Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Malware or Firefox add on


Recommended Posts

Hi

 

Recently, after having downloaded some programs, my pc (XP) started showing pop up commercials in my browser Firefox and one day my pc was really slow in and after the Windows start up. I was quite sure the pc was infected by malware and that kind of stuff, so I tried cleaning it with different software. It actually found something, but didn't seem to delete them, and the malware problems didn't seem to disappear.

Then I saw someone mention that a Firefox add on could cause these commercial pop ups for the pc. I found an unknown add on in Firefox installed about the time where the problems began, uninstalled the add on, and since my pc has worked fine.

But it wonders me why my pc has had problems starting and worked extremely slow. Could there still be malware somewhere, even if I don't notice anything wrong now, or how can an add on cause all these trouble?

 

/Stefan

Link to post
Share on other sites

Welcome to the forum.

First:

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS may not run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for the instruction.

 

Here's the log data from Malwarebytes Anti-Malware quick scan (sorry, it's in Danish. The 14 files in the bottom are deleted):

 

Malwarebytes Anti-Malware (Prøveversion) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.13.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Stefan Skjerning :: STEFAN [administrator]

Beskyttelse: Slået fra

13-03-2014 19:48:35
mbam-log-2014-03-13 (19-48-35).txt

Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 278906
Tid gået: 9 minut(ter), 25 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 1
HKLM\SOFTWARE\Vittalia\AxtanInstaller (PUP.Optional.BundleInstaller.A) -> Sat i karantæne og slettet succesfuldt.

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 6
C:\Documents and Settings\All Users\Application Data\IBUpdaterService (Adware.InstallBrain) -> Sat i karantæne og slettet succesfuldt.
C:\Programmer\EZDownloader (PUP.Optional.EZDownloader.A) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\Stefan Skjerning\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\Stefan Skjerning\Application Data\OpenCandy\F2B2C35F04984EEB874B077B1B6E2686 (PUP.Optional.OpenCandy) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\Stefan Skjerning\Application Data\OpenCandy\OpenCandy_F2B2C35F04984EEB874B077B1B6E2686 (PUP.Optional.OpenCandy) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker (PUP.Optional.YoutubeAdblocker.A) -> Sat i karantæne og slettet succesfuldt.

Inficerede Filer: 8
C:\RECYCLER\S-1-5-21-1645522239-790525478-839522115-1004\Dc895.exe (Adware.InstallBrain) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\Stefan Skjerning\Lokale indstillinger\Temp\instloffer.exe (PUP.Optional.VIT.A) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\Stefan Skjerning\Lokale indstillinger\Temp\{F8AB97C2-B7A4-4E68-AC83-FF862348B534}\Addons\EzDownloader_setup.exe (PUP.Optional.EZDownloader.A) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Sat i karantæne og slettet succesfuldt.
C:\Programmer\EZDownloader\unins000.dat (PUP.Optional.EZDownloader.A) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\Stefan Skjerning\Application Data\OpenCandy\F2B2C35F04984EEB874B077B1B6E2686\PokkiInstaller.exe (PUP.Optional.OpenCandy) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker\la3xQZnac.dat (PUP.Optional.YoutubeAdblocker.A) -> Sat i karantæne og slettet succesfuldt.

(færdig)
 

 

 

I've checked the instructions on https://forums.malwarebytes.org/index.php?showtopic=9573, but after having run Malwarebytes Anti-Malware, I didn't notice anything wrong with the computer - as I didn't do when I started posting on this forum (I only had a question) - so I skipped the further scan concerning the DDS and Attach.

 

But here's the log data from the RogueKiller scan.

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Stefan Skjerning [Admin rights]
Mode : Scan -- Date : 03/13/2014 22:02:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Stefan Skjerning\Application Data\Copy\overlay\CopyShExt.dll [x] -> UNLOADED
[sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Stefan Skjerning\Application Data\Copy\overlay\Brt.dll [x] -> UNLOADED
[sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Stefan Skjerning\lokale indstillinger\application data\Pokki\ocdeskband_1.dll [x] -> UNLOADED
[sUSP PATH] pokki.exe -- C:\Documents and Settings\Stefan Skjerning\lokale indstillinger\application data\Pokki\Engine\pokki.exe [7] -> KILLED [TermProc]
[sUSP PATH] pokki.exe -- C:\Documents and Settings\Stefan Skjerning\lokale indstillinger\application data\Pokki\Engine\pokki.exe [7] -> KILLED [TermThr]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Pokki (C:\WINDOWS\system32\rundll32.exe "%USERPROFILE%\lokale indstillinger\application data\Pokki\Engine\Launcher.dll",RunLaunchPlatform [7][7][x]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : Copy ("C:\Documents and Settings\Stefan Skjerning\Application Data\Copy\CopyAgent.exe" [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1645522239-790525478-839522115-1004\[...]\Run : Pokki (C:\WINDOWS\system32\rundll32.exe "%USERPROFILE%\lokale indstillinger\application data\Pokki\Engine\Launcher.dll",RunLaunchPlatform [7][7][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1645522239-790525478-839522115-1004\[...]\Run : Copy ("C:\Documents and Settings\Stefan Skjerning\Application Data\Copy\CopyAgent.exe" [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[sHELLSPWN] HKLM\[...]\command :  ("C:\Programmer\Prezi\Prezi.exe" "%1") -> FOUND
[sHELLSPWN] HKCR\[...]\command :  ("C:\Programmer\Prezi\Prezi.exe" "%1") -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


 


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 +++++
--- User ---
[MBR] c0e242a33c29664697ccf84f6c5dedf3
[bSP] 861b25ee222cdb3b752544d204386be7 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD5000AAKS-00A7B2 +++++
--- User ---
[MBR] aa35c2900cd1b661939c9b30a7d0d1be
[bSP] 828b568f5b4281d6b25bbdd860033e92 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03132014_220202.txt >>

Link to post
Share on other sites

Here's the two logs - DDS and Attach

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Stefan Skjerning at 16:26:36 on 2014-03-14
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.3069.1410 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Programmer\Sikkerhed\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Stefan Skjerning\lokale indstillinger\application data\Pokki\Engine\pokki.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\LogMeIn\x86\LogMeInSystray.exe
D:\Programmer\Qliner Hotkeys\HotKeys.exe
C:\Programmer\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Programmer\Sikkerhed\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmer\GCALDaemon\bin\wrapper.exe
C:\Programmer\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\java.exe
C:\Programmer\LogMeIn\x86\LMIGuardianSvc.exe
C:\Programmer\LogMeIn\x86\RaMaint.exe
C:\Programmer\Sikkerhed\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programmer\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\programmer\real\realplayer\update\realsched.exe
C:\Programmer\Logitech\SetPointP\SetPoint.exe
C:\Programmer\Sikkerhed\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmer\Sikkerhed\Avast\AvastUI.exe
D:\Programmer\StrokeIt\strokeit.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Programmer\Rainlendar2\Rainlendar2.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Programmer\Sikkerhed\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Sikkerhed\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Stefan Skjerning\Application Data\Copy\CopyAgent.exe
C:\Programmer\Skype\Phone\Skype.exe
D:\Programmer\AltMove\AltMove.exe
C:\Programmer\TeamViewer\Version9\TeamViewer_Service.exe
D:\Programmer\ClipCache\clipc.exe
D:\Programmer\Direct Folders\df.exe
D:\Programmer\ForceShutdown\fsd.exe
D:\Programmer\Launchy\Launchy.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Thunderbird\thunderbird.exe
D:\Programmer\Random\Random.exe
D:\Programmer\TimeLeft3\TimeLeft.exe
D:\Programmer\Widgets\YahooWidgets.exe
D:\Ekstra\ZoomIt 3,2.exe
C:\Documents and Settings\Stefan Skjerning\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\LogMeIn\x86\LogMeIn.exe
C:\Programmer\Fælles filer\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Programmer\Widgets\YahooWidgets.exe
D:\Programmer\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\TeamViewer\Version9\TeamViewer.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\TeamViewer\Version9\tv_w32.exe
C:\Programmer\RealNetworks\RealDownloader\recordingmanager.exe
C:\Documents and Settings\Stefan Skjerning\lokale indstillinger\application data\Pokki\Engine\pokki.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
D:\Programmer\Notepad++\notepad++.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.





uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\programmer\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programmer\java\jre7\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\programmer\sikkerhed\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\programmer\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programmer\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\programmer\sikkerhed\avast\aswWebRepIE.dll
uRun: [DriverMax] <no file>
mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [LogMeIn GUI] "c:\programmer\logmein\x86\LogMeInSystray.exe"
mRun: [00Hotkeys] "d:\programmer\qliner hotkeys\HotKeys.exe"
mRun: [bCU] "c:\programmer\devicevm\browser configuration utility\BCU.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [googletalk] c:\programmer\google\google talk\googletalk.exe /autostart
mRun: [AdobeAAMUpdater-1.0] "c:\programmer\fælles filer\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [switchBoard] c:\programmer\fælles filer\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\programmer\fælles filer\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS4ServiceManager] "c:\programmer\fælles filer\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\programmer\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\programmer\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [APSDaemon] "c:\programmer\fælles filer\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\programmer\real\realplayer\update\realsched.exe"  -osboot
mRun: [EvtMgr6] c:\programmer\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [sunJavaUpdateSched] "c:\programmer\fælles filer\java\java update\jusched.exe"
mRun: [TrayServer] c:\programmer\magix\movies on dvd 7\TrayServer.exe
mRun: [HP Software Update] c:\programmer\hp\hp software update\HPWuSchd2.exe
mRun: [AvastUI.exe] "c:\programmer\sikkerhed\avast\AvastUI.exe" /nogui
StartupFolder: c:\docume~1\stefan~1\menuen~1\progra~1\start\dropbox.lnk - c:\documents and settings\stefan skjerning\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\stefan~1\menuen~1\progra~1\start\overvg~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\stefan~1\menuen~1\progra~1\start\yahoo!~1.lnk - d:\programmer\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\altmove.lnk - d:\programmer\altmove\AltMove.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\clipca~1.lnk - d:\programmer\clipcache\clipc.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\direct~1.lnk - d:\programmer\direct folders\df.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\forces~1.lnk - d:\programmer\forceshutdown\fsd.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\google~1.lnk - c:\programmer\google\google talk\googletalk.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\launchy.lnk - d:\programmer\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\mozill~1.lnk - c:\programmer\mozilla firefox\firefox.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\mozill~2.lnk - c:\programmer\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\random~1.lnk - d:\programmer\random\Random.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\timeleft.lnk - d:\programmer\timeleft3\TimeLeft.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\yahoo!~1.lnk - d:\programmer\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\zoomit.lnk - d:\ekstra\ZoomIt 3,2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoWinKeys = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\programmer\hewlett-packard\smart print\SmartPrintSetup.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe

TCP: NameServer = 89.150.129.22 89.150.129.10
TCP: Interfaces\{32A74590-F555-4E15-B115-DE4512983AFC} : DHCPNameServer = 89.150.129.22 89.150.129.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programmer\fælles filer\skype\Skype4COM.dll
Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\programmer\sikkerhed\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\programmer\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\stefan skjerning\application data\mozilla\firefox\profiles\3lici2el.default\



FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\stefan skjerning\application data\mozilla\firefox\profiles\3lici2el.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\programmer\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\programmer\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\programmer\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\programmer\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\programmer\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\programmer\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-8-4 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-8-4 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-4 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-4 410784]
R1 SASDIFSV;SASDIFSV;c:\programmer\sikkerhed\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\programmer\sikkerhed\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\programmer\sikkerhed\superantispyware\SASCore.exe [2013-5-23 119056]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-8-4 67824]
R2 avast! Antivirus;avast! Antivirus;c:\programmer\sikkerhed\avast\AvastSvc.exe [2013-8-4 50344]
R2 BCUService;Browser Configuration Utility Service;c:\programmer\devicevm\browser configuration utility\BCUService.exe [2013-8-4 219360]
R2 ES lite Service;ES lite Service for program management.;c:\programmer\gigabyte\easysaver\essvr.exe [2013-8-4 68136]
R2 GCALDaemon;GCALDaemon;c:\programmer\gcaldaemon\bin\wrapper.exe -s c:\programmer\gcaldaemon\conf\nt-service.cfg --> c:\programmer\gcaldaemon\bin\wrapper.exe -s c:\programmer\gcaldaemon\conf\nt-service.cfg [?]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2013-8-5 10136]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmer\logmein\x86\LMIGuardianSvc.exe [2014-1-20 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmer\logmein\x86\rainfo.sys [2013-12-11 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-8-4 47640]
R2 MBAMScheduler;MBAMScheduler;c:\programmer\sikkerhed\malwarebytes' anti-malware\mbamscheduler.exe [2014-3-13 418376]
R2 MBAMService;MBAMService;c:\programmer\sikkerhed\malwarebytes' anti-malware\mbamservice.exe [2014-3-13 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programmer\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 TeamViewer9;TeamViewer 9;c:\programmer\teamviewer\version9\TeamViewer_Service.exe [2014-2-7 4915040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-13 22856]
S1 ensqio;ensqio;c:\windows\system32\drivers\ensqio.sys --> c:\windows\system32\drivers\ensqio.sys [?]
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\drivers\sbpcint4.sys --> c:\windows\system32\drivers\sbpcint4.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\programmer\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-8-4 1684736]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\programmer\common\database\bin\fbserver.exe [2010-4-2 1527900]
S3 SwitchBoard;SwitchBoard;c:\programmer\fælles filer\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UPnPService;UPnPService;c:\programmer\fælles filer\magix shared\upnpservice\UPnPService.exe [2013-8-4 544768]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="d:\programmer\notepad++\notepad++.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-03-13 18:41:16    --------    d-----w-    c:\documents and settings\stefan skjerning\application data\Malwarebytes
2014-03-13 18:41:00    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-11 20:23:21    5777288    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-03-11 18:23:53    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2014-03-11 18:23:53    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-03-11 13:10:26    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2014-03-10 17:24:28    --------    d-----w-    c:\documents and settings\stefan skjerning\application data\ChicaLogic
2014-03-10 17:23:53    --------    d-----w-    c:\documents and settings\all users\application data\ChicaLogic
2014-03-09 01:10:52    --------    d-----w-    c:\documents and settings\all users\application data\clp
2014-03-09 01:10:28    --------    d-----w-    c:\documents and settings\stefan skjerning\application data\Fighters
2014-03-09 01:10:10    --------    d-----w-    c:\programmer\Fighters
2014-03-09 01:08:46    --------    d-----w-    c:\documents and settings\all users\application data\Common Toolkit Suite
2014-03-09 01:08:45    --------    d-----w-    c:\documents and settings\all users\application data\Fighters
2014-03-07 23:12:53    --------    d-----w-    c:\documents and settings\all users\application data\websavoe
2014-03-07 23:12:33    --------    d-----w-    c:\documents and settings\all users\application data\92e2467ffb5f07fc
2014-03-07 23:12:32    --------    d-----w-    c:\documents and settings\stefan skjerning\lokale indstillinger\application data\Torch
2014-03-07 23:12:31    --------    d-----w-    c:\documents and settings\stefan skjerning\lokale indstillinger\application data\Comodo
2014-03-07 22:38:39    --------    d-----w-    c:\windows\Logs
2014-03-07 22:36:48    --------    d-----w-    c:\windows\system32\AGEIA
2014-03-07 15:56:19    --------    d-----w-    c:\windows\system32\Adobe
2014-02-27 18:37:53    --------    d-----w-    c:\programmer\CamStudio
2014-02-27 11:00:02    --------    d-----w-    c:\documents and settings\stefan skjerning\lokale indstillinger\application data\Skype
.
==================== Find3M  ====================
.
2014-03-14 10:52:56    17488    ----a-w-    c:\windows\gdrv.sys
2014-03-11 20:23:30    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 20:23:30    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-24 16:05:34    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-24 11:35:32    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-24 11:35:32    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-24 11:35:31    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-24 10:54:21    385024    ------w-    c:\windows\system32\html.iec
2014-02-07 06:36:39    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-06 15:21:57    67824    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-02-06 15:21:13    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-02-06 15:21:10    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-05 08:55:00    563200    ----a-w-    c:\windows\system32\qedit.dll
2014-01-22 18:00:29    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-01-22 18:00:22    85832    ----a-w-    c:\windows\system32\LMIinit.dll.000.bak
2014-01-20 12:34:56    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-01-20 12:34:52    53064    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-01-20 12:34:50    31560    ----a-w-    c:\windows\system32\LMIport.dll
2014-01-20 12:34:48    85832    ----a-w-    c:\windows\system32\LMIinit.dll
2014-01-08 22:38:31    73    ----a-w-    c:\windows\system32\ssprs.dll
2014-01-08 22:38:30    205    ----a-w-    c:\windows\system32\lsprst7.dll
2014-01-04 03:12:50    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-28 23:27:26    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-12-28 23:27:26    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-18 20:10:01    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 19:46:50    145408    ----a-w-    c:\windows\system32\javacpl.cpl
.
============= FINISH: 16:27:50,78 ===============
 

 

 

 

 

 

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 04-08-2013 13:53:36
System Uptime: 14-03-2014 11:52:08 (5 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA785GT-UD3H
Processor: AMD Phenom II X4 965 Processor | Socket M2 | 3415/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 563,462 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 118,038 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP148: 15-12-2013 03:25:39 - Systemkontrolpunkt
RP149: 16-12-2013 06:57:30 - Systemkontrolpunkt
RP150: 17-12-2013 21:32:53 - Systemkontrolpunkt
RP151: 18-12-2013 21:37:16 - Systemkontrolpunkt
RP152: 19-12-2013 23:53:17 - Systemkontrolpunkt
RP153: 27-12-2013 14:56:26 - Systemkontrolpunkt
RP154: 28-12-2013 17:19:47 - Systemkontrolpunkt
RP155: 30-12-2013 03:42:14 - Systemkontrolpunkt
RP156: 31-12-2013 04:02:41 - Systemkontrolpunkt
RP157: 01-01-2014 15:13:30 - Systemkontrolpunkt
RP158: 02-01-2014 16:58:24 - Systemkontrolpunkt
RP159: 03-01-2014 18:24:56 - Systemkontrolpunkt
RP160: 04-01-2014 21:29:33 - Systemkontrolpunkt
RP161: 05-01-2014 23:13:25 - Systemkontrolpunkt
RP162: 07-01-2014 14:54:18 - Systemkontrolpunkt
RP163: 08-01-2014 16:22:05 - Systemkontrolpunkt
RP164: 09-01-2014 20:42:13 - Systemkontrolpunkt
RP165: 10-01-2014 21:33:28 - Systemkontrolpunkt
RP166: 11-01-2014 21:44:17 - Systemkontrolpunkt
RP167: 12-01-2014 21:49:21 - Systemkontrolpunkt
RP168: 13-01-2014 22:17:51 - Systemkontrolpunkt
RP169: 15-01-2014 00:33:59 - Installed Prezi.
RP170: 15-01-2014 03:00:18 - Software Distribution Service 3.0
RP171: 16-01-2014 03:00:20 - Software Distribution Service 3.0
RP172: 17-01-2014 12:01:55 - Installed SmartFTP Client
RP173: 18-01-2014 12:21:01 - Installed Java 7 Update 51
RP174: 19-01-2014 12:46:33 - Systemkontrolpunkt
RP175: 20-01-2014 13:18:10 - Systemkontrolpunkt
RP176: 21-01-2014 13:18:25 - Systemkontrolpunkt
RP177: 22-01-2014 19:01:22 - Printerdriveren LogMeIn Printer Driver er installeret
RP178: 23-01-2014 21:43:36 - Systemkontrolpunkt
RP179: 24-01-2014 22:15:04 - Systemkontrolpunkt
RP180: 26-01-2014 00:59:12 - Systemkontrolpunkt
RP181: 27-01-2014 18:33:02 - Systemkontrolpunkt
RP182: 29-01-2014 12:11:17 - Installed Copy
RP183: 30-01-2014 19:05:02 - Systemkontrolpunkt
RP184: 01-02-2014 15:03:32 - Systemkontrolpunkt
RP185: 02-02-2014 21:37:28 - Systemkontrolpunkt
RP186: 04-02-2014 00:52:55 - Systemkontrolpunkt
RP187: 05-02-2014 02:26:55 - Systemkontrolpunkt
RP188: 06-02-2014 15:16:33 - Systemkontrolpunkt
RP189: 06-02-2014 16:20:51 - avast! antivirus system restore point
RP190: 07-02-2014 20:52:06 - Systemkontrolpunkt
RP191: 08-02-2014 18:52:28 - Installed LogMeIn
RP192: 09-02-2014 20:51:51 - Systemkontrolpunkt
RP193: 10-02-2014 23:32:25 - Systemkontrolpunkt
RP194: 12-02-2014 11:39:32 - Systemkontrolpunkt
RP195: 13-02-2014 03:00:17 - Software Distribution Service 3.0
RP196: 14-02-2014 04:06:56 - Systemkontrolpunkt
RP197: 15-02-2014 04:26:01 - Systemkontrolpunkt
RP198: 16-02-2014 21:55:23 - Systemkontrolpunkt
RP199: 18-02-2014 01:29:55 - Systemkontrolpunkt
RP200: 19-02-2014 02:05:22 - Systemkontrolpunkt
RP201: 20-02-2014 04:21:33 - Systemkontrolpunkt
RP202: 21-02-2014 12:34:17 - Systemkontrolpunkt
RP203: 22-02-2014 13:55:49 - Systemkontrolpunkt
RP204: 23-02-2014 14:06:09 - Systemkontrolpunkt
RP205: 24-02-2014 14:11:51 - Systemkontrolpunkt
RP206: 25-02-2014 14:24:44 - Systemkontrolpunkt
RP207: 26-02-2014 15:48:29 - Systemkontrolpunkt
RP208: 27-02-2014 23:11:04 - Systemkontrolpunkt
RP209: 01-03-2014 03:12:00 - Systemkontrolpunkt
RP210: 02-03-2014 13:14:16 - Systemkontrolpunkt
RP211: 03-03-2014 15:19:21 - Systemkontrolpunkt
RP212: 04-03-2014 18:05:38 - Systemkontrolpunkt
RP213: 05-03-2014 18:19:43 - Systemkontrolpunkt
RP214: 06-03-2014 18:43:00 - Systemkontrolpunkt
RP215: 07-03-2014 20:51:43 - Systemkontrolpunkt
RP216: 07-03-2014 23:37:35 - Installerede Microsoft Visual C++ 2005 Redistributable
RP217: 07-03-2014 23:38:31 - Installed Need for Speed™ SHIFT Demo
RP218: 07-03-2014 23:52:04 - Removed Need for Speed™ SHIFT Demo
RP219: 09-03-2014 02:09:52 - Installeret Fighters.
RP220: 09-03-2014 03:00:18 - Software Distribution Service 3.0
RP221: 09-03-2014 20:27:49 - Gendan handling
RP222: 10-03-2014 18:18:44 - Installeret Fighters.
RP223: 11-03-2014 19:22:06 - Gendan handling
RP224: 12-03-2014 03:00:25 - Software Distribution Service 3.0
RP225: 13-03-2014 03:17:07 - Systemkontrolpunkt
RP226: 13-03-2014 22:00:14 - Foer RogueKiller
.
==== Installed Programs ======================
.
a-squared HiJackFree 3.1
Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Connect 9 Add-in
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 5 Production Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Digital Editions 2.0
Adobe Dreamweaver CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Fonts All
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AMD Processor Driver
Apple-programunderstøttelse
Apple Software Update
avast! Free Antivirus
Browser Configuration Utility
CamStudio
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.6
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Command & Conquer Renegade
Connect
Copy
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
DriverMax 5
Dropbox
EasySaver B9.0904.1
Emagic Logic Audio Platinum v5.30
eReg
Facebook
FileMenu Tools
FileZilla Client 3.7.4.1
Firebird SQL Server - MAGIX Edition
FormatFactory 2.20
GCALDaemon V1.0 beta 16
GOM Player
Google Chrome
Google Drive
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Gyldendals Røde Ordbøger - Synonymordbog
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix til Windows XP (KB2779562)
Hotfix til Windows XP (KB952287)
Hotfix til Windows XP (KB961118)
Hotfix til Windows XP (KB981793)
HP Deskjet 2540 series - basissoftware til enheden
HP Deskjet 2540 series Hjælp
HP Photo Creations
HP Update
Icon Restore 1.0
Java 7 Update 51
Java Auto Updater
join.me
Kompatibilitetspakke til Office 2007-systemet
kuler
Logitech SetPoint 6.61
LogMeIn
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
MAGIX Goya burnR 1.3.1.3 (UK)
MAGIX Movies on DVD 7 7.0.3.5 (UK)
MAGIX Screenshare 4.3.6.1987 (UK)
MAGIXUSB-Videowandler 2 Device Driver
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DAN Language Pack
Microsoft .NET Framework 4 Client Profile DAN sprogpakke
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DAN Language Pack
Microsoft .NET Framework 4 Extended DAN sprogpakke
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Word 2000
Microsoft Works 2000
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 27.0.1 (x86 da)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 da)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Mufin MusicFinder Base 1.5.3.247 (UK)
Notepad++
Nudansk med etymologi
Opdatering til Windows Internet Explorer 8 (KB2598845)
Opdatering til Windows XP (KB2345886)
Opdatering til Windows XP (KB2467659)
Opdatering til Windows XP (KB2661254-v2)
Opdatering til Windows XP (KB2749655)
Opdatering til Windows XP (KB2863058)
Opdatering til Windows XP (KB2904266)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955759)
Opdatering til Windows XP (KB967715)
Opdatering til Windows XP (KB968389)
Opdatering til Windows XP (KB971029)
Opdatering til Windows XP (KB971737)
Opdatering til Windows XP (KB973687)
Opdatering til Windows XP (KB973815)
OpenOffice.org 3.4
Paint.NET v3.36
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Pokki
Prezi
PropertiesPlus (Remove Only)
PxMergeModule
Qliner Hotkeys 2.0
QuickTime
Rainlendar2 (remove only)
Random Event Sounds v3.1
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Retskrivnings- og Betydningsordbog
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
ShellExtension
Sigil 0.7.4
Sikkerhedsopdatering til Microsoft Windows (KB2564958)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2510531)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2618444)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2744842)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2846071)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2862772)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2870699)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2879017)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2888505)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2898785)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2909210)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2909921)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2925418)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381)
Sikkerhedsopdatering til Windows Media Player (KB2378111)
Sikkerhedsopdatering til Windows Media Player (KB2834903)
Sikkerhedsopdatering til Windows Media Player (KB2834904-v2)
Sikkerhedsopdatering til Windows Media Player (KB2834904)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player (KB954155)
Sikkerhedsopdatering til Windows Media Player (KB973540)
Sikkerhedsopdatering til Windows Media Player (KB975558)
Sikkerhedsopdatering til Windows Media Player (KB978695)
Sikkerhedsopdatering til Windows Media Player (KB979402)
Sikkerhedsopdatering til Windows XP (KB2115168)
Sikkerhedsopdatering til Windows XP (KB2229593)
Sikkerhedsopdatering til Windows XP (KB2296011)
Sikkerhedsopdatering til Windows XP (KB2347290)
Sikkerhedsopdatering til Windows XP (KB2360937)
Sikkerhedsopdatering til Windows XP (KB2387149)
Sikkerhedsopdatering til Windows XP (KB2393802)
Sikkerhedsopdatering til Windows XP (KB2419632)
Sikkerhedsopdatering til Windows XP (KB2423089)
Sikkerhedsopdatering til Windows XP (KB2440591)
Sikkerhedsopdatering til Windows XP (KB2443105)
Sikkerhedsopdatering til Windows XP (KB2478960)
Sikkerhedsopdatering til Windows XP (KB2478971)
Sikkerhedsopdatering til Windows XP (KB2479943)
Sikkerhedsopdatering til Windows XP (KB2481109)
Sikkerhedsopdatering til Windows XP (KB2483185)
Sikkerhedsopdatering til Windows XP (KB2485663)
Sikkerhedsopdatering til Windows XP (KB2506212)
Sikkerhedsopdatering til Windows XP (KB2507938)
Sikkerhedsopdatering til Windows XP (KB2508429)
Sikkerhedsopdatering til Windows XP (KB2509553)
Sikkerhedsopdatering til Windows XP (KB2510581)
Sikkerhedsopdatering til Windows XP (KB2535512)
Sikkerhedsopdatering til Windows XP (KB2536276-v2)
Sikkerhedsopdatering til Windows XP (KB2544893-v2)
Sikkerhedsopdatering til Windows XP (KB2566454)
Sikkerhedsopdatering til Windows XP (KB2570947)
Sikkerhedsopdatering til Windows XP (KB2584146)
Sikkerhedsopdatering til Windows XP (KB2585542)
Sikkerhedsopdatering til Windows XP (KB2592799)
Sikkerhedsopdatering til Windows XP (KB2598479)
Sikkerhedsopdatering til Windows XP (KB2603381)
Sikkerhedsopdatering til Windows XP (KB2618451)
Sikkerhedsopdatering til Windows XP (KB2619339)
Sikkerhedsopdatering til Windows XP (KB2620712)
Sikkerhedsopdatering til Windows XP (KB2624667)
Sikkerhedsopdatering til Windows XP (KB2631813)
Sikkerhedsopdatering til Windows XP (KB2653956)
Sikkerhedsopdatering til Windows XP (KB2655992)
Sikkerhedsopdatering til Windows XP (KB2659262)
Sikkerhedsopdatering til Windows XP (KB2661637)
Sikkerhedsopdatering til Windows XP (KB2676562)
Sikkerhedsopdatering til Windows XP (KB2686509)
Sikkerhedsopdatering til Windows XP (KB2691442)
Sikkerhedsopdatering til Windows XP (KB2698365)
Sikkerhedsopdatering til Windows XP (KB2705219-v2)
Sikkerhedsopdatering til Windows XP (KB2712808)
Sikkerhedsopdatering til Windows XP (KB2719985)
Sikkerhedsopdatering til Windows XP (KB2723135-v2)
Sikkerhedsopdatering til Windows XP (KB2727528)
Sikkerhedsopdatering til Windows XP (KB2753842-v2)
Sikkerhedsopdatering til Windows XP (KB2757638)
Sikkerhedsopdatering til Windows XP (KB2758857)
Sikkerhedsopdatering til Windows XP (KB2770660)
Sikkerhedsopdatering til Windows XP (KB2780091)
Sikkerhedsopdatering til Windows XP (KB2802968)
Sikkerhedsopdatering til Windows XP (KB2807986)
Sikkerhedsopdatering til Windows XP (KB2813345)
Sikkerhedsopdatering til Windows XP (KB2820197)
Sikkerhedsopdatering til Windows XP (KB2820917)
Sikkerhedsopdatering til Windows XP (KB2834886)
Sikkerhedsopdatering til Windows XP (KB2839229)
Sikkerhedsopdatering til Windows XP (KB2845187)
Sikkerhedsopdatering til Windows XP (KB2846071)
Sikkerhedsopdatering til Windows XP (KB2847311)
Sikkerhedsopdatering til Windows XP (KB2849470)
Sikkerhedsopdatering til Windows XP (KB2850851)
Sikkerhedsopdatering til Windows XP (KB2850869)
Sikkerhedsopdatering til Windows XP (KB2859537)
Sikkerhedsopdatering til Windows XP (KB2862152)
Sikkerhedsopdatering til Windows XP (KB2862330)
Sikkerhedsopdatering til Windows XP (KB2862335)
Sikkerhedsopdatering til Windows XP (KB2864063)
Sikkerhedsopdatering til Windows XP (KB2868038)
Sikkerhedsopdatering til Windows XP (KB2868626)
Sikkerhedsopdatering til Windows XP (KB2876217)
Sikkerhedsopdatering til Windows XP (KB2876315)
Sikkerhedsopdatering til Windows XP (KB2876331)
Sikkerhedsopdatering til Windows XP (KB2883150)
Sikkerhedsopdatering til Windows XP (KB2892075)
Sikkerhedsopdatering til Windows XP (KB2893294)
Sikkerhedsopdatering til Windows XP (KB2893984)
Sikkerhedsopdatering til Windows XP (KB2898715)
Sikkerhedsopdatering til Windows XP (KB2900986)
Sikkerhedsopdatering til Windows XP (KB2914368)
Sikkerhedsopdatering til Windows XP (KB2916036)
Sikkerhedsopdatering til Windows XP (KB2929961)
Sikkerhedsopdatering til Windows XP (KB2930275)
Sikkerhedsopdatering til Windows XP (KB923561)
Sikkerhedsopdatering til Windows XP (KB923789)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952004)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956572)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956844)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958869)
Sikkerhedsopdatering til Windows XP (KB959426)
Sikkerhedsopdatering til Windows XP (KB960225)
Sikkerhedsopdatering til Windows XP (KB960803)
Sikkerhedsopdatering til Windows XP (KB960859)
Sikkerhedsopdatering til Windows XP (KB961501)
Sikkerhedsopdatering til Windows XP (KB969059)
Sikkerhedsopdatering til Windows XP (KB970238)
Sikkerhedsopdatering til Windows XP (KB970430)
Sikkerhedsopdatering til Windows XP (KB971468)
Sikkerhedsopdatering til Windows XP (KB971657)
Sikkerhedsopdatering til Windows XP (KB972270)
Sikkerhedsopdatering til Windows XP (KB973507)
Sikkerhedsopdatering til Windows XP (KB973869)
Sikkerhedsopdatering til Windows XP (KB973904)
Sikkerhedsopdatering til Windows XP (KB974112)
Sikkerhedsopdatering til Windows XP (KB974318)
Sikkerhedsopdatering til Windows XP (KB974392)
Sikkerhedsopdatering til Windows XP (KB974571)
Sikkerhedsopdatering til Windows XP (KB975025)
Sikkerhedsopdatering til Windows XP (KB975467)
Sikkerhedsopdatering til Windows XP (KB975560)
Sikkerhedsopdatering til Windows XP (KB975561)
Sikkerhedsopdatering til Windows XP (KB975562)
Sikkerhedsopdatering til Windows XP (KB975713)
Sikkerhedsopdatering til Windows XP (KB977816)
Sikkerhedsopdatering til Windows XP (KB977914)
Sikkerhedsopdatering til Windows XP (KB978037)
Sikkerhedsopdatering til Windows XP (KB978338)
Sikkerhedsopdatering til Windows XP (KB978542)
Sikkerhedsopdatering til Windows XP (KB978601)
Sikkerhedsopdatering til Windows XP (KB978706)
Sikkerhedsopdatering til Windows XP (KB979309)
Sikkerhedsopdatering til Windows XP (KB979482)
Sikkerhedsopdatering til Windows XP (KB979559)
Sikkerhedsopdatering til Windows XP (KB979683)
Sikkerhedsopdatering til Windows XP (KB979687)
Sikkerhedsopdatering til Windows XP (KB980195)
Sikkerhedsopdatering til Windows XP (KB980218)
Sikkerhedsopdatering til Windows XP (KB980232)
Sikkerhedsopdatering til Windows XP (KB981322)
Sikkerhedsopdatering til Windows XP (KB981997)
Sikkerhedsopdatering til Windows XP (KB982132)
Sikkerhedsopdatering til Windows XP (KB982381)
Sikkerhedsopdatering til Windows XP (KB982665)
Skype™ 6.14
SmartFTP Client
Sound Blaster AudioPCI 128
Startprogram til Microsoft Works 2000 Installation
Suite Shared Configuration CS4
SUPERAntiSpyware
svBuilder
TeamViewer 9
Tilføjelsesprogrammet Word i Works Suite
Tweakui Powertoy for Windows XP
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA PCI  IRQ Routing Miniport Driver - V1.3A
Vittalia Installer
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 5.00 (32-bit)
WinZip
.
==== End Of File ===========================
 

Link to post
Share on other sites

You have about 75 system restore points on the system.
Having that many isn't necessary and takes up a lot of hard drive space.
I suggest you delete some of them, you can use CCLeaner to do that:
Open up CCLeaner > Tools > System Restore > Remove all except maybe the latest 5 restore points.
Close out CCLeaner
Right click on My Computer > Properties > System Restore > Set the pointer down to about 3%
Now you'll only create and keep about 6 restore points

-------------------------------------

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Thanks.

I have run AdwCleaner - see the log below. I didn't recognize files, folders or other things, so I cleaned up what was checked. Or tried to. The pc froze, I could only move the mouse cursor. After 40 min. I restarted. I haven't done anything after that. Here's the log

(Shortly I'll be away from the pc for a few days)

 

 

# AdwCleaner v3.022 - Report created 14/03/2014 at 17:10:46
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Stefan Skjerning - STEFAN
# Running from : D:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BCUService

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Stefan Skjerning\Application Data\Mozilla\Firefox\Profiles\3lici2el.default\searchplugins\WebSearch.xml
Folder Found C:\Documents and Settings\LogMeInRemoteUser\Lokale indstillinger\Application Data\torch
Folder Found C:\Documents and Settings\Stefan Skjerning\Application Data\PerformerSoft
Folder Found C:\Documents and Settings\Stefan Skjerning\Lokale indstillinger\Application Data\Pokki
Folder Found C:\Documents and Settings\Stefan Skjerning\Lokale indstillinger\Application Data\torch
Folder Found C:\Documents and Settings\Stefan Skjerning\Menuen Start\Programmer\Pokki
Folder Found C:\Programmer\DeviceVM
Folder Found C:\Programmer\Vittalia
Folder Found C:\WINDOWS\system32\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Classes\*\shell\pokki
Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\Folder\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\DeviceVM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Found : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vittalia
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia
Key Found : HKLM\Software\Vittalia
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bCU]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (da)

[ File : C:\Documents and Settings\Stefan Skjerning\Application Data\Mozilla\Firefox\Profiles\3lici2el.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");

Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.JcUk5H0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]
Line Found : user_pref("extensions.fvd_single.seopack.b_surfcanyon", true);
Line Found : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394025548177");
Line Found : user_pref("extensions.hVwZ4w2Qth.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"[...]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\Stefan Skjerning\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4317 octets] - [14/03/2014 17:10:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4377 octets] ##########
 

Link to post
Share on other sites

AdwCleaner worked in safe mode:

 

 

AdwCleaner v3.022 - Report created 14/03/2014 at 19:51:15
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Stefan Skjerning - STEFAN
# Running from : D:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BCUService

***** [ Files / Folders ] *****

Folder Deleted : C:\Programmer\DeviceVM
Folder Deleted : C:\Programmer\Vittalia
Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin
[!] Folder Deleted : C:\Documents and Settings\Stefan Skjerning\Lokale indstillinger\Application Data\Pokki
Folder Deleted : C:\Documents and Settings\Stefan Skjerning\Lokale indstillinger\Application Data\torch
Folder Deleted : C:\Documents and Settings\Stefan Skjerning\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\Stefan Skjerning\Menuen Start\Programmer\Pokki
Folder Deleted : C:\Documents and Settings\LogMeInRemoteUser\Lokale indstillinger\Application Data\torch
File Deleted : C:\Documents and Settings\Stefan Skjerning\Application Data\Mozilla\Firefox\Profiles\3lici2el.default\searchplugins\WebSearch.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\*\shell\pokki
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\Folder\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bCU]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vittalia

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (da)

[ File : C:\Documents and Settings\Stefan Skjerning\Application Data\Mozilla\Firefox\Profiles\3lici2el.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.JcUk5H0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.fvd_single.seopack.b_surfcanyon", true);
Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394025548177");
Line Deleted : user_pref("extensions.hVwZ4w2Qth.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"[...]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\Stefan Skjerning\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8973 octets] - [14/03/2014 17:10:46]
AdwCleaner[s0].txt - [4779 octets] - [14/03/2014 17:18:06]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4839 octets] ##########
 

 

 

 

 

As recommended, I've done a quick scan with Malwarebytes Anti-Malware (it didn't seem to find anything):

 

 

 

Malwarebytes Anti-Malware (Prøveversion) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.13.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Stefan Skjerning :: STEFAN [administrator]

Beskyttelse: Slået til

14-03-2014 20:11:24
mbam-log-2014-03-14 (20-11-24).txt

Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 278083
Tid gået: 11 minut(ter), 2 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)

(færdig)
 

Link to post
Share on other sites

OK, if there's no other problems.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Here it goes:

 

 

 Results of screen317's Security Check version 0.99.80  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 avast! Free Antivirus    
 a-squared HiJackFree 3.1    
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.77  
 Mozilla Firefox (27.0.1)
 Mozilla Thunderbird (17.0.7)
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Sikkerhed Malwarebytes' Anti-Malware mbamscheduler.exe  
 Sikkerhed Avast AvastSvc.exe  
 Sikkerhed Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

That looks OK.....

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Online again.

I think we got it cleaned up here. Thanks :-)

Don't think I've used ComboFix or FRST. Couldn't find them.

 

It just still wonder why my pc started working normal after I uninstalled the Firefox add on (before my first post here), that seems to be installed about the time, the pc got affected by malware. At first I thought the add on was the reason for the trouble.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.