Jump to content

Gus-needs-help

Members
  • Content Count

    4
  • Joined

  • Last visited

Posts posted by Gus-needs-help


  1. Hey again Aura, i have now done as you said, and here are the results:

    Adwcleaner log:

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.4.0
    # -------------------------------
    # Build:    09-25-2018
    # Database: 2018-11-14.2 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start:    11-20-2018
    # Duration: 00:00:04
    # OS:       Windows 10 Home
    # Cleaned:  0
    # Failed:   2


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Not Deleted   HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bluetooth-driver-installer.en.softonic.com
    Not Deleted   HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bluetooth-driver-installer.en.softonic.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [14515 octets] - [14/11/2018 17:45:54]
    AdwCleaner[C00].txt - [13218 octets] - [14/11/2018 17:46:38]
    AdwCleaner[S01].txt - [1851 octets] - [20/11/2018 00:15:45]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
     

     

    RougeKiller log:

     

    RogueKiller Anti-Malware V13.0.11.0 (x64) [Nov 19 2018] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17134) 64 bits
    Started in : Safe mode with network support
    User : Gunnar [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Standard Scan, Delete -- Date : 2018/11/20 08:52:45 (Duration : 00:27:59)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\simplitec --  -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2904180576-155693900-2160364022-1001\Software\IM --  -> Deleted
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2904180576-155693900-2160364022-1001\Software\IM --  -> Deleted
    [PUP.Gen1 (Potentially Malicious)] simplitec -- %programdata%\simplitec -> Deleted


  2. I have now done a fix with FRST

    Here is the content of the fixlog you told me to paste:

    :::::

    Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
    Ran by Gunnar (18-11-2018 18:43:07) Run:1
    Running from C:\Users\Gunnar\Desktop
    Loaded Profiles: Gunnar (Available Profiles: Gunnar)
    Boot Mode: Safe Mode (with Networking)
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:

    CMD: type "C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startNPub.bat"
    CMD: type "C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startRevNPub.bat"

    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    Startup: C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startNPub.bat [2018-11-13] ()
    Startup: C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startRevNPub.bat [2018-11-13] ()
    GroupPolicy: Restriction - Chrome <==== ATTENTION

    Task: {0706F83B-2220-4A90-B39A-E15C5D64AD67} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {0B014D3F-24FD-4E5F-BA2F-7526805917DD} - System32\Tasks\{5B5A7559-3640-0DF6-D550-64EA7C0B1720} => C:\WINDOWS\DUoEsUaoe.exe [2018-08-03] (Microsoft Corporation)
    Task: {2558ACBD-13AD-401A-9061-BFDB11837BFF} - System32\Tasks\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3} => C:\WINDOWS\DUoEsUaoe.exe [2018-08-03] (Microsoft Corporation)
    Task: {35880C04-9D5A-4A1F-828C-1CE2C4B5E0BC} - \WPD\SqmUpload_S-1-5-21-2904180576-155693900-2160364022-1001 -> No File <==== ATTENTION
    Task: {37410D62-D83E-4C4C-A785-FB4EB849BB7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {3D193D5A-27F7-43CC-86D5-405B100455F9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {4053C2B2-9930-46CC-BFEA-9FEA44FA7748} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {59FF7F84-0D14-48D7-8284-282DC56884E0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {68876FFE-1E83-463F-A6F1-B5D8F3110E35} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {783B864D-5AB6-4F77-8A65-01B57A904E5F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {AFB5955C-29AC-414A-BE0E-0D948A9E05DA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B180932D-5D82-4B7A-95BA-E4E81A4DA2E9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {BC8BAF84-4B94-406F-BB80-06DC83059FCF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {CC33F3BB-C261-44DE-A62F-E2179461968E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {D81EEC94-7B4B-49FD-A0A1-84169312E8DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {E9F3DE73-62C7-4DD2-BED6-87E1ED0A6DE4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {EC749338-0D72-4059-96B1-A8B11EE390A3} - System32\Tasks\Bluetooth Driver Installer => C:\Users\Gunnar\AppData\Local\Temp\is-RPMBG.tmp\prsetup.exe <==== ATTENTION
    Task: {EF0A60CB-42DB-4620-BE41-0E08C2B9809C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\bkuJlxDloZFGUqVjBBO.job => C:\Users\Gunnar\AppData\Local\Temp\ybiaq.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\bkuxQCaiXYucpRZvTAd.job => C:\Users\Gunnar\AppData\Local\Temp\epp4qbly.c3w\nuwpqicunde.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\simplitec Power Suite.job => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe

    AlternateDataStreams: C:\ProgramData\PACE:6D18FE35B3D71349 [217]
    AlternateDataStreams: C:\ProgramData\Temp:05E9FFE5 [149]
    AlternateDataStreams: C:\ProgramData\Temp:DBC416F8 [144]
    AlternateDataStreams: C:\Users\Gunnar\Cookies:q91d5urmMA1ZJTrYc0wM [2098]
    AlternateDataStreams: C:\Users\Gunnar\AppData\Local\SGasHhXJ137ng3:zabr91KEsG53b7YhabiIl [1886]

    HKU\S-1-5-21-2904180576-155693900-2160364022-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

    FirewallRules: [{129D39E5-86D6-4FEC-A1B9-35DE72E3B53A}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
    FirewallRules: [{5B15142E-0CCD-4B02-B736-7EBC980FF35B}] => (Allow) C:\Program Files (x86)\Common Files\IaqOpYvh.exe
    FirewallRules: [{9399AE3D-9CC2-4EC0-978F-47BA93411F85}] => (Allow) C:\WINDOWS\DUoEsUaoe.exe
    FirewallRules: [{E3012B55-EF12-4F96-8944-34BF4D834C5E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{03563D74-FDCA-4F51-862F-EE38330BAF1D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{E3AFD37D-CDDD-4952-B8C9-B127515BABC2}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
    FirewallRules: [{32702A09-F8AC-4F6D-8309-1FB9A8AA9862}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{3C7DA985-63B4-4D81-81E8-E5A50D43962F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{98154E75-F93B-4D77-A016-D25BA108E528}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe

    C:\Program Files\YzgyMmNlNTBmNGRkN
    C:\Program Files\RXO00NEQX1
    C:\Program Files\I66QV4BVD1
    C:\Program Files (x86)\simplitec
    C:\ProgramData\BetaService
    C:\ProgramData\wrvdgc.txt
    C:\ProgramData\wrvdgd.exe
    C:\ProgramData\wrvdgb.exe
    C:\Users\Gunnar\AppData\NPFiles.zip
    C:\Users\Gunnar\AppData\NPFiles
    C:\Users\Gunnar\AppData\Local\dump007.dat
    C:\Users\Gunnar\AppData\Local\installer.dat
    C:\Users\Gunnar\AppData\Local\wbem.ini
    C:\Users\Gunnar\AppData\Local\oobelibMkey.log
    C:\Users\Gunnar\AppData\Local\Temp\bhn0fg5ejkj.exe
    C:\Users\Gunnar\AppData\Local\Temp\NouvPubLauncher.exe
    C:\Users\Gunnar\AppData\Local\Temp\Spectrasonics_Omnisphere_2_5_3_Crack_Free_is_Here_Latest_.exe
    C:\Users\Gunnar\AppData\Local\Temp\speedownloader.exe
    C:\Users\Gunnar\AppData\Local\Temp\tomey.exe
    C:\Users\Gunnar\AppData\Local\Temp\Uninstall.exe
    C:\Users\Gunnar\AppData\Roaming\zdhwkav5kzm
    C:\Users\Gunnar\AppData\Roaming\yqoydw5kfc2
    C:\Users\Gunnar\AppData\Roaming\v2f4wtz24j2
    C:\Users\Gunnar\AppData\Roaming\wetgy1g0qei
    C:\Users\Gunnar\AppData\Roaming\zefyjn4h0o2
    C:\Users\Gunnar\AppData\Roaming\gys0acgd3oo
    C:\Users\Gunnar\AppData\Roaming\31sn0pijt4p
    C:\Users\Gunnar\AppData\Roaming\pfd2piw5tji
    C:\Users\Gunnar\AppData\Roaming\f2cztexmbv3
    C:\Users\Gunnar\AppData\Roaming\UASOEGAaJW.exe
    C:\WINDOWS\DUoEsUaoe.exe
    C:\WINDOWS\Tasks\bkuxQCaiXYucpRZvTAd.job
    C:\WINDOWS\Tasks\bkuJlxDloZFGUqVjBBO.job
    C:\WINDOWS\System32\Tasks\{5B5A7559-3640-0DF6-D550-64EA7C0B1720}
    C:\WINDOWS\System32\Tasks\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3}

    EmptyTemp:
    *****************

    Processes closed successfully.
    Error: Restore point can only be created in normal mode.

    ========= type "C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startNPub.bat" =========

    @echo off
    TITLE Command Prompt
    "C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaw.exe" -jar \Users\Gunnar\AppData\NPFiles\NPFiles\NouvPub.jar
    exit

    ========= End of CMD: =========


    ========= type "C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startRevNPub.bat" =========

    @echo off
    TITLE Command Prompt
    "C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaw.exe" -jar \Users\Gunnar\AppData\NPFiles\NPFiles\Revivre.jar
    exit

    ========= End of CMD: =========

    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
    C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startNPub.bat => moved successfully
    C:\Users\Gunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startRevNPub.bat => moved successfully
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0706F83B-2220-4A90-B39A-E15C5D64AD67}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0706F83B-2220-4A90-B39A-E15C5D64AD67}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B014D3F-24FD-4E5F-BA2F-7526805917DD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B014D3F-24FD-4E5F-BA2F-7526805917DD}" => removed successfully
    C:\WINDOWS\System32\Tasks\{5B5A7559-3640-0DF6-D550-64EA7C0B1720} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5B5A7559-3640-0DF6-D550-64EA7C0B1720}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2558ACBD-13AD-401A-9061-BFDB11837BFF}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2558ACBD-13AD-401A-9061-BFDB11837BFF}" => removed successfully
    C:\WINDOWS\System32\Tasks\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35880C04-9D5A-4A1F-828C-1CE2C4B5E0BC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35880C04-9D5A-4A1F-828C-1CE2C4B5E0BC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2904180576-155693900-2160364022-1001" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37410D62-D83E-4C4C-A785-FB4EB849BB7D}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37410D62-D83E-4C4C-A785-FB4EB849BB7D}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D193D5A-27F7-43CC-86D5-405B100455F9}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D193D5A-27F7-43CC-86D5-405B100455F9}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4053C2B2-9930-46CC-BFEA-9FEA44FA7748}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4053C2B2-9930-46CC-BFEA-9FEA44FA7748}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59FF7F84-0D14-48D7-8284-282DC56884E0}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59FF7F84-0D14-48D7-8284-282DC56884E0}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68876FFE-1E83-463F-A6F1-B5D8F3110E35}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68876FFE-1E83-463F-A6F1-B5D8F3110E35}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{783B864D-5AB6-4F77-8A65-01B57A904E5F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{783B864D-5AB6-4F77-8A65-01B57A904E5F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFB5955C-29AC-414A-BE0E-0D948A9E05DA}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFB5955C-29AC-414A-BE0E-0D948A9E05DA}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B180932D-5D82-4B7A-95BA-E4E81A4DA2E9}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B180932D-5D82-4B7A-95BA-E4E81A4DA2E9}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC8BAF84-4B94-406F-BB80-06DC83059FCF}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC8BAF84-4B94-406F-BB80-06DC83059FCF}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC33F3BB-C261-44DE-A62F-E2179461968E}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC33F3BB-C261-44DE-A62F-E2179461968E}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D81EEC94-7B4B-49FD-A0A1-84169312E8DE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D81EEC94-7B4B-49FD-A0A1-84169312E8DE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9F3DE73-62C7-4DD2-BED6-87E1ED0A6DE4}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9F3DE73-62C7-4DD2-BED6-87E1ED0A6DE4}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC749338-0D72-4059-96B1-A8B11EE390A3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC749338-0D72-4059-96B1-A8B11EE390A3}" => removed successfully
    C:\WINDOWS\System32\Tasks\Bluetooth Driver Installer => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bluetooth Driver Installer" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF0A60CB-42DB-4620-BE41-0E08C2B9809C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF0A60CB-42DB-4620-BE41-0E08C2B9809C}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "C:\WINDOWS\Tasks\bkuJlxDloZFGUqVjBBO.job" => not found
    "C:\WINDOWS\Tasks\bkuxQCaiXYucpRZvTAd.job" => not found
    C:\WINDOWS\Tasks\simplitec Power Suite.job => moved successfully
    C:\ProgramData\PACE => ":6D18FE35B3D71349" ADS removed successfully
    C:\ProgramData\Temp => ":05E9FFE5" ADS removed successfully
    C:\ProgramData\Temp => ":DBC416F8" ADS removed successfully
    C:\Users\Gunnar\Cookies => ":q91d5urmMA1ZJTrYc0wM" ADS removed successfully
    C:\Users\Gunnar\AppData\Local\SGasHhXJ137ng3 => ":zabr91KEsG53b7YhabiIl" ADS removed successfully
    HKU\S-1-5-21-2904180576-155693900-2160364022-1001\Software\Classes\regfile => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{129D39E5-86D6-4FEC-A1B9-35DE72E3B53A}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B15142E-0CCD-4B02-B736-7EBC980FF35B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9399AE3D-9CC2-4EC0-978F-47BA93411F85}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3012B55-EF12-4F96-8944-34BF4D834C5E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03563D74-FDCA-4F51-862F-EE38330BAF1D}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3AFD37D-CDDD-4952-B8C9-B127515BABC2}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32702A09-F8AC-4F6D-8309-1FB9A8AA9862}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C7DA985-63B4-4D81-81E8-E5A50D43962F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98154E75-F93B-4D77-A016-D25BA108E528}" => removed successfully
    C:\Program Files\YzgyMmNlNTBmNGRkN => moved successfully
    C:\Program Files\RXO00NEQX1 => moved successfully
    C:\Program Files\I66QV4BVD1 => moved successfully
    C:\Program Files (x86)\simplitec => moved successfully
    C:\ProgramData\BetaService => moved successfully
    C:\ProgramData\wrvdgc.txt => moved successfully
    C:\ProgramData\wrvdgd.exe => moved successfully
    "C:\ProgramData\wrvdgb.exe" => not found
    C:\Users\Gunnar\AppData\NPFiles.zip => moved successfully
    C:\Users\Gunnar\AppData\NPFiles => moved successfully
    C:\Users\Gunnar\AppData\Local\dump007.dat => moved successfully
    C:\Users\Gunnar\AppData\Local\installer.dat => moved successfully
    C:\Users\Gunnar\AppData\Local\wbem.ini => moved successfully
    C:\Users\Gunnar\AppData\Local\oobelibMkey.log => moved successfully
    C:\Users\Gunnar\AppData\Local\Temp\bhn0fg5ejkj.exe => moved successfully
    C:\Users\Gunnar\AppData\Local\Temp\NouvPubLauncher.exe => moved successfully
    C:\Users\Gunnar\AppData\Local\Temp\Spectrasonics_Omnisphere_2_5_3_Crack_Free_is_Here_Latest_.exe => moved successfully
    "C:\Users\Gunnar\AppData\Local\Temp\speedownloader.exe" => not found
    "C:\Users\Gunnar\AppData\Local\Temp\tomey.exe" => not found
    C:\Users\Gunnar\AppData\Local\Temp\Uninstall.exe => moved successfully
    C:\Users\Gunnar\AppData\Roaming\zdhwkav5kzm => moved successfully
    C:\Users\Gunnar\AppData\Roaming\yqoydw5kfc2 => moved successfully
    C:\Users\Gunnar\AppData\Roaming\v2f4wtz24j2 => moved successfully
    C:\Users\Gunnar\AppData\Roaming\wetgy1g0qei => moved successfully
    C:\Users\Gunnar\AppData\Roaming\zefyjn4h0o2 => moved successfully
    C:\Users\Gunnar\AppData\Roaming\gys0acgd3oo => moved successfully
    C:\Users\Gunnar\AppData\Roaming\31sn0pijt4p => moved successfully
    C:\Users\Gunnar\AppData\Roaming\pfd2piw5tji => moved successfully
    C:\Users\Gunnar\AppData\Roaming\f2cztexmbv3 => moved successfully
    C:\Users\Gunnar\AppData\Roaming\UASOEGAaJW.exe => moved successfully
    C:\WINDOWS\DUoEsUaoe.exe => moved successfully
    "C:\WINDOWS\Tasks\bkuxQCaiXYucpRZvTAd.job" => not found
    "C:\WINDOWS\Tasks\bkuJlxDloZFGUqVjBBO.job" => not found
    "C:\WINDOWS\System32\Tasks\{5B5A7559-3640-0DF6-D550-64EA7C0B1720}" => not found
    "C:\WINDOWS\System32\Tasks\{5BB4344A-D0B5-AF0E-47B1-54AE39A4C3C3}" => not found

    =========== EmptyTemp: ==========

    BITS transfer queue => 9461760 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 138438346 B
    Java, Flash, Steam htmlcache => 51030 B
    Windows/system/drivers => 5709299 B
    Edge => 31506333 B
    Chrome => 324838432 B
    Firefox => 375561551 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 13712 B
    LocalService => 0 B
    NetworkService => 0 B
    NetworkService => 0 B
    Gunnar => 445238425 B

    RecycleBin => 4351634 B
    EmptyTemp: => 1.2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 18:49:35 ====

    Fixlog.txt


  3. Hey, i would really appreciate some help as i have gotten my laptop infected with virus. The problem startes as i downloaded something from the internet and everything went nuts. From there i started the computer in safe mode and did a scan with malwarebytes. I thought the problem was solved as i found a lot of malware, but when i restarted the computer i still had some problems. These problems being internet explorer always starts by itself showing me some random starter-page, malwarebytes always freezes as i try to open it - task manager says it has status "shut off", and even trying to search for malwarebytes or anything else antivirus related on the internet automaticly freezes the browser (applies to any browser), but only if i search for these things. From here i have tried plenty of virus scans in safe mode, and it always finds something but it never solves any problem.

    I was hoping for a quick answer as i am out of things to do. I downloaded FRST and did a scan some hours ago, files are attached. Note that i did some virus scans and such in the meanwhile, so if its neccessary that the log files are as recent as possible ill probly do another scan with FRST if you wish so.

    Addition.txt

    FRST.txt

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.