groenstad

Thank you for help! You realy helped out alot:)

Just reinstalled chrome, and now the message isn't showing anymore more. So everthing looks fine and clean now Thank you very much for your help!

Ok, then. No, i only have the free version

It is a message like that. Norton says it has blocked the attack and there is no need for action. But somehow the same message appears again and again. The log says the attack is because "DEVICE\HARDDISKVOLUME5\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" and the attack is from:"54.68.144.135" "goodslink.org/sync2/rmbs=1&q=hfZ9oehUC7hUqjsMCyVUojwEqTaErchTB6lKDzt4ok4otNtVh7n0rjnFrTw9rdC9pdnGtMFHhd9FqjaHrTCGrTaErHnMDMlGojwEtMVKhd9Grjn6qdYHqTn6tNqHhd96qHr6rTs5qHr8rjU7qTw7qdk8tNZKge8VoemVgeE9hylZBchOAen0rjr9rTaHqdgEqdC4pjkGpds5pdkMhfZPhd9Grjn6qdYHqTn6tM0HAen0qTaHtMVKC6n0rTwMgNr0rn" Thanks!

Got rid of that add on too now, thank you very much but this message still appears from norton "System infected: Fake plugin activity 2". Got no idea what it is.

But i keep getting a message from norton that they blocked an attack from "System infected: Fake plugin activity 2"

Yes, i dont get pop-up ads now! Thank you very much but in explorer there still is an extension named "funshopper", which i cant deactivate or remove though

that is done. it found one of extensions "fastncheap".

Thanks alot for the help so far! Here's the JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.7 (03.28.2015:1)OS: Windows 8.1 x64Ran by FredrikG on 28.03.2015 at 15:51:36,49~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1119704315-3368492914-1248811897-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 28.03.2015 at 15:55:01,32End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.113 - Logfile created 28/03/2015 at 15:47:11 # Updated 22/03/2015 by Xplode # Database : 2015-03-27.1 [server] # Operating system : Windows 8.1 (x64) # Username : FredrikG - FREDRIK # Running from : C:\Users\FredrikG\Downloads\adwcleaner_4.113.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v41.0.2272.101 ************************* AdwCleaner[R0].txt - [1221 bytes] - [28/03/2015 00:50:42] AdwCleaner[R1].txt - [1343 bytes] - [28/03/2015 15:37:33] AdwCleaner[R2].txt - [1404 bytes] - [28/03/2015 15:45:33] AdwCleaner[s0].txt - [1297 bytes] - [28/03/2015 00:55:17] AdwCleaner[s1].txt - [1337 bytes] - [28/03/2015 15:47:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1396 bytes] ##########

RougeKiller report: RogueKiller V10.5.7.0 (x64) [Mar 22 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : FredrikG [Administrator]Started from : C:\Users\FredrikG\Desktop\RogueKillerX64.exeMode : Scan -- Date : 03/28/2015 14:33:47 ¤¤¤ Processes : 1 ¤¤¤[suspicious.Path] ymc.exe(2464) -- C:\ProgramData\LenovoTransition\Server\x64\ymc.exe[7] -> Killed [TermProc] ¤¤¤ Registry : 12 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ymc (C:\ProgramData\LenovoTransition\Server\x64\ymc.exe) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ymc (C:\ProgramData\LenovoTransition\Server\x64\ymc.exe) -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A79206F0-37D4-4F9E-BF34-853C2B148934} | DhcpNameServer : 150.201.1.3 [uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A79206F0-37D4-4F9E-BF34-853C2B148934} | DhcpNameServer : 150.201.1.3 [uNITED STATES (US)] -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 1 ¤¤¤[suspicious.Path] \\Microsoft OneDrive Auto Update Task-S-1-5-21-1119704315-3368492914-1248811897-1001 -- %localappdata%\Microsoft\OneDrive\OneDrive.exe -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: SAMSUNG MZMTE256HMHP-000L1 +++++--- User ---[MBR] b97df0710ffc7dea9beecd65c1fe4ad7[bSP] 46d37f69afdb9ef08811c684d270fe75 : Empty MBR CodePartition table:0 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB1 - [sYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB2 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB4 - Basic data partition | Offset (sectors): 4892672 | Size: 202188 MB5 - Basic data partition | Offset (sectors): 418973696 | Size: 25600 MB6 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 471402496 | Size: 14021 MBUser = LL1 ... OKUser = LL2 ... OK

some problems appeared when i tried to copy paste the whole log and then submit the reply, so i hope it is ok that i attatch both txt files. Addition.txt FRST.txt

Malware byte log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 28.03.2015Scan Time: 14:09:08Logfile: log.txtAdministrator: Yes Version: 2.00.4.1028Malware Database: v2015.03.28.03Rootkit Database: v2015.03.26.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: FredrikG Scan Type: Threat ScanResult: CompletedObjects Scanned: 345619Time Elapsed: 7 min, 59 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)

Hi! Recently i'va started to get pop up ads while browsing. The ads appears in the right side of the browser as "hot deals" etc. In explorer the are some extensions named "funshopper" and "fastncheap" but i got no idea how to remove these. In chrome (which im using the most) i there is no extensions showing. Does someone know how to deal with this, and want/can help? Thanks!