Jump to content

Infected, but only none-malware detected


Recommended Posts

Hi

 

I just searched and found software for my old sound blaster pci 128 sound card, but apparently the install caused malware infection - unwanted start page, Firefox add ons and installed programs. I've now uninstalled them all, I think, and run the Anti-malware software twice. First time it found two malware files, as the software removed, and a lot of non-malware. Second time no malware, but still a lot of non-malware (243).

Although my pc seems to work fine, it seems like there're still at least small problems.

I've just installed Win 7 from scratch a few days ago as I, among other desired changes, wanted to get rid of an other malware infection. So I hope this is not a big infection.

 

Attached are the two files you have asked for. Thanks for helping.

Stefan

FRST.txt

Addition.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

Hi

Thank you.

Below is the GMER code

I couldn't download the TDSSKiller as the link seems dead.

Btw, I may have installed/uninstalled a few things during this day, as I've almost just reinstalled Windows, but I will try not to during this process, if it's a problem?

Stefan

GMER 2.1.19357 - http://www.gmer.netRootkit scan 2015-01-05 17:30:29Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD10EZEX-00RKKA0 rev.80.00A80 931,51GBRunning: GMER.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\kxdiqpob.sys---- Threads - GMER 2.1 ----Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4872:6656]                                                                                                                                                                                                               000007fefb032bf8Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4872:5008]                                                                                                                                                                                                               000007feef454830Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4872:3532]                                                                                                                                                                                                               000007fef3225124Thread   C:\Windows\System32\svchost.exe [5748:5224]                                                                                                                                                                                                                                  000007fef0669688---- Processes - GMER 2.1 ----Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ D:\Programmer\DriverMax\drivermax.exe [1104] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)                                00000000648b0000Process  C:\Users\Stefan\AppData\Roaming\Google\Google Talk\googletalk.exe (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Google\Google Talk\googletalk.exe [432] (Google Talk/Google)(2007-01-01 21:22:02)                                                                   0000000000400000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Google\Google Talk\googletalk.exe [432] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)     00000000648b0000Process  C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1576] (WindowsProtectManger Service/Fuyu LIMITED)(2015-01-05 04:12:27)                                                   0000000000ae0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [2068] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)                         00000000648b0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2440] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)                   00000000648b0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ D:\Programmer\ClipCache\clipc.exe [2600] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)                                    00000000648b0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ D:\Programmer\Launchy\Launchy.exe [2856] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)                                    00000000648b0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)              00000000648b0000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:46)                         0000000062c70000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:45)                             0000000062970000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008](2015-01-03 20:38:46)                                                                                                         00000000628b0000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:45)                            00000000624c0000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (ICU I18N DLL/The ICU Project)(2015-01-03 20:38:46)                                                                            000000004a900000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (ICU Common DLL/The ICU Project)(2015-01-03 20:38:46)                                                                          0000000004020000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (ICU Data DLL/The ICU Project)(2015-01-03 20:38:46)                                                                            000000004ad00000Library  c:\users\stefan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu3wcdq.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008](2015-01-05 16:10:23)                                                        00000000041f0000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:45)                         000000005cb90000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:46)                          00000000590e0000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:45)                           000000005c750000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:45)                             000000005ae60000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:45)                             000000005ed70000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008](2015-01-03 20:38:46)                                                                                                            0000000060bc0000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:46)                   000000005ed40000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:45)                          000000005e800000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-03 20:38:45)                    000000005e330000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008](2015-01-03 20:38:46)                                                                                        000000005cab0000Library  C:\Users\Stefan\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe [3008](2015-01-03 20:38:46)                                                                                        000000005e3c0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ D:\Programmer\Qliner Hotkeys\HotKeys.exe [2308] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)                             00000000648b0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ D:\Programmer\ForceShutdown\fsd.exe [992] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)                                   00000000648b0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ D:\Ekstra\HTGBack (Få Windows 7 til at gå op i mappestrukturen).exe [1888] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)  00000000648b0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ D:\Ekstra\ZoomIt.exe [3088] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)                                                 00000000648b0000Library  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (*** suspicious ***) @ C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [3224] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2015-01-04 01:46:28)        00000000648b0000---- Registry - GMER 2.1 ----Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd502900                                                                                                                                                                                                  Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd502900 (not active ControlSet)                                                                                                                                                                              ---- EOF - GMER 2.1 ----
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Stefan at 2015-01-08 04:04:48

Running from D:\Ekstra

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)

Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)

Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)

Adobe Creative Suite 5 Production Premium (HKLM-x32\...\{626B3D60-A661-4444-AAF5-6C75E55936E8}) (Version: 5.0 - Adobe Systems Incorporated)

Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden

Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden

Adobe Reader XI (11.0.10) - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden

AltMove 1.0 (HKLM-x32\...\AltMove 1.0) (Version: 1.0 - NTE)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.6.0.12 - Canon Inc.)

Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.2.7 - Canon Inc.)

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.1.0.31 - Canon Inc.)

Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)

Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.3.0.4 - Canon Inc.)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)

Canon Utilities Digital Photo Professional 3.6 (HKLM-x32\...\DPP) (Version: 3.6.0.0 - Canon Inc.)

Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.1.0.1 - Canon Inc.)

Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.1.0.4 - Canon Inc.)

Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.2.1.31 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)

Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden

Creative PCI Audio Drivers (HKLM-x32\...\SBPCIUnInstall) (Version: - )

DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.47.0.998 - Innovative Solutions)

Dropbox (HKU\S-1-5-21-2479822835-2867536027-2880494365-1000\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)

Dropbox (HKU\S-1-5-21-2479822835-2867536027-2880494365-1003\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)

Emagic Logic Audio Platinum v5.30 (HKLM-x32\...\Emagic Logic Audio Platinum v5.30) (Version: - )

FastPreview (HKLM\...\{D60450AF-C09A-47A4-A6BE-03FAC101B780}) (Version: 4.1.0 - Nils Maier)

File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)

File Extension Changer 3.3.1 (HKLM-x32\...\File Extension Changer_is1) (Version: - Abhishek)

FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: 6.6 - LopeSoft)

FileZilla Client 3.3.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.3.4.1 - )

Force Shutdown (HKLM-x32\...\ForceShutdown) (Version: - )

FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)

Free Desktop Clock 3.0 (HKLM\...\Free Desktop Clock_is1) (Version: - Drive Software Company)

GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Talk (remove only) (HKU\S-1-5-21-2479822835-2867536027-2880494365-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )

Google Talk (remove only) (HKU\S-1-5-21-2479822835-2867536027-2880494365-1003\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )

HP Deskjet 2540 series - basissoftware til enheden (HKLM\...\{0B7D5271-F528-4AB0-B6AE-3AEC2F7501E2}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Deskjet 2540 series Hjælp (HKLM-x32\...\{AFE53CF9-FD24-4B8C-81B8-D6EA60A0B541}) (Version: 30.0.0 - Hewlett Packard)

Icon Restore 1.0 (HKLM-x32\...\Icon Restore_is1) (Version: - Tim Taylor)

Kompatibilitetspakke til Office 2007-systemet (HKLM-x32\...\{90120000-0020-0406-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version: - Code Jelly)

Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)

MAGIX Goya burnR 1.3.1.3 (UK) (HKLM-x32\...\MAGIX Goya burnR UK) (Version: 1.3.1.3 - MAGIX AG)

MAGIX Movies on DVD 7 7.0.3.5 (UK) (HKLM-x32\...\MAGIX Movies on DVD 7 UK) (Version: 7.0.3.5 - MAGIX AG)

MAGIX Screenshare 4.3.6.1987 (UK) (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Word 2000 (HKLM-x32\...\{00170406-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Works 2000 (HKLM-x32\...\{37294132-74E4-11D3-AF54-00C04F443448}) (Version: 1.0.0.0000 - Microsoft Corporation)

MioToolbox (HKLM-x32\...\MioToolbox) (Version: - Mioplanet)

Mozilla Firefox 34.0.5 (x86 da) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 da)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Mozilla Thunderbird 31.3.0 (x86 da) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 da)) (Version: 31.3.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Mufin MusicFinder Base 1.5.3.247 (UK) (HKLM-x32\...\Mufin MusicFinder Base UK) (Version: 1.5.3.247 - MAGIX AG)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.3 - Notepad++ Team)

NVIDIA Grafikdriver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)

NVIDIA Opdateringer 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM-x32\...\{FC226097-EED7-4560-BDCD-BD7136F74C07}) (Version: 4.11.9775 - Apache Software Foundation)

PC On Off Time 1.0 (HKLM-x32\...\PC On Off Time 1.0) (Version: 1.0 - Neuber Software)

PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden

Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden

Qliner Hotkeys 2.0 (HKLM-x32\...\Qliner Hotkeys) (Version: 2.0 - Qliner)

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)

Tilføjelsesprogrammet Word i Works Suite (HKLM-x32\...\{581FC672-8089-11D3-A823-0060085EC379}) (Version: 1.0.0.0000 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

06-01-2015 00:16:49 DMX_DriverMax Driver Installation

06-01-2015 00:18:26 Installation af enhedsdriverpakke: AMD Systemenheder

06-01-2015 00:19:12 Installation af enhedsdriverpakke: Advanced Micro Devices IDE ATA/ATAPI-controllere

06-01-2015 01:49:01 Windows Update

06-01-2015 03:04:58 Windows Update

06-01-2015 03:32:49 Installeret Realtek Ethernet Controller Driver

06-01-2015 03:55:43 Installerede Microsoft Word 2000

06-01-2015 04:01:22 Installerede Kompatibilitetspakke til Office 2007-systemet

07-01-2015 03:00:20 Windows Update

08-01-2015 03:00:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {009DFF3A-FAAD-4529-82B7-7F9FBB4233D0} - System32\Tasks\avast! Emergency Update => D:\Programmer\Avast\AvastEmUpdate.exe [2015-01-03] (AVAST Software)

Task: {027F1A3E-2532-490B-A021-643DDCF08470} - System32\Tasks\AdobeAAMUpdater-1.0-Stefan-pc-Stefan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: {089139D4-637D-4034-990B-4A59EAA86A08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-03] (Google Inc.)

Task: {0A6F0D4F-53B5-4F87-AF82-2AAA3B6A1429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-03] (Google Inc.)

Task: {0E8F63CD-D346-4E27-94E0-BD6B87422C4D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2479822835-2867536027-2880494365-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)

Task: {10CB8A8F-7268-4C68-A483-4193AF8B662D} - System32\Tasks\{A7305DA2-DDB3-4CC6-814D-6FE8984398A8} => pcalua.exe -a D:\Ekstra\CS4\Install\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent

Task: {17BE0702-6A64-4DA9-AE99-320A68BDAEE0} - System32\Tasks\Application Starter - 23874b61bee8854887e47a14f281248c => D:\Programmer\DriverMax\innostp.exe [2014-12-17] (Innovative Solutions)

Task: {2E161715-7E1F-4AC6-9455-42A7BE13392F} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exe

Task: {6D8334D1-6441-43A2-9E9F-7A9DCC102FA1} - System32\Tasks\{B2367033-1915-497C-A480-EA00D315A17F} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.105&LastError=404

Task: {87F69817-3A26-4A00-B72F-C3E8E3C5DC6A} - System32\Tasks\FWDQY => C:\Users\Stefan\AppData\Roaming\FWDQY.exe <==== ATTENTION

Task: {921A95EE-C357-40F3-8F16-F5CBC68E4ED3} - System32\Tasks\{7A53AE84-DB93-48E2-9A94-5B7F4D176F1E} => pcalua.exe -a D:\Ekstra\PowerNap.exe -d D:\Ekstra

Task: {9D152152-7884-4DB9-A1AF-7F4395506D30} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2479822835-2867536027-2880494365-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)

Task: {A52AE83E-9398-49D6-BBB5-3E0D682F2AA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-04] (Adobe Systems Incorporated)

Task: {B5F261A7-7F97-464E-9D80-13653DF05CB4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {BDF60AF7-94E3-4538-8336-9733CE96A054} - System32\Tasks\JEHJK => C:\Users\Stefan\AppData\Roaming\JEHJK.exe <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Application Starter - 23874b61bee8854887e47a14f281248c.job => D:\Programmer\DriverMax\innostp.exe

Task: C:\Windows\Tasks\DriverToolkit Autorun.job => D:\Programmer\DriverToolkit\DriverToolkit.exe

Task: C:\Windows\Tasks\FWDQY.job => C:\Users\Stefan\AppData\Roaming\FWDQY.exe <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\JEHJK.job => C:\Users\Stefan\AppData\Roaming\JEHJK.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2015-01-04 21:20 - 2013-01-31 10:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-07-15 20:16 - 2013-04-24 19:20 - 02007040 _____ () D:\Programmer\Free Desktop Clock\timeserv.exe

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () D:\Programmer\FileZilla FTP Client\fzshellext_64.dll

2014-07-15 20:16 - 2013-06-07 20:20 - 01875968 _____ () D:\Programmer\Free Desktop Clock\Clock.dll

2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () D:\Programmer\Notepad++\NppShell_06.dll

2014-07-15 20:16 - 2013-06-27 23:07 - 04652544 _____ () D:\Programmer\Free Desktop Clock\FreeDesktopClock.exe

2014-06-30 09:27 - 2006-09-23 21:35 - 00081920 _____ () D:\Programmer\AltMove\AltMove.exe

2014-06-30 09:28 - 2010-04-03 14:05 - 00380928 _____ () D:\Programmer\Launchy\Launchy.exe

2014-06-30 06:52 - 2010-01-11 03:35 - 00207333 _____ () D:\Ekstra\HTGBack (Få Windows 7 til at gå op i mappestrukturen).exe

2010-01-03 18:27 - 2010-01-03 18:27 - 00026248 _____ () D:\Programmer\StrokeIt\strokeit.exe

2015-01-06 19:07 - 2015-01-06 19:07 - 02909696 _____ () D:\Programmer\Avast\defs\15010601\algo.dll

2015-01-07 10:31 - 2015-01-07 10:31 - 02909696 _____ () D:\Programmer\Avast\defs\15010700\algo.dll

2015-01-07 22:36 - 2015-01-07 22:36 - 02909696 _____ () D:\Programmer\Avast\defs\15010701\algo.dll

2015-01-03 19:14 - 2014-12-17 11:30 - 00009088 _____ () D:\Programmer\DriverMax\sync.dll

2010-01-03 18:27 - 2010-01-03 18:27 - 00011912 _____ () D:\Programmer\StrokeIt\mhook.dll

2015-01-03 23:58 - 2015-01-03 23:58 - 38562088 _____ () D:\Programmer\Avast\libcef.dll

2015-01-04 15:49 - 2015-01-04 15:49 - 00006144 _____ () C:\Users\Stefan\AppData\Local\assembly\dl3\C49XZ94X.VW1\YO69BDTH.EQX\a083c7bd\8bbe6271_2d28d001\tool.DLL

2015-01-04 15:49 - 2015-01-04 15:49 - 00020480 _____ () C:\Users\Stefan\AppData\Local\assembly\dl3\C49XZ94X.VW1\YO69BDTH.EQX\bd4adbc7\71266071_2d28d001\ShellTool.DLL

2014-06-30 09:28 - 2009-12-16 23:13 - 08314880 _____ () D:\Programmer\Launchy\QtGui4.dll

2014-06-30 09:28 - 2009-12-16 22:54 - 02236416 _____ () D:\Programmer\Launchy\QtCore4.dll

2014-06-30 09:28 - 2009-12-16 22:56 - 00712704 _____ () D:\Programmer\Launchy\QtNetwork4.dll

2014-06-30 09:28 - 2009-12-17 01:18 - 00233472 _____ () D:\Programmer\Launchy\imageformats\qmng4.dll

2014-06-30 09:28 - 2010-04-03 14:06 - 00081920 _____ () D:\Programmer\Launchy\plugins\calcy.dll

2014-06-30 09:28 - 2010-04-03 14:05 - 00090112 _____ () D:\Programmer\Launchy\plugins\controly.dll

2014-06-30 09:28 - 2010-04-03 14:06 - 00024064 _____ () D:\Programmer\Launchy\plugins\gcalc.dll

2014-06-30 09:28 - 2010-04-03 14:06 - 00094208 _____ () D:\Programmer\Launchy\plugins\runner.dll

2014-06-30 09:28 - 2010-04-03 14:05 - 00057344 _____ () D:\Programmer\Launchy\plugins\verby.dll

2014-06-30 09:28 - 2010-04-03 14:05 - 00122880 _____ () D:\Programmer\Launchy\plugins\weby.dll

2015-01-03 21:23 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2015-01-03 21:18 - 2014-11-28 01:09 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

2015-01-03 21:18 - 2014-11-28 01:09 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

2015-01-03 21:18 - 2014-11-28 01:09 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

2015-01-03 21:38 - 2014-12-16 23:22 - 00750080 _____ () C:\Users\Stefan\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-07 10:32 - 2015-01-07 10:32 - 00043008 _____ () c:\users\stefan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy2tkbe.dll

2015-01-03 21:38 - 2014-12-16 23:22 - 00047616 _____ () C:\Users\Stefan\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-01-03 21:38 - 2014-12-16 23:22 - 00863744 _____ () C:\Users\Stefan\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-01-03 21:38 - 2014-12-16 23:22 - 00200704 _____ () C:\Users\Stefan\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () D:\Programmer\StrokeIt\Plugins\exec.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00018056 _____ () D:\Programmer\StrokeIt\Plugins\keys.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () D:\Programmer\StrokeIt\Plugins\msg.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () D:\Programmer\StrokeIt\Plugins\multimon.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00012936 _____ () D:\Programmer\StrokeIt\Plugins\OSD.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00010376 _____ () D:\Programmer\StrokeIt\Plugins\siControl.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00013960 _____ () D:\Programmer\StrokeIt\Plugins\utilities.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () D:\Programmer\StrokeIt\Plugins\win.dll

2009-09-14 01:06 - 2015-01-04 03:13 - 00204800 _____ () D:\Programmer\Notepad++\plugins\ComparePlugin.dll

2011-07-18 22:07 - 2011-07-18 22:07 - 00014336 _____ () D:\Programmer\Notepad++\plugins\NppExport.dll

2014-01-07 00:42 - 2014-01-07 00:42 - 01611264 _____ () D:\Programmer\Notepad++\plugins\NppFTP.dll

2007-08-05 02:10 - 2007-08-05 02:10 - 00250368 _____ () D:\Programmer\Notepad++\plugins\Config\tidy\libTidy.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2479822835-2867536027-2880494365-500 - Administrator - Disabled)

Gæst (S-1-5-21-2479822835-2867536027-2880494365-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2479822835-2867536027-2880494365-1002 - Limited - Enabled)

Stefan (S-1-5-21-2479822835-2867536027-2880494365-1000 - Administrator - Enabled) => C:\Users\Stefan

UpdatusUser (S-1-5-21-2479822835-2867536027-2880494365-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: CSR Bluetooth Chip

Description: CSR Bluetooth Chip

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Realtek Semiconductor Corp.

Service: BTHUSB

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:

==================

Error: (01/07/2015 10:26:02 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Det lykkedes ikke at oprette aktiveringskontekst for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Der opstod fejl i manifest- eller politikfilen "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" på linje C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

En komponentversion, der er påkrævet af programmet, er i konflikt med en anden komponentversion, der allerede er aktiv.

Komponenter i konflikt er:.

Komponent 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponent 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 10:26:02 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Det lykkedes ikke at oprette aktiveringskontekst for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Der opstod fejl i manifest- eller politikfilen "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" på linje C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

En komponentversion, der er påkrævet af programmet, er i konflikt med en anden komponentversion, der allerede er aktiv.

Komponenter i konflikt er:.

Komponent 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponent 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 10:32:35 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 01:17:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Navn på program med fejl: cmdshell.exe, version: 4.0.1.1615, tidsstempel: 0x54a0adf1

Navn på modul med fejl: ole32.DLL, version: 6.1.7601.17514, tidsstempel: 0x4ce7b96f

Undtagelseskode: 0xc0000005

Forskydning med fejl 0x00039342

Proces-id 0xb50

Programmets starttidspunkt 0xcmdshell.exe0

Programsti: cmdshell.exe1

Modulsti: cmdshell.exe2

Rapport-id: cmdshell.exe3

Error: (01/07/2015 01:01:54 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoID={597535F1-6A03-4A4D-84B0-EFF30B8934BB}: Brugeren Stefan-pc\Stefan kaldte op til en forbindelse med navnet Bredbåndsforbindelse, men forbindelsen blev ikke oprettet. Den fejlkode, der blev returneret ved fejl, er 651.

Error: (01/06/2015 11:03:36 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 03:49:57 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 03:18:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 03:00:21 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 02:19:12 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (01/07/2015 04:13:46 PM) (Source: BTHUSB) (EventID: 17) (User: )

Description: Der opstod en ukendt fejl i den lokale Bluetooth-adapter og den vil derfor ikke blive brugt. Driveren vil ikke blive indlæst.

Error: (01/07/2015 10:32:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses:

amdkmafd

Error: (01/06/2015 04:11:51 PM) (Source: BTHUSB) (EventID: 17) (User: )

Description: Der opstod en ukendt fejl i den lokale Bluetooth-adapter og den vil derfor ikke blive brugt. Driveren vil ikke blive indlæst.

Error: (01/06/2015 11:03:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses:

amdkmafd

Error: (01/06/2015 05:30:08 AM) (Source: BTHUSB) (EventID: 17) (User: )

Description: Der opstod en ukendt fejl i den lokale Bluetooth-adapter og den vil derfor ikke blive brugt. Driveren vil ikke blive indlæst.

Error: (01/06/2015 03:50:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses:

amdkmafd

Error: (01/06/2015 03:36:17 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}

Error: (01/06/2015 03:20:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Tjenesten globalUpdate Update Service (globalUpdate) kunne ikke starte pga. følgende fejl:

%%2

Error: (01/06/2015 03:20:26 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/06/2015 03:18:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses:

amdkmafd

Microsoft Office Sessions:

=========================

Error: (01/07/2015 10:26:02 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe

Error: (01/07/2015 10:26:02 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe

Error: (01/07/2015 10:32:35 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 01:17:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: cmdshell.exe4.0.1.161554a0adf1ole32.DLL6.1.7601.175144ce7b96fc000000500039342b5001d02997e368cd91C:\Program Files (x86)\XTab\cmdshell.exeC:\Windows\syswow64\ole32.DLL9aabdf2a-9602-11e4-8e3a-6cf0490f7e20

Error: (01/07/2015 01:01:54 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: {597535F1-6A03-4A4D-84B0-EFF30B8934BB}Stefan-pc\StefanBredbåndsforbindelse651

Error: (01/06/2015 11:03:36 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 03:49:57 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 03:18:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 03:00:21 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 02:19:12 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor

Percentage of memory in use: 65%

Total physical RAM: 4093.55 MB

Available physical RAM: 1403.05 MB

Total Pagefile: 8185.29 MB

Available Pagefile: 4089.39 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (C) (Fixed) (Total:931.51 GB) (Free:561.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (D-drev) (Fixed) (Total:931.51 GB) (Free:835.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8DD1E76E)

Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: B05CD427)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Here's the posts of the Fixlog and MBAM log (it didn't ask for restart after scanning)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015Ran by Stefan at 2015-01-08 11:22:26 Run:1Running from D:\EkstraLoaded Profiles: Stefan & UpdatusUser (Available profiles: Stefan & UpdatusUser)Boot Mode: Normal==============================================Content of fixlist:*****************(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exeTask: {2E161715-7E1F-4AC6-9455-42A7BE13392F} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exeTask: {87F69817-3A26-4A00-B72F-C3E8E3C5DC6A} - System32\Tasks\FWDQY => C:\Users\Stefan\AppData\Roaming\FWDQY.exe <==== ATTENTIONTask: {BDF60AF7-94E3-4538-8336-9733CE96A054} - System32\Tasks\JEHJK => C:\Users\Stefan\AppData\Roaming\JEHJK.exe <==== ATTENTIONTask: C:\Windows\Tasks\FWDQY.job => C:\Users\Stefan\AppData\Roaming\FWDQY.exe <==== ATTENTIONTask: C:\Windows\Tasks\JEHJK.job => C:\Users\Stefan\AppData\Roaming\JEHJK.exe <==== ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}HKU\S-1-5-21-2479822835-2867536027-2880494365-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589HKU\S-1-5-21-2479822835-2867536027-2880494365-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes:'>http://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes:'>http://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes: HKU\S-1-5-21-2479822835-2867536027-2880494365-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes:'>http://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}SearchScopes: HKU\S-1-5-21-2479822835-2867536027-2880494365-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}FF'>http://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}FF SelectedSearchEngine: mystartsearchFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xmlCHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589"CHR DefaultSearchKeyword: Default -> mystartsearchCHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONR2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-05] (Fuyu LIMITED) [File not signed]C:\PROGRA~2\FlwsrfC:\Users\Stefan\AppData\Roaming\FWDQY.exeC:\Users\Stefan\AppData\Roaming\JEHJK.exeC:\ProgramData\WindowsMangerProtectC:\Program Files (x86)\XTab2015-01-05 05:09 - 2015-01-05 05:09 - 00000000 ____D () C:\Users\Stefan\AppData\Local\globalUpdate2015-01-05 05:09 - 2015-01-05 05:09 - 00000000 ____D () C:\Users\Stefan\AppData\Local\CrashRpt2015-01-05 05:09 - 2015-01-05 05:09 - 00000000 ____D () C:\Users\Public\Documents\ShopperProemptytemp:*****************[1260] C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe => Process closed successfully.[2552] C:\Program Files (x86)\XTab\CmdShell.exe => Process closed successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E161715-7E1F-4AC6-9455-42A7BE13392F}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E161715-7E1F-4AC6-9455-42A7BE13392F}" => Key deleted successfully.C:\Windows\System32\Tasks\upfs7235 => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87F69817-3A26-4A00-B72F-C3E8E3C5DC6A}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87F69817-3A26-4A00-B72F-C3E8E3C5DC6A}" => Key deleted successfully.C:\Windows\System32\Tasks\FWDQY => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FWDQY" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BDF60AF7-94E3-4538-8336-9733CE96A054}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDF60AF7-94E3-4538-8336-9733CE96A054}" => Key deleted successfully.C:\Windows\System32\Tasks\JEHJK => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JEHJK" => Key deleted successfully.C:\Windows\Tasks\FWDQY.job => Moved successfully.C:\Windows\Tasks\JEHJK.job => Moved successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.HKU\S-1-5-21-2479822835-2867536027-2880494365-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKU\S-1-5-21-2479822835-2867536027-2880494365-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-2479822835-2867536027-2880494365-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKU\S-1-5-21-2479822835-2867536027-2880494365-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-2479822835-2867536027-2880494365-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found. http://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms} => Error: No automatic fix found for this entry."HKU\S-1-5-21-2479822835-2867536027-2880494365-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. Firefox SelectedSearchEngine deleted successfully.C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml => Moved successfully.Chrome HomePage deleted successfully.Chrome StartupUrls deleted successfully.Chrome DefaultSearchKeyword not detected.Chrome DefaultSearchURL not detected."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.IHProtect Service => Service stopped successfully.IHProtect Service => Service deleted successfully.WindowsMangerProtect => Service deleted successfully.C:\PROGRA~2\Flwsrf => Moved successfully."C:\Users\Stefan\AppData\Roaming\FWDQY.exe" => File/Directory not found."C:\Users\Stefan\AppData\Roaming\JEHJK.exe" => File/Directory not found.C:\ProgramData\WindowsMangerProtect => Moved successfully.C:\Program Files (x86)\XTab => Moved successfully.C:\Users\Stefan\AppData\Local\globalUpdate => Moved successfully.C:\Users\Stefan\AppData\Local\CrashRpt => Moved successfully.C:\Users\Public\Documents\ShopperPro => Moved successfully.EmptyTemp: => Removed 1.4 GB temporary data.The system needed a reboot. ==== End of Fixlog 11:23:33 ====
Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Dato: 08-01-2015Scan Tid: 11:32:25Logfil: MBAM log.txtAdministrator: JaVersion: 2.00.4.1028Malware Database: v2015.01.08.08Rootkit Database: v2015.01.07.01Licens: RetssagMalware Protection: AktiveretOndsindet Hjemmeside Beskyttelse: AktiveretSelvbeskyttelse: HandicappedeOS: Windows 7 Service Pack 1CPU: x64Fil system: NTFSBruger: StefanScan Type: Trussel ScanningResultater: FuldførtObjekter Scannet: 371715Forløbet Tid: 7 min, 3 sekHukommelse: AktiveretStartop: AktiveretFilsystem: AktiveretArkiver: AktiveretRootkits: HandicappedeHeuristics: AktiveretPUP: AdvarePUM: AktiveretProcesser: 0(Ingen skadelige varer fundet)Moduler: 0(Ingen skadelige varer fundet)Nøgle Register: 21PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Ingen handling af brugeren, [54a48b69a6e33bfba94631b840c2a25e], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Ingen handling af brugeren, [54a48b69a6e33bfba94631b840c2a25e], PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Ingen handling af brugeren, [54a48b69a6e33bfba94631b840c2a25e], PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Ingen handling af brugeren, [54a48b69a6e33bfba94631b840c2a25e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Ingen handling af brugeren, [9a5e8b69d5b40b2b7c6e7e69ea18d927], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Ingen handling af brugeren, [da1ef301cdbc280ee51071f5a360dd23], PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Ingen handling af brugeren, [47b148acc9c080b6198499d54cb725db], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Ingen handling af brugeren, [698ffdf7fd8cbc7a447c07dafa0ac739], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Ingen handling af brugeren, [64947b791a6f3df90ecb83017a8943bd], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Ingen handling af brugeren, [38c06b89cabfbd796151d2a8b94a619f], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Ingen handling af brugeren, [718745af54354fe7902cd311df25d030], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Ingen handling af brugeren, [67918272315886b0398432b23bc91ee2], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Ingen handling af brugeren, [ae4aef057712cf67019af587897a5ca4], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Ingen handling af brugeren, [e216eb090584e94d06bf19583dc647b9], PUP.Optional.Softonic.A, HKU\S-1-5-21-2479822835-2867536027-2880494365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Ingen handling af brugeren, [03f516debacf46f069d298d3729105fb], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2479822835-2867536027-2880494365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Ingen handling af brugeren, [ac4c2bc95f2aae88c93ff5e1ea1aea16], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2479822835-2867536027-2880494365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Ingen handling af brugeren, [7a7e17dd187137ff0abd3c6f3ec526da], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2479822835-2867536027-2880494365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Ingen handling af brugeren, [b840837194f53afc538aecd552b226da], PUP.Optional.FastStart.A, HKU\S-1-5-21-2479822835-2867536027-2880494365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Ingen handling af brugeren, [d82084708009b086d0e282f7fc07d22e], PUP.Optional.ShopperPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, Ingen handling af brugeren, [19dfb4400b7e5adc1082a4ef0bfa31cf], PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, Ingen handling af brugeren, [19dfb4400b7e5adc1082a4ef0bfa31cf], Værdi Register: 6PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Ingen handling af brugeren, [64947b791a6f3df90ecb83017a8943bd]PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\nqke5f13.default\extensions\fftoolbar2014@etech.com, Ingen handling af brugeren, [995f965e2b5e42f4157aacba6d9635cb]PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\nqke5f13.default\extensions\faststartff@gmail.com, Ingen handling af brugeren, [7b7d995b0287e6501ebca23e9a6a3fc1]PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, Ingen handling af brugeren, [ae4aef057712cf67019af587897a5ca4]PUP.Optional.InstallCore.A, HKU\S-1-5-21-2479822835-2867536027-2880494365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0J1L2U1C1H1Q0R2X1L1R1P0B1P, Ingen handling af brugeren, [b840837194f53afc538aecd552b226da]PUP.Optional.FastStart.A, HKU\S-1-5-21-2479822835-2867536027-2880494365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Ingen handling af brugeren, [d82084708009b086d0e282f7fc07d22e]Data Register: 0(Ingen skadelige varer fundet)Mapper: 8PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Ingen handling af brugeren, [db1d1ed6513847eff566c684ee1540c0], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Ingen handling af brugeren, [db1d1ed6513847eff566c684ee1540c0], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, Ingen handling af brugeren, [db1d1ed6513847eff566c684ee1540c0], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, Ingen handling af brugeren, [db1d1ed6513847eff566c684ee1540c0], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, Ingen handling af brugeren, [db1d1ed6513847eff566c684ee1540c0], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{026C26A8-86E0-423F-B439-A39E0E77F72E}, Ingen handling af brugeren, [db1d1ed6513847eff566c684ee1540c0], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Ingen handling af brugeren, [906828cc46433bfbea02d293bf44f709], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Ingen handling af brugeren, [906828cc46433bfbea02d293bf44f709], Filer: 5PUP.Optional.InstallCore.A, C:\Users\Stefan\Downloads\WinzipSetup [1].exe, Ingen handling af brugeren, [e315658f513878be784b114a18ed857b], PUP.Optional.Flowsurf.A, C:\Windows\System32\abengineOff.ini, Ingen handling af brugeren, [e11703f1018844f293852741d92a8d73], PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengineOff.ini, Ingen handling af brugeren, [33c518dcc8c10c2ad54396d20003d12f], PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengine.ini, Ingen handling af brugeren, [08f0fafa73161125f920165235ce7987], PUP.Optional.CrossRider.A, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\nqke5f13.default\prefs.js, Godt:)), Bad:)user_pref("extensions.crossrider.bic", "14ab84c771a0e4b92836ada736c36225"), Ingen handling af brugeren,[6a8e22d2f8916fc78573f1d564a14fb1]Fysiske sektorer: 0(Ingen skadelige varer fundet)(end)
Link to post
Share on other sites

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Click Start[*]Wait for the scan to finish[*]When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."[*] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[*]Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

52 threats found in ESET Online Scan:

C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe	a variant of Win32/ELEX.BH potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe	a variant of Win32/Systweak.L potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll	a variant of Win32/Systweak.N potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe	a variant of Win32/Systweak.L potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe	a variant of Win32/Systweak potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe	a variant of Win32/Systweak.L potentially unwanted applicationC:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe	a variant of Win32/Systweak.L potentially unwanted applicationC:\Users\Stefan\AppData\Roaming\FWDQY	JS/Toolbar.Crossrider.C potentially unwanted applicationC:\Users\Stefan\AppData\Roaming\JEHJK	JS/Toolbar.Crossrider.C potentially unwanted applicationC:\Users\Stefan\Documents\Bethania\Ny hjemmeside\web\ip2\mailer.php	PHP/Obfuscated.F potentially unwanted applicationC:\Users\Stefan\Documents\Copy\it-Works\100 - 199\109 - Punjab Indian Restaurant ApS\joom2-punjab.tar.gz	multiple threatsC:\Users\Stefan\Documents\it-WORKS\OneDrive Business\SharePoint\IT Works - Intranet - Delte dokumen\99 - PRODUCTION FILES\109 - Punjab Indian Restaurant ApS.zip	multiple threatsC:\Users\Stefan\Documents\Sange, salmer og noder\Time to say goodbye\MusicnotesSuite.exe	Win32/OpenCandy potentially unsafe applicationC:\Users\Stefan\Documents\Webudvikler\1. semester\CMS\Drupal\winscp428setup.exe	Win32/OpenCandy potentially unsafe applicationC:\Users\Stefan\Downloads\WinzipSetup [1].exe	a variant of Win32/InstallCore.NP potentially unwanted applicationC:\Users\Stefan\Dropbox\Webkommunikation (Stefan)\3. semester\Praktik\E-bøger\Programmer\kindle-for-pc.exe	Win32/DomaIQ.AH potentially unwanted applicationC:\Windows\Installer\85a23.msi	a variant of Win32/Systweak.L potentially unwanted applicationD:\$RECYCLE.BIN\S-1-5-21-2479822835-2867536027-2880494365-1000\$R08TYXC.exe	a variant of Win32/InstallCore.UQ potentially unwanted applicationD:\$RECYCLE.BIN\S-1-5-21-2479822835-2867536027-2880494365-1000\$RBAWHIU.exe	a variant of Win32/InstallCore.PP potentially unwanted applicationD:\$RECYCLE.BIN\S-1-5-21-2479822835-2867536027-2880494365-1000\$RQHLULF.exe	a variant of Win32/InstallCore.UQ potentially unwanted applicationD:\$RECYCLE.BIN\S-1-5-21-625362548-3189039340-2884196452-1001\$R8QDE8L.exe	a variant of Win32/InstallCore.QA potentially unwanted applicationD:\$RECYCLE.BIN\S-1-5-21-625362548-3189039340-2884196452-1001\$RGIUISR.rar	Win32/Agent.ONQ trojanD:\$RECYCLE.BIN\S-1-5-21-625362548-3189039340-2884196452-1001\$RUOXM7P.exe	a variant of Win32/CNETInstaller.B potentially unwanted applicationD:\Ekstra\cbsidlm-cbsi188-Cute_FTP-SEO-10000625.exe	a variant of Win32/CNETInstaller.B potentially unwanted applicationD:\Ekstra\ccsetup321.exe	Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\Ekstra\ccsetup409.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe applicationD:\Ekstra\ccsetup415.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe applicationD:\Ekstra\ccsetup501.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe applicationD:\Ekstra\drivermax_7_47_cnet.exe	a variant of Win32/OpenCandy.C potentially unsafe applicationD:\Ekstra\FileMenu Tools (x86  x64) (avanceret højreklik).exe	a variant of Win32/GetNow.D potentially unwanted applicationD:\Ekstra\Format Factory Setup3-3-5-0.exe	a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationD:\Ekstra\GOMPLAYERENSETUP.EXE	Win32/OpenCandy potentially unsafe applicationD:\Ekstra\Timeleft.exe	a variant of Win32/SoftonicDownloader.G potentially unwanted applicationD:\Ekstra\vlc-media-player.exe	a variant of Win32/SoftonicDownloader.G potentially unwanted applicationD:\Ekstra\winzip19-dl.exe	a variant of Win32/InstallCore.TS potentially unwanted applicationD:\Ekstra\Auslogics Registry Defrag (oprydning i registreringsdatabasen)\registry-defrag-setup.exe	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationD:\Ekstra\Konverteringsprogrammer\Mp3 Wma Converter.exe	Win32/Toolbar.Widgi potentially unwanted applicationD:\Ekstra\Konverteringsprogrammer\VideoDub (forkorte videoer).exe	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationD:\Ekstra\Konverteringsprogrammer\YouTube og Flv Converter.exe	Win32/Toolbar.Widgi potentially unwanted applicationD:\Ekstra\Konverteringsprogrammer\FormatFactory\FFSetup220.exe	Win32/Adware.ADON potentially unwanted applicationD:\Ekstra\Konverteringsprogrammer\MP3 Player Utilities 4.00 (med AMV converter)\MSI.CAB	Win32/KillFiles.NEM trojanD:\Ekstra\Virus, malware og KFA-spørgsmål om ClipCache-problem\Virus-downloads\MalwareWipe_install.exe	Win32/Adware.MalwareWipe applicationD:\Ekstra\Virus-downloads\MalwareWipe_install.exe	Win32/Adware.MalwareWipe applicationD:\Ekstra\Virus-downloads\spyheal_setup (skal registreres).exe	Win32/Adware.SpywareQuake applicationD:\Ekstra\Virus-downloads\VirusBlast_setup (skal registreres).exe	Win32/Adware.VirusBlast applicationD:\Ekstra\Webudvikler-installationer\winscp428setup (ftp).exe	Win32/OpenCandy potentially unsafe applicationD:\Programmer\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe	a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationD:\Programmer\Partition Master 10.0\bin\tb_free.exe	a variant of Win32/TFTPD32.A potentially unsafe applicationD:\RECYCLER\S-1-5-21-1645522239-790525478-839522115-1004\Dd51.exe	a variant of Win32/OpenCandy.C potentially unsafe applicationD:\Spil\SoftonicDownloader_for_death-rally.exe	a variant of Win32/SoftonicDownloader.G potentially unwanted applicationD:\Spil\SoftonicDownloader_for_sensible-soccer-2006.exe	a variant of Win32/SoftonicDownloader.G potentially unwanted applicationD:\Spil\Warcraft 2\class.exe	Win32/Agent.ONQ trojan
Link to post
Share on other sites

These files aren´t malware but contain security risks. I´d delete them immediately - your choice.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!

Link to post
Share on other sites

Thank you.

I've removed all the files, except the recycle files as I couldn't find them.

 

Here are the three log files

# AdwCleaner v4.107 - Report created 09/01/2015 at 14:12:31# Updated 07/01/2015 by Xplode# Database : 2015-01-03.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Stefan - STEFAN-PC# Running from : D:\Ekstra\adwcleaner_4.107.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\IHProtectUpDateFolder Deleted : C:\ProgramData\2377886101168868642Folder Deleted : C:\Program Files (x86)\globalUpdateFolder Deleted : C:\Program Files (x86)\pc speed upFolder Deleted : C:\Program Files (x86)\YTDownloaderFile Deleted : C:\ENDFile Deleted : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\nqke5f13.default\user.js***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigckKey Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachineKey Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsyncKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClassKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClassKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachineKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallbackKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvcKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncherKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassServiceKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallbackKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvcKey Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtectValue Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]Key Deleted : HKCU\Software\Mozilla\ExtendsKey Deleted : HKLM\SOFTWARE\Classes\Pac32fcac_3ddb_4f30_bf6c_a1092bacc1f1_.Pac32fcac_3ddb_4f30_bf6c_a1092bacc1f1_Key Deleted : HKLM\SOFTWARE\Classes\Pac32fcac_3ddb_4f30_bf6c_a1092bacc1f1_.Pac32fcac_3ddb_4f30_bf6c_a1092bacc1f1_.9Key Deleted : HKLM\SOFTWARE\Classes\Pbfd03253_1231_48ba_8cdb_b1d9d91a38fd_.Pbfd03253_1231_48ba_8cdb_b1d9d91a38fd_Key Deleted : HKLM\SOFTWARE\Classes\Pbfd03253_1231_48ba_8cdb_b1d9d91a38fd_.Pbfd03253_1231_48ba_8cdb_b1d9d91a38fd_.9Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ac32fcac-3ddb-4f30-bf6c-a1092bacc1f1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bfd03253-1231-48ba-8cdb-b1d9d91a38fd}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac32fcac-3ddb-4f30-bf6c-a1092bacc1f1}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bfd03253-1231-48ba-8cdb-b1d9d91a38fd}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{ac32fcac-3ddb-4f30-bf6c-a1092bacc1f1}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{bfd03253-1231-48ba-8cdb-b1d9d91a38fd}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}Key Deleted : HKCU\Software\GlobalUpdateKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKLM\SOFTWARE\GlobalUpdateKey Deleted : HKLM\SOFTWARE\SupDpKey Deleted : HKLM\SOFTWARE\SupTabKey Deleted : HKLM\SOFTWARE\supWindowsMangerProtectKey Deleted : HKLM\SOFTWARE\mystartsearchSoftwareKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}Key Deleted : [x64] HKLM\SOFTWARE\ShopperProKey Deleted : [x64] HKLM\SOFTWARE\YTDownloaderKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 da)[nqke5f13.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");[nqke5f13.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");[nqke5f13.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");[nqke5f13.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1420431097&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}");[nqke5f13.default\prefs.js] - Line Deleted : user_pref("extensions.7KNBmntdGgobILC9.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...][nqke5f13.default\prefs.js] - Line Deleted : user_pref("extensions.FKNRVFGE34sTE5bx.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...][nqke5f13.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14ab84c771a0e4b92836ada736c36225");[nqke5f13.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);[nqke5f13.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);-\\ Google Chrome v39.0.2171.95[C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}[C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420431145&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589&q={searchTerms}*************************AdwCleaner[R0].txt - [11556 octets] - [09/01/2015 14:08:29]AdwCleaner[S0].txt - [11590 octets] - [09/01/2015 14:12:31]########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11651 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.1 (12.28.2014:1)OS: Windows 7 Home Premium x64Ran by Stefan on 09-01-2015 at 14:20:05,19~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader~~~ Registry Keys~~~ FilesSuccessfully deleted: [File] C:\Windows\Tasks\DriverToolkit Autorun.jobSuccessfully deleted: [File] C:\Windows\prefetch\DRIVERMAX.EXE-D620797F.pf~~~ Folders~~~ FireFoxSuccessfully deleted the following from C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\nqke5f13.default\prefs.jsuser_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");user_pref("browser.search.searchengine.ptid", "amt");user_pref("browser.search.searchengine.uid", "WDCXWD10EZEX-00RKKA0_WD-WCC1S450858908589");user_pref("extensions.7KNBmntdGgobILC9.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnaleuser_pref("extensions.7KNBmntdGgobILC9.url", "hxxp://veteranted.com/sync2/?q=hfZ9ofV9CShEAen0rTwFrHsMg708BNmGWj8wiGhGheDUojw8rdwEqja9rjYGqihIC7n0rjkErja8rdnGrdr8tNhVCT94tMVKhduser_pref("extensions.FKNRVFGE34sTE5bx.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnaleuser_pref("extensions.crossrider.bic", "14ab84c771a0e4b92836ada736c36225");Emptied folder: C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\nqke5f13.default\minidumps [3 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 09-01-2015 at 14:26:08,46End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
 Mozilla Thunderbird (31.3.0)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Avast AvastSvc.exe   
 Avast avastui.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Good question :)

I've run the Anti-malware software that detected only a few files. They don't seem very harmful?

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Dato: 09-01-2015Scan Tid: 16:47:31Logfil: Administrator: JaVersion: 2.00.4.1028Malware Database: v2015.01.09.10Rootkit Database: v2015.01.07.01Licens: RetssagMalware Protection: AktiveretOndsindet Hjemmeside Beskyttelse: AktiveretSelvbeskyttelse: HandicappedeOS: Windows 7 Service Pack 1CPU: x64Fil system: NTFSBruger: StefanScan Type: Trussel ScanningResultater: FuldførtObjekter Scannet: 372704Forløbet Tid: 7 min, 27 sekHukommelse: AktiveretStartop: AktiveretFilsystem: AktiveretArkiver: AktiveretRootkits: HandicappedeHeuristics: AktiveretPUP: AdvarePUM: AktiveretProcesser: 0(Ingen skadelige varer fundet)Moduler: 0(Ingen skadelige varer fundet)Nøgle Register: 1PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [49157085503940f6e53e99cfaf54e11f], Værdi Register: 1PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\nqke5f13.default\extensions\fftoolbar2014@etech.com, , [7be36491a4e587af427bb7b0f40ff40c]Data Register: 0(Ingen skadelige varer fundet)Mapper: 0(Ingen skadelige varer fundet)Filer: 3PUP.Optional.Flowsurf.A, C:\Windows\System32\abengineOff.ini, , [e67881747c0d5adce263f574ac573bc5], PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengineOff.ini, , [a4bac4319beec17546ff8bdeb0531ae6], PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengine.ini, , [5fff0bead8b165d1bf870168946f08f8], Fysiske sektorer: 0(Ingen skadelige varer fundet)(end)
Link to post
Share on other sites

No, they´re just remainings. Let MBAM take them out.

 

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download
     
     
     
    Recommendations: How to protect yourself
    • System Updates
      Please ensure to have automatic updates activated in your control panel.
      For further information and a tutorial, see this Microsoft Support article.
    • Protection
      What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
      Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
      • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
        It will filter unwanted advertising out of the website´s content.
      • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
        It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
        In addition, before accessing a dangerous classified web site, a warning screen is displayed.


[*]Up to date Software
Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

[*]Backup
Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.