Jump to content

Gus-needs-help

Members
  • Content Count

    4
  • Joined

  • Last visited

About Gus-needs-help

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hey again Aura, i have now done as you said, and here are the results: Adwcleaner log: # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-25-2018 # Database: 2018-11-14.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 11-20-2018 # Duration: 00:00:04 # OS: Windows 10 Home # Cleaned: 0 # Failed: 2 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluetooth-driver-installer.en.softonic.com Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bluetooth-driver-installer.en.softonic.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [14515 octets] - [14/11/2018 17:45:54] AdwCleaner[C00].txt - [13218 octets] - [14/11/2018 17:46:38] AdwCleaner[S01].txt - [1851 octets] - [20/11/2018 00:15:45] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## RougeKiller log: RogueKiller Anti-Malware V13.0.11.0 (x64) [Nov 19 2018] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17134) 64 bits Started in : Safe mode with network support User : Gunnar [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Standard Scan, Delete -- Date : 2018/11/20 08:52:45 (Duration : 00:27:59) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\simplitec -- -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2904180576-155693900-2160364022-1001\Software\IM -- -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2904180576-155693900-2160364022-1001\Software\IM -- -> Deleted [PUP.Gen1 (Potentially Malicious)] simplitec -- %programdata%\simplitec -> Deleted
  2. I have now done a fix with FRST Here is the content of the fixlog you told me to paste: ::::: Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018 Ran by Gunnar (18-11-2018 18:43:07) Run:1 Running from C:\Users\Gunnar\Desktop Loaded Profiles: Gunnar (Available Profiles: Gunnar) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: CMD: type "C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startNPub.bat" CMD: type "C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startRevNPub.bat" HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION Startup: C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startNPub.bat [2018-11-13] () Startup: C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startRevNPub.bat [2018-11-13] () GroupPolicy: Restriction - Chrome <==== ATTENTION Task: {0706F83B-2220-4A90-B39A-E15C5D64AD67} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {0B014D3F-24FD-4E5F-BA2F-7526805917DD} - System32\Tasks\{5B5A7559-3640-0DF6-D550-64EA7C0B1720} => C:\WINDOWS\DUoEsUaoe.exe [2018-08-03] (Microsoft Corporation) Task: {2558ACBD-13AD-401A-9061-BFDB11837BFF} - System32\Tasks\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3} => C:\WINDOWS\DUoEsUaoe.exe [2018-08-03] (Microsoft Corporation) Task: {35880C04-9D5A-4A1F-828C-1CE2C4B5E0BC} - \WPD\SqmUpload_S-1-5-21-2904180576-155693900-2160364022-1001 -> No File <==== ATTENTION Task: {37410D62-D83E-4C4C-A785-FB4EB849BB7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3D193D5A-27F7-43CC-86D5-405B100455F9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {4053C2B2-9930-46CC-BFEA-9FEA44FA7748} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {59FF7F84-0D14-48D7-8284-282DC56884E0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {68876FFE-1E83-463F-A6F1-B5D8F3110E35} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {783B864D-5AB6-4F77-8A65-01B57A904E5F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {AFB5955C-29AC-414A-BE0E-0D948A9E05DA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B180932D-5D82-4B7A-95BA-E4E81A4DA2E9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {BC8BAF84-4B94-406F-BB80-06DC83059FCF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {CC33F3BB-C261-44DE-A62F-E2179461968E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {D81EEC94-7B4B-49FD-A0A1-84169312E8DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {E9F3DE73-62C7-4DD2-BED6-87E1ED0A6DE4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {EC749338-0D72-4059-96B1-A8B11EE390A3} - System32\Tasks\Bluetooth Driver Installer => C:\Users\Gunnar\AppData\Local\Temp\is-RPMBG.tmp\prsetup.exe <==== ATTENTION Task: {EF0A60CB-42DB-4620-BE41-0E08C2B9809C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\bkuJlxDloZFGUqVjBBO.job => C:\Users\Gunnar\AppData\Local\Temp\ybiaq.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\bkuxQCaiXYucpRZvTAd.job => C:\Users\Gunnar\AppData\Local\Temp\epp4qbly.c3w\nuwpqicunde.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\simplitec Power Suite.job => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe AlternateDataStreams: C:\ProgramData\PACE:6D18FE35B3D71349 [217] AlternateDataStreams: C:\ProgramData\Temp:05E9FFE5 [149] AlternateDataStreams: C:\ProgramData\Temp:DBC416F8 [144] AlternateDataStreams: C:\Users\Gunnar\Cookies:q91d5urmMA1ZJTrYc0wM [2098] AlternateDataStreams: C:\Users\Gunnar\AppData\Local\SGasHhXJ137ng3:zabr91KEsG53b7YhabiIl [1886] HKU\S-1-5-21-2904180576-155693900-2160364022-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION FirewallRules: [{129D39E5-86D6-4FEC-A1B9-35DE72E3B53A}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe FirewallRules: [{5B15142E-0CCD-4B02-B736-7EBC980FF35B}] => (Allow) C:\Program Files (x86)\Common Files\IaqOpYvh.exe FirewallRules: [{9399AE3D-9CC2-4EC0-978F-47BA93411F85}] => (Allow) C:\WINDOWS\DUoEsUaoe.exe FirewallRules: [{E3012B55-EF12-4F96-8944-34BF4D834C5E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{03563D74-FDCA-4F51-862F-EE38330BAF1D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{E3AFD37D-CDDD-4952-B8C9-B127515BABC2}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe FirewallRules: [{32702A09-F8AC-4F6D-8309-1FB9A8AA9862}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{3C7DA985-63B4-4D81-81E8-E5A50D43962F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{98154E75-F93B-4D77-A016-D25BA108E528}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe C:\Program Files\YzgyMmNlNTBmNGRkN C:\Program Files\RXO00NEQX1 C:\Program Files\I66QV4BVD1 C:\Program Files (x86)\simplitec C:\ProgramData\BetaService C:\ProgramData\wrvdgc.txt C:\ProgramData\wrvdgd.exe C:\ProgramData\wrvdgb.exe C:\Users\Gunnar\AppData\NPFiles.zip C:\Users\Gunnar\AppData\NPFiles C:\Users\Gunnar\AppData\Local\dump007.dat C:\Users\Gunnar\AppData\Local\installer.dat C:\Users\Gunnar\AppData\Local\wbem.ini C:\Users\Gunnar\AppData\Local\oobelibMkey.log C:\Users\Gunnar\AppData\Local\Temp\bhn0fg5ejkj.exe C:\Users\Gunnar\AppData\Local\Temp\NouvPubLauncher.exe C:\Users\Gunnar\AppData\Local\Temp\Spectrasonics_Omnisphere_2_5_3_Crack_Free_is_Here_Latest_.exe C:\Users\Gunnar\AppData\Local\Temp\speedownloader.exe C:\Users\Gunnar\AppData\Local\Temp\tomey.exe C:\Users\Gunnar\AppData\Local\Temp\Uninstall.exe C:\Users\Gunnar\AppData\Roaming\zdhwkav5kzm C:\Users\Gunnar\AppData\Roaming\yqoydw5kfc2 C:\Users\Gunnar\AppData\Roaming\v2f4wtz24j2 C:\Users\Gunnar\AppData\Roaming\wetgy1g0qei C:\Users\Gunnar\AppData\Roaming\zefyjn4h0o2 C:\Users\Gunnar\AppData\Roaming\gys0acgd3oo C:\Users\Gunnar\AppData\Roaming\31sn0pijt4p C:\Users\Gunnar\AppData\Roaming\pfd2piw5tji C:\Users\Gunnar\AppData\Roaming\f2cztexmbv3 C:\Users\Gunnar\AppData\Roaming\UASOEGAaJW.exe C:\WINDOWS\DUoEsUaoe.exe C:\WINDOWS\Tasks\bkuxQCaiXYucpRZvTAd.job C:\WINDOWS\Tasks\bkuJlxDloZFGUqVjBBO.job C:\WINDOWS\System32\Tasks\{5B5A7559-3640-0DF6-D550-64EA7C0B1720} C:\WINDOWS\System32\Tasks\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3} EmptyTemp: ***************** Processes closed successfully. Error: Restore point can only be created in normal mode. ========= type "C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startNPub.bat" ========= @echo off TITLE Command Prompt "C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaw.exe" -jar \Users\Gunnar\AppData\NPFiles\NPFiles\NouvPub.jar exit ========= End of CMD: ========= ========= type "C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startRevNPub.bat" ========= @echo off TITLE Command Prompt "C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaw.exe" -jar \Users\Gunnar\AppData\NPFiles\NPFiles\Revivre.jar exit ========= End of CMD: ========= HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startNPub.bat => moved successfully C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startRevNPub.bat => moved successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0706F83B-2220-4A90-B39A-E15C5D64AD67}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0706F83B-2220-4A90-B39A-E15C5D64AD67}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B014D3F-24FD-4E5F-BA2F-7526805917DD}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B014D3F-24FD-4E5F-BA2F-7526805917DD}" => removed successfully C:\WINDOWS\System32\Tasks\{5B5A7559-3640-0DF6-D550-64EA7C0B1720} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5B5A7559-3640-0DF6-D550-64EA7C0B1720}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2558ACBD-13AD-401A-9061-BFDB11837BFF}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2558ACBD-13AD-401A-9061-BFDB11837BFF}" => removed successfully C:\WINDOWS\System32\Tasks\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35880C04-9D5A-4A1F-828C-1CE2C4B5E0BC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35880C04-9D5A-4A1F-828C-1CE2C4B5E0BC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2904180576-155693900-2160364022-1001" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37410D62-D83E-4C4C-A785-FB4EB849BB7D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37410D62-D83E-4C4C-A785-FB4EB849BB7D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D193D5A-27F7-43CC-86D5-405B100455F9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D193D5A-27F7-43CC-86D5-405B100455F9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4053C2B2-9930-46CC-BFEA-9FEA44FA7748}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4053C2B2-9930-46CC-BFEA-9FEA44FA7748}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59FF7F84-0D14-48D7-8284-282DC56884E0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59FF7F84-0D14-48D7-8284-282DC56884E0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68876FFE-1E83-463F-A6F1-B5D8F3110E35}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68876FFE-1E83-463F-A6F1-B5D8F3110E35}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{783B864D-5AB6-4F77-8A65-01B57A904E5F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{783B864D-5AB6-4F77-8A65-01B57A904E5F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFB5955C-29AC-414A-BE0E-0D948A9E05DA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFB5955C-29AC-414A-BE0E-0D948A9E05DA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B180932D-5D82-4B7A-95BA-E4E81A4DA2E9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B180932D-5D82-4B7A-95BA-E4E81A4DA2E9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC8BAF84-4B94-406F-BB80-06DC83059FCF}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC8BAF84-4B94-406F-BB80-06DC83059FCF}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC33F3BB-C261-44DE-A62F-E2179461968E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC33F3BB-C261-44DE-A62F-E2179461968E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D81EEC94-7B4B-49FD-A0A1-84169312E8DE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D81EEC94-7B4B-49FD-A0A1-84169312E8DE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9F3DE73-62C7-4DD2-BED6-87E1ED0A6DE4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9F3DE73-62C7-4DD2-BED6-87E1ED0A6DE4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC749338-0D72-4059-96B1-A8B11EE390A3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC749338-0D72-4059-96B1-A8B11EE390A3}" => removed successfully C:\WINDOWS\System32\Tasks\Bluetooth Driver Installer => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bluetooth Driver Installer" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF0A60CB-42DB-4620-BE41-0E08C2B9809C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF0A60CB-42DB-4620-BE41-0E08C2B9809C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "C:\WINDOWS\Tasks\bkuJlxDloZFGUqVjBBO.job" => not found "C:\WINDOWS\Tasks\bkuxQCaiXYucpRZvTAd.job" => not found C:\WINDOWS\Tasks\simplitec Power Suite.job => moved successfully C:\ProgramData\PACE => ":6D18FE35B3D71349" ADS removed successfully C:\ProgramData\Temp => ":05E9FFE5" ADS removed successfully C:\ProgramData\Temp => ":DBC416F8" ADS removed successfully C:\Users\Gunnar\Cookies => ":q91d5urmMA1ZJTrYc0wM" ADS removed successfully C:\Users\Gunnar\AppData\Local\SGasHhXJ137ng3 => ":zabr91KEsG53b7YhabiIl" ADS removed successfully HKU\S-1-5-21-2904180576-155693900-2160364022-1001\Software\Classes\regfile => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{129D39E5-86D6-4FEC-A1B9-35DE72E3B53A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B15142E-0CCD-4B02-B736-7EBC980FF35B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9399AE3D-9CC2-4EC0-978F-47BA93411F85}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3012B55-EF12-4F96-8944-34BF4D834C5E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03563D74-FDCA-4F51-862F-EE38330BAF1D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3AFD37D-CDDD-4952-B8C9-B127515BABC2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32702A09-F8AC-4F6D-8309-1FB9A8AA9862}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C7DA985-63B4-4D81-81E8-E5A50D43962F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98154E75-F93B-4D77-A016-D25BA108E528}" => removed successfully C:\Program Files\YzgyMmNlNTBmNGRkN => moved successfully C:\Program Files\RXO00NEQX1 => moved successfully C:\Program Files\I66QV4BVD1 => moved successfully C:\Program Files (x86)\simplitec => moved successfully C:\ProgramData\BetaService => moved successfully C:\ProgramData\wrvdgc.txt => moved successfully C:\ProgramData\wrvdgd.exe => moved successfully "C:\ProgramData\wrvdgb.exe" => not found C:\Users\Gunnar\AppData\NPFiles.zip => moved successfully C:\Users\Gunnar\AppData\NPFiles => moved successfully C:\Users\Gunnar\AppData\Local\dump007.dat => moved successfully C:\Users\Gunnar\AppData\Local\installer.dat => moved successfully C:\Users\Gunnar\AppData\Local\wbem.ini => moved successfully C:\Users\Gunnar\AppData\Local\oobelibMkey.log => moved successfully C:\Users\Gunnar\AppData\Local\Temp\bhn0fg5ejkj.exe => moved successfully C:\Users\Gunnar\AppData\Local\Temp\NouvPubLauncher.exe => moved successfully C:\Users\Gunnar\AppData\Local\Temp\Spectrasonics_Omnisphere_2_5_3_Crack_Free_is_Here_Latest_.exe => moved successfully "C:\Users\Gunnar\AppData\Local\Temp\speedownloader.exe" => not found "C:\Users\Gunnar\AppData\Local\Temp\tomey.exe" => not found C:\Users\Gunnar\AppData\Local\Temp\Uninstall.exe => moved successfully C:\Users\Gunnar\AppData\Roaming\zdhwkav5kzm => moved successfully C:\Users\Gunnar\AppData\Roaming\yqoydw5kfc2 => moved successfully C:\Users\Gunnar\AppData\Roaming\v2f4wtz24j2 => moved successfully C:\Users\Gunnar\AppData\Roaming\wetgy1g0qei => moved successfully C:\Users\Gunnar\AppData\Roaming\zefyjn4h0o2 => moved successfully C:\Users\Gunnar\AppData\Roaming\gys0acgd3oo => moved successfully C:\Users\Gunnar\AppData\Roaming\31sn0pijt4p => moved successfully C:\Users\Gunnar\AppData\Roaming\pfd2piw5tji => moved successfully C:\Users\Gunnar\AppData\Roaming\f2cztexmbv3 => moved successfully C:\Users\Gunnar\AppData\Roaming\UASOEGAaJW.exe => moved successfully C:\WINDOWS\DUoEsUaoe.exe => moved successfully "C:\WINDOWS\Tasks\bkuxQCaiXYucpRZvTAd.job" => not found "C:\WINDOWS\Tasks\bkuJlxDloZFGUqVjBBO.job" => not found "C:\WINDOWS\System32\Tasks\{5B5A7559-3640-0DF6-D550-64EA7C0B1720}" => not found "C:\WINDOWS\System32\Tasks\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3}" => not found =========== EmptyTemp: ========== BITS transfer queue => 9461760 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 138438346 B Java, Flash, Steam htmlcache => 51030 B Windows/system/drivers => 5709299 B Edge => 31506333 B Chrome => 324838432 B Firefox => 375561551 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 13712 B LocalService => 0 B NetworkService => 0 B NetworkService => 0 B Gunnar => 445238425 B RecycleBin => 4351634 B EmptyTemp: => 1.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 18:49:35 ==== Fixlog.txt
  3. Hey Aura, thanks for the fast reply Im currently uninstalling those two programs you mentioned, but i encountered a problem in that i cant find the program named "4PBhIrxkVggOKP8X version 1.0". Any suggestions on where to look or what to do?
  4. Hey, i would really appreciate some help as i have gotten my laptop infected with virus. The problem startes as i downloaded something from the internet and everything went nuts. From there i started the computer in safe mode and did a scan with malwarebytes. I thought the problem was solved as i found a lot of malware, but when i restarted the computer i still had some problems. These problems being internet explorer always starts by itself showing me some random starter-page, malwarebytes always freezes as i try to open it - task manager says it has status "shut off", and even trying to search for malwarebytes or anything else antivirus related on the internet automaticly freezes the browser (applies to any browser), but only if i search for these things. From here i have tried plenty of virus scans in safe mode, and it always finds something but it never solves any problem. I was hoping for a quick answer as i am out of things to do. I downloaded FRST and did a scan some hours ago, files are attached. Note that i did some virus scans and such in the meanwhile, so if its neccessary that the log files are as recent as possible ill probly do another scan with FRST if you wish so. Addition.txt FRST.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.