.txt
Deleted : C:\Users\michael96\Downloads\adwcleaner_6.042 (1).exe
Deleted : C:\Users\michael96\Downloads\adwcleaner_6.042.exe
Deleted : C:\Users\michael96\Downloads\FRST.txt
Deleted : C:\Users\michael96\Downloads\JRT.exe
Deleted : C:\Users\michael96\Downloads\SecurityCheck (1).exe
Deleted : C:\Users\michael96\Downloads\SecurityCheck.exe
Deleted : C:\Users\michael96\Downloads\ZHPCleaner.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #143 [Removed QuickTime 7 | 01/06/2017 23:07:26]
Deleted : RP #144 [ResetBrowser | 01/07/2017 10:08:19]

New restore point created !

########## - EOF - ##########
Thanks again for your time and effort to solve my problem 🙂
 
  • Like
Reactions: Malnutrition
I almost forgot to mention about a couple of programs to remove from your machine.

Ace Stream Media 3.1.11 (HKU\S-1-5-21-3641276461-1987637529-1729258412-1001\...\AceStream) (Version: 3.1.11 - Ace Stream Media) <==== ATTENTION
Facebook Games Arcade 0.11.2.4 (HKLM-x32\...\{923578AC-231E-4A7C-8AB8-A90C16B8A507}) (Version: 0.11.2.4 - Facebook)


FRST seems to flag the Ace media, it seems it is related to Torrents. If it were my machine it would go... it seems it could open you up to infections.

Also, I would certainly not have anything running from facebook anywhere near my machine, so that is a definite uninstall...

Re-Run R-Killer and place a tick next to the firewall paths below, and delete it. Uninstalling the program will remove the rest of the files.

[PUP.Gen0|PUP.Gen1|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {19DA06B4-E9B1-40BE-A251-5973CFB4EC64} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\michael96\AppData\Local\Amigo\Application\amigo.exe|Name=Amigo (mDNS-In)|Desc=Regel som tillåter inkommande mDNS-trafik för Amigo.|EmbedCtxt=Amigo| [x] -> Not selected

[PUP.Gen1|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0223B81A-5A0A-47D3-B938-D30EA189E5D1} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe|Name=AceStream| [x] -> Not selected

[PUP.Gen1|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {75EC5FB0-23F5-47A2-9269-6F6EB7E64CE0} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\michael96\AppData\Roaming\ACEStream\engine\ace_engine.exe|Name=AceStream| [x] -> Not selected


Edit: As far as the item below, it is a false positive.

[Adw.DNSUnlocker] ZAM.exe(4496) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[7] -> Killed [TermThr]

I am going to mark this one as solved unless you have anymore questions?
 
Last edited:
Status
Not open for further replies.