Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by Jasiah Bernales (administrator) on LAPTOP-0KNF3GVG (18-07-2017 22:04:51)
Running from C:\Users\jonas\Downloads
Loaded Profiles: Jasiah Bernales (Available Profiles: Jasiah Bernales)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-10] (AVAST Software)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\Run: [Chromium] => "c:\users\jonas\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\MountPoints2: {e96090db-e682-11e6-9c0f-54ab3a114155} - "E:\Setup.exe" /s
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8de16144-4185-4656-8e9a-30842294c051}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7669a35-02c4-40d5-9e68-bfcbde80695b}: [DhcpNameServer] 40.32.1.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234830933519764&GUID=543DE411-1FC1-4CEC-BC4C-7CE1DDF07C80
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234830934312648&GUID=543DE411-1FC1-4CEC-BC4C-7CE1DDF07C80
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234830934463494&GUID=543DE411-1FC1-4CEC-BC4C-7CE1DDF07C80
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzztAtN1L2XzutAtFtByEtFyCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0BtC0FyBzyyCzytGtAyDtA0BtGyC0A0CtBtGtByC0DyEtG0E0F0ByCyEtAyB0BtD0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtAtCyC%26cr%3D617073579%26a%3Dwbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM -> {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_33_wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzyyEtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDzyyEyDtCzz0C0AtGtByBtBtBtGzztDyDtCtGyC0EyD0FtG0CtB0AyDyDtCyBtD0AyByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyE%26cr%3D332040880%26a%3Dhdr_s_16_33_wbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzztAtN1L2XzutAtFtByEtFyCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0BtC0FyBzyyCzytGtAyDtA0BtGyC0A0CtBtGtByC0DyEtG0E0F0ByCyEtAyB0BtD0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtAtCyC%26cr%3D617073579%26a%3Dwbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_33_wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzyyEtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDzyyEyDtCzz0C0AtGtByBtBtBtGzztDyDtCtGyC0EyD0FtG0CtB0AyDyDtCyBtD0AyByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyE%26cr%3D332040880%26a%3Dhdr_s_16_33_wbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> DefaultScope {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_33_wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzyyEtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDzyyEyDtCzz0C0AtGtByBtBtBtGzztDyDtCtGyC0EyD0FtG0CtB0AyDyDtCyBtD0AyByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyE%26cr%3D332040880%26a%3Dhdr_s_16_33_wbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzztAtN1L2XzutAtFtByEtFyCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0BtC0FyBzyyCzytGtAyDtA0BtGyC0A0CtBtGtByC0DyEtG0E0F0ByCyEtAyB0BtD0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtAtCyC%26cr%3D617073579%26a%3Dwbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation)
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.12.0.0_neutral__c1wakc4j0nefm [2017-05-02]
Edge Extension: (No Name) -> MouseGestures_MicrosoftMouseGestures_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.MouseGestures_0.6.17136.0_neutral__8wekyb3d8bbwe [2017-06-01]
FireFox:
========
FF DefaultProfile: mfu97agf.default
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mfu97agf.default\Profiles\mfu97agf.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\mfu97agf.default\Profiles\mfu97agf.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default [2016-10-25]
FF NewTab: Mozilla\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\mfu97agf.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\mfu97agf.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF Keyword.URL: Mozilla\Firefox\Profiles\mfu97agf.default -> user_pref("keyword.URL", true);
FF Extension: (English (US) Language Pack) - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-10-09]
FF Extension: (Mozilla Partner Defaults) - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\Extensions\partnerdefaults@mozilla.com [2016-07-26]
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\searchplugins\8ef60il3.xml [2016-10-22]
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\searchplugins\mylucky123.xml [2016-10-25]
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\searchplugins\yahoo! powered.xml [2016-09-01]
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Firefox\Firefox\Profiles\mfu97agf.default [2017-07-18] <==== ATTENTION
FF NewTab: Firefox\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF DefaultSearchEngine: Firefox\Firefox\Profiles\mfu97agf.default -> youndoo
FF SelectedSearchEngine: Firefox\Firefox\Profiles\mfu97agf.default -> youndoo
FF Homepage: Firefox\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF Keyword.URL: Firefox\Firefox\Profiles\mfu97agf.default -> user_pref("keyword.URL", true);
FF Extension: (English (US) Language Pack) - C:\Users\jonas\AppData\Roaming\Firefox\Firefox\Profiles\mfu97agf.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-11-05] [not signed]
FF Extension: (Mozilla Partner Defaults) - C:\Users\jonas\AppData\Roaming\Firefox\Firefox\Profiles\mfu97agf.default\Extensions\partnerdefaults@mozilla.com [2016-10-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-06] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [104624 2017-06-14] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-10] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [323152 2015-05-29] (Windows (R) Win 7 DDK provider)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-10] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2017-03-08] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-08-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [398176 2015-07-09] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-09] (Acer Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-06-10] (AVAST Software s.r.o.)
S3 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-06-10] (AVAST Software s.r.o.)
S3 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-06-10] (AVAST Software s.r.o.)
S3 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-06-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-06-10] (AVAST Software)
S3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-06-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-06-10] (AVAST Software)
S3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-06-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-06-10] (AVAST Software)
S3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-06-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-06-10] (AVAST Software)
S3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-06-10] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-06] (The OpenVPN Project)
S3 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-06-10] (AVAST Software)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-03-08] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-07-20] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-03-08] (ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [70960 2017-03-08] (ESET)
S3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [112640 2015-06-02] (Intel(R) Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5741816 2015-08-20] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-07-09] (Acer Incorporated)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [File not signed]
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-07-09] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [51368 2015-05-11] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-18 22:04 - 2017-07-18 22:04 - 00031372 _____ C:\Users\jonas\Downloads\FRST.txt
2017-07-18 22:04 - 2017-07-18 22:04 - 00000000 ___DC C:\FRST
2017-07-18 22:03 - 2017-07-18 22:03 - 02435584 _____ (Farbar) C:\Users\jonas\Downloads\FRST64.exe
2017-07-18 21:50 - 2017-07-18 21:50 - 00000000 ____D C:\Users\jonas\AppData\Local\Firefox
2017-07-18 19:45 - 2017-07-18 19:45 - 00000000 ____D C:\WINDOWS\Panther
2017-07-18 19:20 - 2017-07-18 19:20 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1497028472
2017-07-18 19:19 - 2017-07-18 19:19 - 00000177 _____ C:\Users\Public\Desktop\RuneScape Launcher.url
2017-07-18 19:19 - 2017-07-18 19:19 - 00000000 ___DC C:\Program Files\Jagex
2017-07-18 19:15 - 2017-07-18 19:17 - 05502016 _____ (Jagex Ltd ) C:\Users\jonas\Downloads\RuneScape-Setup.exe
2017-07-18 19:10 - 2017-07-18 19:10 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-18 17:51 - 2017-07-18 17:51 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazonAssistant.lnk
2017-07-18 17:50 - 2017-07-18 17:50 - 00000000 ___HD C:\Program Files (x86)\Amazon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-18 21:57 - 2016-07-28 19:20 - 00000000 ____D C:\Users\jonas\AppData\Roaming\Spotify
2017-07-18 21:56 - 2016-10-10 12:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\CareCenter
2017-07-18 21:55 - 2016-10-20 12:48 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-18 21:49 - 2016-07-28 19:25 - 00000000 ____D C:\Users\jonas\AppData\Local\Spotify
2017-07-18 21:46 - 2017-06-10 00:58 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-07-18 21:42 - 2015-07-22 11:08 - 01271470 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-18 21:37 - 2016-10-10 12:29 - 00000000 ____D C:\Users\jonas
2017-07-18 21:37 - 2016-10-10 12:23 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-18 21:34 - 2016-10-10 12:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-18 21:34 - 2016-10-10 12:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 20:05 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-18 20:04 - 2016-08-19 01:11 - 00000000 ____D C:\Program Files (x86)\vShare Helper
2017-07-18 20:02 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-18 19:54 - 2017-06-01 20:45 - 00000000 ____D C:\Users\jonas\AppData\LocalLow\uTorrent
2017-07-18 19:54 - 2017-03-12 15:42 - 00000000 ____D C:\Users\jonas\AppData\Roaming\uTorrent
2017-07-18 19:43 - 2016-07-16 14:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-18 19:33 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-18 19:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-18 19:20 - 2016-07-27 07:25 - 00000000 ____D C:\ProgramData\Jagex
2017-07-18 19:19 - 2016-12-14 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2017-07-18 19:19 - 2016-07-27 07:25 - 00000000 ____D C:\Users\jonas\AppData\Local\Jagex
2017-07-18 19:17 - 2016-07-28 19:53 - 00000000 ____D C:\Users\jonas\Downloads\EXE FILES
2017-07-18 18:29 - 2015-07-22 11:06 - 00000000 ___DC C:\Program Files (x86)\Acer
2017-07-18 18:26 - 2016-07-26 19:29 - 00000000 ____D C:\Users\jonas\AppData\Local\clear.fi
2017-07-18 18:25 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-07-18 18:21 - 2017-04-11 09:02 - 00000000 ___DC C:\Program Files (x86)\Dropbox
==================== Files in the root of some directories =======
2016-07-31 22:36 - 2016-10-21 01:24 - 0000193 _____ () C:\Users\jonas\AppData\Roaming\WB.CFG
2016-10-10 12:22 - 2016-10-10 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-21 21:28 - 2016-09-21 21:28 - 0000028 _____ () C:\ProgramData\pintext.txt
Some files in TEMP:
====================
2017-07-18 18:25 - 2016-08-15 15:44 - 4964568 _____ (Acer Incorporated) C:\Users\jonas\AppData\Local\Temp\AcerDocsSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-10 02:11
==================== End of FRST.txt ============================
Ran by Jasiah Bernales (administrator) on LAPTOP-0KNF3GVG (18-07-2017 22:04:51)
Running from C:\Users\jonas\Downloads
Loaded Profiles: Jasiah Bernales (Available Profiles: Jasiah Bernales)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\jonas\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-10] (AVAST Software)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\Run: [Chromium] => "c:\users\jonas\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\...\MountPoints2: {e96090db-e682-11e6-9c0f-54ab3a114155} - "E:\Setup.exe" /s
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8de16144-4185-4656-8e9a-30842294c051}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7669a35-02c4-40d5-9e68-bfcbde80695b}: [DhcpNameServer] 40.32.1.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234830933519764&GUID=543DE411-1FC1-4CEC-BC4C-7CE1DDF07C80
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234830934312648&GUID=543DE411-1FC1-4CEC-BC4C-7CE1DDF07C80
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131234830934463494&GUID=543DE411-1FC1-4CEC-BC4C-7CE1DDF07C80
HKU\S-1-5-21-2178256675-3852963564-1310966750-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzztAtN1L2XzutAtFtByEtFyCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0BtC0FyBzyyCzytGtAyDtA0BtGyC0A0CtBtGtByC0DyEtG0E0F0ByCyEtAyB0BtD0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtAtCyC%26cr%3D617073579%26a%3Dwbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM -> {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_33_wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzyyEtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDzyyEyDtCzz0C0AtGtByBtBtBtGzztDyDtCtGyC0EyD0FtG0CtB0AyDyDtCyBtD0AyByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyE%26cr%3D332040880%26a%3Dhdr_s_16_33_wbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzztAtN1L2XzutAtFtByEtFyCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0BtC0FyBzyyCzytGtAyDtA0BtGyC0A0CtBtGtByC0DyEtG0E0F0ByCyEtAyB0BtD0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtAtCyC%26cr%3D617073579%26a%3Dwbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_33_wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzyyEtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDzyyEyDtCzz0C0AtGtByBtBtBtGzztDyDtCtGyC0EyD0FtG0CtB0AyDyDtCyBtD0AyByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyE%26cr%3D332040880%26a%3Dhdr_s_16_33_wbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> DefaultScope {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_33_wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzyyEtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyDzyyEyDtCzz0C0AtGtByBtBtBtGzztDyDtCtGyC0EyD0FtG0CtB0AyDyDtCyBtD0AyByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyE%26cr%3D332040880%26a%3Dhdr_s_16_33_wbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0F0FtBzztBtC0F0AzyyC0EtCzz0DtN0D0Tzu0StCyCzztAtN1L2XzutAtFtByEtFyCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0BtC0FyBzyyCzytGtAyDtA0BtGyC0A0CtBtGtByC0DyEtG0E0F0ByCyEtAyB0BtD0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Fzzzz0B0B0BtByCtGtBtDzyzztGyEyEyCtBtG0ByByC0AtG0D0BtC0D0AzyyCtAtC0C0BtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtAtCyC%26cr%3D617073579%26a%3Dwbf_anvsft_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> {B80AA293-FF41-4CE1-8E3B-D3EFF69534B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation)
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-06] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2178256675-3852963564-1310966750-1001 -> hxxp://www.mylucky123.com/?type=hp&ts=1477399527&z=d28d3cdc26401c5f8c46d5egez0mcm2c9t9t4w7o2c&from=interhop1024&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.12.0.0_neutral__c1wakc4j0nefm [2017-05-02]
Edge Extension: (No Name) -> MouseGestures_MicrosoftMouseGestures_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.MouseGestures_0.6.17136.0_neutral__8wekyb3d8bbwe [2017-06-01]
FireFox:
========
FF DefaultProfile: mfu97agf.default
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mfu97agf.default\Profiles\mfu97agf.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\mfu97agf.default\Profiles\mfu97agf.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default [2016-10-25]
FF NewTab: Mozilla\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\mfu97agf.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\mfu97agf.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF Keyword.URL: Mozilla\Firefox\Profiles\mfu97agf.default -> user_pref("keyword.URL", true);
FF Extension: (English (US) Language Pack) - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-10-09]
FF Extension: (Mozilla Partner Defaults) - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\Extensions\partnerdefaults@mozilla.com [2016-07-26]
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\searchplugins\8ef60il3.xml [2016-10-22]
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\searchplugins\mylucky123.xml [2016-10-25]
FF SearchPlugin: C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\mfu97agf.default\searchplugins\yahoo! powered.xml [2016-09-01]
FF ProfilePath: C:\Users\jonas\AppData\Roaming\Firefox\Firefox\Profiles\mfu97agf.default [2017-07-18] <==== ATTENTION
FF NewTab: Firefox\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF DefaultSearchEngine: Firefox\Firefox\Profiles\mfu97agf.default -> youndoo
FF SelectedSearchEngine: Firefox\Firefox\Profiles\mfu97agf.default -> youndoo
FF Homepage: Firefox\Firefox\Profiles\mfu97agf.default -> hxxp://www.youndoo.com/?z=a0586161317ab8eeddfcdafgfz3mdmdgawdg3o1z0q&from=wak&uid=WDCXWD5000LPCX-21VHAT0_WD-WX41AC53XELJ3XELJ&type=hp
FF Keyword.URL: Firefox\Firefox\Profiles\mfu97agf.default -> user_pref("keyword.URL", true);
FF Extension: (English (US) Language Pack) - C:\Users\jonas\AppData\Roaming\Firefox\Firefox\Profiles\mfu97agf.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-11-05] [not signed]
FF Extension: (Mozilla Partner Defaults) - C:\Users\jonas\AppData\Roaming\Firefox\Firefox\Profiles\mfu97agf.default\Extensions\partnerdefaults@mozilla.com [2016-10-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-06] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [104624 2017-06-14] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-10] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [323152 2015-05-29] (Windows (R) Win 7 DDK provider)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-10] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2017-03-08] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-08-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [398176 2015-07-09] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-09] (Acer Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-06-10] (AVAST Software s.r.o.)
S3 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-06-10] (AVAST Software s.r.o.)
S3 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-06-10] (AVAST Software s.r.o.)
S3 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-06-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-06-10] (AVAST Software)
S3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-06-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-06-10] (AVAST Software)
S3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-06-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-06-10] (AVAST Software)
S3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-06-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-06-10] (AVAST Software)
S3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-06-10] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-06] (The OpenVPN Project)
S3 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-06-10] (AVAST Software)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-03-08] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-07-20] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-03-08] (ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [70960 2017-03-08] (ESET)
S3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [112640 2015-06-02] (Intel(R) Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5741816 2015-08-20] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-07-09] (Acer Incorporated)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [File not signed]
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-07-09] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [51368 2015-05-11] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-18 22:04 - 2017-07-18 22:04 - 00031372 _____ C:\Users\jonas\Downloads\FRST.txt
2017-07-18 22:04 - 2017-07-18 22:04 - 00000000 ___DC C:\FRST
2017-07-18 22:03 - 2017-07-18 22:03 - 02435584 _____ (Farbar) C:\Users\jonas\Downloads\FRST64.exe
2017-07-18 21:50 - 2017-07-18 21:50 - 00000000 ____D C:\Users\jonas\AppData\Local\Firefox
2017-07-18 19:45 - 2017-07-18 19:45 - 00000000 ____D C:\WINDOWS\Panther
2017-07-18 19:20 - 2017-07-18 19:20 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1497028472
2017-07-18 19:19 - 2017-07-18 19:19 - 00000177 _____ C:\Users\Public\Desktop\RuneScape Launcher.url
2017-07-18 19:19 - 2017-07-18 19:19 - 00000000 ___DC C:\Program Files\Jagex
2017-07-18 19:15 - 2017-07-18 19:17 - 05502016 _____ (Jagex Ltd ) C:\Users\jonas\Downloads\RuneScape-Setup.exe
2017-07-18 19:10 - 2017-07-18 19:10 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-18 17:51 - 2017-07-18 17:51 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazonAssistant.lnk
2017-07-18 17:50 - 2017-07-18 17:50 - 00000000 ___HD C:\Program Files (x86)\Amazon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-18 21:57 - 2016-07-28 19:20 - 00000000 ____D C:\Users\jonas\AppData\Roaming\Spotify
2017-07-18 21:56 - 2016-10-10 12:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\CareCenter
2017-07-18 21:55 - 2016-10-20 12:48 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-18 21:49 - 2016-07-28 19:25 - 00000000 ____D C:\Users\jonas\AppData\Local\Spotify
2017-07-18 21:46 - 2017-06-10 00:58 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-07-18 21:42 - 2015-07-22 11:08 - 01271470 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-18 21:37 - 2016-10-10 12:29 - 00000000 ____D C:\Users\jonas
2017-07-18 21:37 - 2016-10-10 12:23 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-18 21:34 - 2016-10-10 12:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-18 21:34 - 2016-10-10 12:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 20:05 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-18 20:04 - 2016-08-19 01:11 - 00000000 ____D C:\Program Files (x86)\vShare Helper
2017-07-18 20:02 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-18 19:54 - 2017-06-01 20:45 - 00000000 ____D C:\Users\jonas\AppData\LocalLow\uTorrent
2017-07-18 19:54 - 2017-03-12 15:42 - 00000000 ____D C:\Users\jonas\AppData\Roaming\uTorrent
2017-07-18 19:43 - 2016-07-16 14:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-18 19:33 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-18 19:32 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-18 19:20 - 2016-07-27 07:25 - 00000000 ____D C:\ProgramData\Jagex
2017-07-18 19:19 - 2016-12-14 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2017-07-18 19:19 - 2016-07-27 07:25 - 00000000 ____D C:\Users\jonas\AppData\Local\Jagex
2017-07-18 19:17 - 2016-07-28 19:53 - 00000000 ____D C:\Users\jonas\Downloads\EXE FILES
2017-07-18 18:29 - 2015-07-22 11:06 - 00000000 ___DC C:\Program Files (x86)\Acer
2017-07-18 18:26 - 2016-07-26 19:29 - 00000000 ____D C:\Users\jonas\AppData\Local\clear.fi
2017-07-18 18:25 - 2015-07-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-07-18 18:21 - 2017-04-11 09:02 - 00000000 ___DC C:\Program Files (x86)\Dropbox
==================== Files in the root of some directories =======
2016-07-31 22:36 - 2016-10-21 01:24 - 0000193 _____ () C:\Users\jonas\AppData\Roaming\WB.CFG
2016-10-10 12:22 - 2016-10-10 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-21 21:28 - 2016-09-21 21:28 - 0000028 _____ () C:\ProgramData\pintext.txt
Some files in TEMP:
====================
2017-07-18 18:25 - 2016-08-15 15:44 - 4964568 _____ (Acer Incorporated) C:\Users\jonas\AppData\Local\Temp\AcerDocsSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-10 02:11
==================== End of FRST.txt ============================