Ännu en Awesomehp

[Annasofia]

Märkte igår att min webbläsare har ändrats till awesomehp, när eller hur vet jag inte riktigt. Jag använder både internet explorer och google chorme. Körde Spyhunter efter rekommendation från olika sidor på google men de vill ju ha betalt (och hittade dessutom 1000 andra virus i datorn? till exempel thorntv).

 

Har försökt få bort awesomehp men ingenting hjälper, har kört Norton Power eraser men inte heller det hjälper.

Väldigt tacksam för hjälp.

 

Anna

 

 

[Cecilia]

Hej Anna!

 

SpyHunter kan man inte lita på så avinstallera det programmet.

 

Det verkar vara en riktig epidemi av Awesomehp nu

 

Nedanstående lista kan se ut som mycket men ta det bara stegvis så går det bra och fråga om det är något som är oklart.

 

1. Ladda ner Malwarebytes Anti-Malware Free (MBAM) från http://www.malwarebytes.org/

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Klicka på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Utför fullständig skanning och klicka på Skanna.

Skanningen tar ett tag.

När den är klar så klicka på OK och sedan Visa resultat.

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

2. Spara ShortcutCleaner på skrivbordet: http://www.bleepingcomputer.com/download/shortcut-cleaner/dl/172/

Starta den nedladdade filen ss-cleaner.exe.

Vänta tills den är klar.

En rapport kommer upp, bifoga den till ditt svar.

 

3. Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt

 

4. Ladda ner Farbar Recovery Scan Tool (FRST) och spara på skrivbordet.

För 64-bitars Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe

För 32-bitars Windows: http://download.bleepingcomputer.com/farbar/FRST.exe

 

Starta FRST.

Läs villkoren för programmet.

Klicka på Yes för att acceptera.

Klicka på Scan-knappen.

När det är klart kommer det att ha skapats två loggar FRST.txt och Addition.txt på skrivbordet.

Om du använder en annan webbläsare än Internet Explorer 11, klistra in innehållet i FRST.txt direkt i ditt svar och bifoga Addition.txt.

Om du använder Internet Explorer 11, får du bifoga båda loggarna till ditt svar.

Klicka på Använd fullständig editor för att se hur du bifogar filer.

[Annasofia]

Tack så hemskt mycket för svar! Ska sätta igång när jag kommer hem. Spelar det någon roll att jag använder två webbläsare? Det tar bort problemet i hela datorn...antar jag?

[Cecilia]

Ingen orsak

 

Det är meningen att Awesomehp ska försvinna från åtminstone Internet Explorer, Firefox och Chrome.

[Annasofia]

här kommer från MBAM, det blev två och den första för lång att klistra in, hoppas det fungerar såhär:

 

 file:///C:/Users/Anna/Desktop/mbam-log-2014-02-11%20(18-36-29).txt

 

nummer två:

 

2014/02/11 18:33:47 +0100 ANNAERIKSSON Anna MESSAGE Executing scheduled update:  Daily

2014/02/11 18:34:11 +0100 ANNAERIKSSON Anna MESSAGE Starting protection

2014/02/11 18:34:11 +0100 ANNAERIKSSON Anna MESSAGE Protection started successfully

2014/02/11 18:34:11 +0100 ANNAERIKSSON Anna MESSAGE Starting IP protection

2014/02/11 18:34:50 +0100 ANNAERIKSSON Anna MESSAGE IP Protection started successfully

2014/02/11 18:35:13 +0100 ANNAERIKSSON Anna MESSAGE Starting database refresh

2014/02/11 18:35:13 +0100 ANNAERIKSSON Anna MESSAGE Scheduled update executed successfully:  database updated from version v2013.04.04.07 to version v2014.02.11.08

2014/02/11 18:35:13 +0100 ANNAERIKSSON Anna MESSAGE Stopping IP protection

2014/02/11 18:35:24 +0100 ANNAERIKSSON Anna MESSAGE IP Protection stopped successfully

2014/02/11 18:35:34 +0100 ANNAERIKSSON Anna MESSAGE Database refreshed successfully

2014/02/11 18:35:34 +0100 ANNAERIKSSON Anna MESSAGE Starting IP protection

2014/02/11 18:35:43 +0100 ANNAERIKSSON Anna MESSAGE IP Protection started successfully

2014/02/11 19:24:53 +0100 ANNAERIKSSON Anna IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/02/11 20:00:03 +0100 ANNAERIKSSON Anna IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/02/11 20:35:57 +0100 ANNAERIKSSON (null) MESSAGE Starting protection

2014/02/11 20:35:57 +0100 ANNAERIKSSON (null) MESSAGE Protection started successfully

2014/02/11 20:35:57 +0100 ANNAERIKSSON (null) MESSAGE Starting IP protection

2014/02/11 20:36:05 +0100 ANNAERIKSSON (null) MESSAGE IP Protection started successfully

 

[Annasofia]

från shortcut cleaner:

 

Shortcut Cleaner 1.2.8 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Shortcut Cleaner can be found at this link:

 http://www.bleepingcomputer.com/download/shortcut-cleaner/

 

Windows Version: Windows 7 Home Premium Service Pack 1

Program started at: 02/11/2014 08:53:09 PM.

 

Scanning for registry hijacks:

 

 * No issues found in the Registry.

 

Searching for Hijacked Shortcuts:

 

Searching C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\

 

  * Shortcut Cleaned: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

 

  * Shortcut Cleaned: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

 

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

 

  * Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com/?type=sc&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

 

Searching C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

 

  * Shortcut Cleaned: C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com/?type=sc&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

 

  * Shortcut Cleaned: C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

 

  * Shortcut Cleaned: C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

 

  * Shortcut Cleaned: C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com/?type=sc&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

 

  * Shortcut Cleaned: C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

 

Searching C:\Users\Public\Desktop\

 

Searching C:\Users\Anna\Desktop

 

 

8 bad shortcuts found.

 

Program finished at: 02/11/2014 08:53:17 PM

Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

[Annasofia]

ADWcleaner:

 

# AdwCleaner v3.018 - Report created 11/02/2014 at 20:58:27

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Anna - ANNAERIKSSON

# Running from : C:\Users\Anna\Downloads\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

Folder Found C:\Program Files (x86)\Ask.com

Folder Found C:\Program Files (x86)\Common Files\337

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\Movies Toolbar

Folder Found C:\Program Files (x86)\registry mechanic

Folder Found C:\ProgramData\Ask

Folder Found C:\ProgramData\BitGuard

Folder Found C:\ProgramData\Browser Manager

Folder Found C:\ProgramData\BrowserProtect

Folder Found C:\ProgramData\Partner

Folder Found C:\Users\Anna\AppData\Local\apn

Folder Found C:\Users\Anna\AppData\Local\Conduit

Folder Found C:\Users\Anna\AppData\Local\Ilivid

Folder Found C:\Users\Anna\AppData\Local\ilividmoviestoolbardla

Folder Found C:\Users\Anna\AppData\LocalLow\AskToolbar

Folder Found C:\Users\Anna\AppData\LocalLow\Conduit

Folder Found C:\Users\Anna\AppData\LocalLow\ConduitEngine

Folder Found C:\Users\Anna\AppData\LocalLow\ilividmoviestoolbardla

Folder Found C:\Users\Anna\AppData\LocalLow\PriceGong

Folder Found C:\Users\Anna\AppData\LocalLow\searchresultstb

Folder Found C:\Users\Anna\AppData\Roaming\registry mechanic

Folder Found C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\x64\mgrldr.dll

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\APN DTX

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ilividmoviestoolbardla

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\smartbar

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\installedbrowserextensions

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\APN

Key Found : [x64] HKCU\Software\APN DTX

Key Found : [x64] HKCU\Software\Ask.com

Key Found : [x64] HKCU\Software\installedbrowserextensions

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Desksvc

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\Software\V9

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]

Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]

Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]

Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]

Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]

Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7431 octets] - [11/02/2014 20:58:27]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7491 octets] ##########

[Annasofia]

och så från FRST

Addition.txt

FRST.txt

[Annasofia]

Åh, nu kommer inte awesomehp upp längre när jag startar webläsaren

Men jag kanske ska göra något ytterligare (tänker på alla bifogningar?) 

Skönt att det finns hjälp som du, Cecilia. Det här är raketforskning för mig. Tack för din hjälp!

[Cecilia]

här kommer från MBAM, det blev två och den första för lång att klistra in, hoppas det fungerar såhär:

 

 file:///C:/Users/Anna/Desktop/mbam-log-2014-02-11%20(18-36-29).txt

 

nummer två:

 

 

2014/02/11 18:33:47 +0100 ANNAERIKSSON Anna MESSAGE Executing scheduled update:  Daily

2014/02/11 18:34:11 +0100 ANNAERIKSSON Anna MESSAGE Starting protection

2014/02/11 18:34:11 +0100 ANNAERIKSSON Anna MESSAGE Protection started successfully

2014/02/11 18:34:11 +0100 ANNAERIKSSON Anna MESSAGE Starting IP protection

2014/02/11 18:34:50 +0100 ANNAERIKSSON Anna MESSAGE IP Protection started successfully

2014/02/11 18:35:13 +0100 ANNAERIKSSON Anna MESSAGE Starting database refresh

2014/02/11 18:35:13 +0100 ANNAERIKSSON Anna MESSAGE Scheduled update executed successfully:  database updated from version v2013.04.04.07 to version v2014.02.11.08

2014/02/11 18:35:13 +0100 ANNAERIKSSON Anna MESSAGE Stopping IP protection

2014/02/11 18:35:24 +0100 ANNAERIKSSON Anna MESSAGE IP Protection stopped successfully

2014/02/11 18:35:34 +0100 ANNAERIKSSON Anna MESSAGE Database refreshed successfully

2014/02/11 18:35:34 +0100 ANNAERIKSSON Anna MESSAGE Starting IP protection

2014/02/11 18:35:43 +0100 ANNAERIKSSON Anna MESSAGE IP Protection started successfully

2014/02/11 19:24:53 +0100 ANNAERIKSSON Anna IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/02/11 20:00:03 +0100 ANNAERIKSSON Anna IP-BLOCK 93.174.93.67 (Type: incoming, Port: 21320, Process: svchost.exe)

2014/02/11 20:35:57 +0100 ANNAERIKSSON (null) MESSAGE Starting protection

2014/02/11 20:35:57 +0100 ANNAERIKSSON (null) MESSAGE Protection started successfully

2014/02/11 20:35:57 +0100 ANNAERIKSSON (null) MESSAGE Starting IP protection

2014/02/11 20:36:05 +0100 ANNAERIKSSON (null) MESSAGE IP Protection started successfully

Du kan inte skriva in (länka) till en fil som ligger i din dator. Det är ingen som kan se innehållet i filer som ligger i din dator.

 

Det andra ser ut att vara någon annan sorts logg.

 

Öppna MBAM, ta fram fliken Loggar och där hittar du loggen där MBAM hittade något. Öppna den loggen, kopiera innehållet i den och klistra in i ditt svar.

[Cecilia]

Det finns en hel del kvar i datorn som behöver tas bort.

 

1. Avinstallera:

Ask Toolbar

Ask Toolbar Updater

Orsak: http://www.systemlookup.com/CLSID/56968-GenericAskToolbar_dll_GENERI_1_DLL.html

 

2. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt

 

3. Flytta FRST från mappen "Hämtade filer" till skrivbordet.

 

Starta Anteckningar.

Kopiera alla rader i rutan:

HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {0f7eaf8f-61e2-11e2-97a9-485b39ea3bad} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {20f64693-574b-11e1-ac71-485b39ea3bad} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {2c912684-955e-11e1-aaa6-485b39ea3bad} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3a495118-1df2-11e1-a83d-001e101f7fb6} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3a495125-1df2-11e1-a83d-001e101f7fb6} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3c779586-0d9e-11e2-8746-485b39ea3bad} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3c779594-0d9e-11e2-8746-485b39ea3bad} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3c7795bc-0d9e-11e2-8746-001e101f4e71} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {6e039e6c-1041-11e0-99b7-485b39ea3bad} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {6e039e79-1041-11e0-99b7-485b39ea3bad} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {6e039e83-1041-11e0-99b7-485b39ea3bad} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {7657ef89-1f73-11e1-a1ee-485b39ea3bad} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {7657efc4-1f73-11e1-a1ee-001e101f1ed9} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {7e3d5586-1df4-11e1-bfe3-485b39ea3bad} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {8097dd99-543d-11e1-b396-485b39ea3bad} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {8ec2459f-5659-11e1-b3df-485b39ea3bad} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {8ec245ac-5659-11e1-b3df-485b39ea3bad} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {910b5c04-28c3-11e1-a994-485b39ea3bad} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {910b5c19-28c3-11e1-a994-485b39ea3bad} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {910b5c3a-28c3-11e1-a994-001e101f7f74} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {97afd708-2988-11e1-ad82-485b39ea3bad} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {a99a5e10-1020-11e2-a415-001e101f82a0} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {a99a5e5f-1020-11e2-a415-001e101f82a0} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {cedd90af-71e2-11e1-91a7-001e101f7fb6} - G:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {d9b9d3cd-142e-11e0-9cd1-001e101f1f81} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {ed1eac84-1dfc-11e1-a021-485b39ea3bad} - F:\AutoRun.exe
HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {ed1eac91-1dfc-11e1-a021-485b39ea3bad} - F:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => File Not Found
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => File Not Found
AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => File Not Found
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=341&systemid=406&v=a10741-118&apn_uid=5311134013434923&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=341&systemid=406&v=a10741-118&apn_uid=5311134013434923&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - No Name - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
S2 DatamngrCoordinator2; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
U3 tmlwf; 
U3 tmwfp; 
2014-02-10 23:32 - 2014-02-10 23:33 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Anna\Downloads\SpyHunter-Installer (1).exe
2014-02-10 23:29 - 2014-02-10 23:30 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Anna\Downloads\SpyHunter-Installer.exe
2014-02-06 21:59 - 2014-02-11 20:30 - 00000000 ____D () C:\Users\Anna\AppData\Local\genienext
2014-02-06 21:59 - 2014-02-10 19:40 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-02-06 21:59 - 2014-02-10 19:40 - 00000000 ____D () C:\Users\Anna\AppData\Local\Mobogenie
2014-02-06 21:59 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Anna\Documents\Mobogenie
2014-02-06 21:59 - 2014-02-06 21:59 - 00000000 _____ () C:\Users\Anna\daemonprocess.txt
2014-02-06 21:56 - 2014-02-10 19:39 - 00000000 ____D () C:\ProgramData\WPM
Task: {8C3B3668-58A0-4382-A415-F6C874FB8359} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-12-10] ()
Task: {8D4D6E48-C398-423C-9D23-26032FD8DBC5} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Anna\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx [2013-06-12]

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

4. Gällande Torntv se http://www.systemlookup.com/FF_Extensions/2848-torntv2_torntv_com_xpi.html

Movies Toolbar är något liknande.

Jag rekommenderar att du avinstallerar de två tilläggen i Google Chrome: https://support.google.com/chrome/answer/113907?hl=sv

 

5. Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar klicka på List of threats found, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

[Annasofia]

raketforskning, som sagt jag får bifoga den för får bara upp att posten är för lång när jag klistrar in, hoppas det funkar lika bra. Resten måste jag ta efter jobb

 

 

mbam-log-2014-02-11 (18-36-29).txt

[Cecilia]

Vad bra att MBAM fick bort så mycket. Då ser jag fram mot resten ikväll.

[Annasofia]

rapport från adware cleaner:

 

# AdwCleaner v3.018 - Report created 12/02/2014 at 19:37:51

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Anna - ANNAERIKSSON

# Running from : C:\Users\Anna\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\BitGuard

Folder Deleted : C:\ProgramData\Browser Manager

Folder Deleted : C:\ProgramData\BrowserProtect

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Movies Toolbar

Folder Deleted : C:\Program Files (x86)\registry mechanic

Folder Deleted : C:\Program Files (x86)\Common Files\337

Folder Deleted : C:\Users\Anna\AppData\Local\Conduit

Folder Deleted : C:\Users\Anna\AppData\Local\Ilivid

Folder Deleted : C:\Users\Anna\AppData\Local\ilividmoviestoolbardla

Folder Deleted : C:\Users\Anna\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Anna\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Anna\AppData\LocalLow\ilividmoviestoolbardla

Folder Deleted : C:\Users\Anna\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Anna\AppData\LocalLow\searchresultstb

Folder Deleted : C:\Users\Anna\AppData\Roaming\registry mechanic

File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]

Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]

Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKCU\Software\APN DTX

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ilividmoviestoolbardla

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\smartbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Desksvc

Key Deleted : HKLM\Software\V9

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\x64\mgrldr.dll

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7631 octets] - [11/02/2014 20:58:27]

AdwCleaner[R1].txt - [5039 octets] - [12/02/2014 19:35:28]

AdwCleaner[s0].txt - [4759 octets] - [12/02/2014 19:37:51]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4819 octets] ##########

[Annasofia]

fixlog:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01

Ran by Anna at 2014-02-12 19:51:46 Run:1

Running from C:\Users\Anna\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: F - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: G - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {0f7eaf8f-61e2-11e2-97a9-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {20f64693-574b-11e1-ac71-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {2c912684-955e-11e1-aaa6-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3a495118-1df2-11e1-a83d-001e101f7fb6} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3a495125-1df2-11e1-a83d-001e101f7fb6} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3c779586-0d9e-11e2-8746-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3c779594-0d9e-11e2-8746-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3c7795bc-0d9e-11e2-8746-001e101f4e71} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {6e039e6c-1041-11e0-99b7-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {6e039e79-1041-11e0-99b7-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {6e039e83-1041-11e0-99b7-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {7657ef89-1f73-11e1-a1ee-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {7657efc4-1f73-11e1-a1ee-001e101f1ed9} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {7e3d5586-1df4-11e1-bfe3-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {8097dd99-543d-11e1-b396-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {8ec2459f-5659-11e1-b3df-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {8ec245ac-5659-11e1-b3df-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {910b5c04-28c3-11e1-a994-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {910b5c19-28c3-11e1-a994-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {910b5c3a-28c3-11e1-a994-001e101f7f74} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {97afd708-2988-11e1-ad82-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {a99a5e10-1020-11e2-a415-001e101f82a0} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {a99a5e5f-1020-11e2-a415-001e101f82a0} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {cedd90af-71e2-11e1-91a7-001e101f7fb6} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {d9b9d3cd-142e-11e0-9cd1-001e101f1f81} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {ed1eac84-1dfc-11e1-a021-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {ed1eac91-1dfc-11e1-a021-485b39ea3bad} - F:\AutoRun.exe

AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => File Not Found

AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => File Not Found

AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => File Not Found

HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION

HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391720076&from=ild&uid=ST9250315AS_5VCHPKQ0XXXX5VCHPKQ0&q={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=341&systemid=406&v=a10741-118&apn_uid=5311134013434923&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=341&systemid=406&v=a10741-118&apn_uid=5311134013434923&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM-x32 - No Name - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} -  No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File

Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File

Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

S2 DatamngrCoordinator2; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]

U3 tmlwf; 

U3 tmwfp; 

2014-02-10 23:32 - 2014-02-10 23:33 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Anna\Downloads\SpyHunter-Installer (1).exe

2014-02-10 23:29 - 2014-02-10 23:30 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Anna\Downloads\SpyHunter-Installer.exe

2014-02-06 21:59 - 2014-02-11 20:30 - 00000000 ____D () C:\Users\Anna\AppData\Local\genienext

2014-02-06 21:59 - 2014-02-10 19:40 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

2014-02-06 21:59 - 2014-02-10 19:40 - 00000000 ____D () C:\Users\Anna\AppData\Local\Mobogenie

2014-02-06 21:59 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Anna\Documents\Mobogenie

2014-02-06 21:59 - 2014-02-06 21:59 - 00000000 _____ () C:\Users\Anna\daemonprocess.txt

2014-02-06 21:56 - 2014-02-10 19:39 - 00000000 ____D () C:\ProgramData\WPM

Task: {8C3B3668-58A0-4382-A415-F6C874FB8359} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-12-10] ()

Task: {8D4D6E48-C398-423C-9D23-26032FD8DBC5} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:A724744F

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Anna\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx [2013-06-12]

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Unable to delete value

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1228158096-368230399-1422481915-1000 => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1228158096-368230399-1422481915-1000 => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f7eaf8f-61e2-11e2-97a9-485b39ea3bad} => Key not found.

HKCR\CLSID\{0f7eaf8f-61e2-11e2-97a9-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20f64693-574b-11e1-ac71-485b39ea3bad} => Key not found.

HKCR\CLSID\{20f64693-574b-11e1-ac71-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c912684-955e-11e1-aaa6-485b39ea3bad} => Key not found.

HKCR\CLSID\{2c912684-955e-11e1-aaa6-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a495118-1df2-11e1-a83d-001e101f7fb6} => Key not found.

HKCR\CLSID\{3a495118-1df2-11e1-a83d-001e101f7fb6} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a495125-1df2-11e1-a83d-001e101f7fb6} => Key not found.

HKCR\CLSID\{3a495125-1df2-11e1-a83d-001e101f7fb6} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c779586-0d9e-11e2-8746-485b39ea3bad} => Key not found.

HKCR\CLSID\{3c779586-0d9e-11e2-8746-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c779594-0d9e-11e2-8746-485b39ea3bad} => Key not found.

HKCR\CLSID\{3c779594-0d9e-11e2-8746-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7795bc-0d9e-11e2-8746-001e101f4e71} => Key not found.

HKCR\CLSID\{3c7795bc-0d9e-11e2-8746-001e101f4e71} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e039e6c-1041-11e0-99b7-485b39ea3bad} => Key not found.

HKCR\CLSID\{6e039e6c-1041-11e0-99b7-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e039e79-1041-11e0-99b7-485b39ea3bad} => Key not found.

HKCR\CLSID\{6e039e79-1041-11e0-99b7-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e039e83-1041-11e0-99b7-485b39ea3bad} => Key not found.

HKCR\CLSID\{6e039e83-1041-11e0-99b7-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7657ef89-1f73-11e1-a1ee-485b39ea3bad} => Key not found.

HKCR\CLSID\{7657ef89-1f73-11e1-a1ee-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7657efc4-1f73-11e1-a1ee-001e101f1ed9} => Key not found.

HKCR\CLSID\{7657efc4-1f73-11e1-a1ee-001e101f1ed9} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e3d5586-1df4-11e1-bfe3-485b39ea3bad} => Key not found.

HKCR\CLSID\{7e3d5586-1df4-11e1-bfe3-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8097dd99-543d-11e1-b396-485b39ea3bad} => Key not found.

HKCR\CLSID\{8097dd99-543d-11e1-b396-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ec2459f-5659-11e1-b3df-485b39ea3bad} => Key not found.

HKCR\CLSID\{8ec2459f-5659-11e1-b3df-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ec245ac-5659-11e1-b3df-485b39ea3bad} => Key not found.

HKCR\CLSID\{8ec245ac-5659-11e1-b3df-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{910b5c04-28c3-11e1-a994-485b39ea3bad} => Key not found.

HKCR\CLSID\{910b5c04-28c3-11e1-a994-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{910b5c19-28c3-11e1-a994-485b39ea3bad} => Key not found.

HKCR\CLSID\{910b5c19-28c3-11e1-a994-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{910b5c3a-28c3-11e1-a994-001e101f7f74} => Key not found.

HKCR\CLSID\{910b5c3a-28c3-11e1-a994-001e101f7f74} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97afd708-2988-11e1-ad82-485b39ea3bad} => Key not found.

HKCR\CLSID\{97afd708-2988-11e1-ad82-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a99a5e10-1020-11e2-a415-001e101f82a0} => Key not found.

HKCR\CLSID\{a99a5e10-1020-11e2-a415-001e101f82a0} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a99a5e5f-1020-11e2-a415-001e101f82a0} => Key not found.

HKCR\CLSID\{a99a5e5f-1020-11e2-a415-001e101f82a0} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cedd90af-71e2-11e1-91a7-001e101f7fb6} => Key not found.

HKCR\CLSID\{cedd90af-71e2-11e1-91a7-001e101f7fb6} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9b9d3cd-142e-11e0-9cd1-001e101f1f81} => Key not found.

HKCR\CLSID\{d9b9d3cd-142e-11e0-9cd1-001e101f1f81} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed1eac84-1dfc-11e1-a021-485b39ea3bad} => Key not found.

HKCR\CLSID\{ed1eac84-1dfc-11e1-a021-485b39ea3bad} => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed1eac91-1dfc-11e1-a021-485b39ea3bad} => Key not found.

HKCR\CLSID\{ed1eac91-1dfc-11e1-a021-485b39ea3bad} => Key not found.

"C:\\PROGRA~3\\Wincert\\WIN64C~1.DLL" => Value Data not found.

"c:\\progra~2\\movies~1\\datamngr\\x64\\mgrldr.dll" => Value Data not found.

"c:\\progra~2\\movies~1\\datamngr\\mgrldr.dll" => Value Data removed successfully.

HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Unable to delete value

HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Unable to delete value

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.

HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.

HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.

HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.

HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Unable to delete value

HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} => Unable to delete value

HKCR\Wow6432Node\CLSID\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value deleted successfully.

HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Unable to delete value

HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.

HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Unable to delete value

HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

DatamngrCoordinator2 => Service deleted successfully.

tmlwf => Service deleted successfully.

tmwfp => Service deleted successfully.

"C:\Users\Anna\Downloads\SpyHunter-Installer (1).exe" => File/Directory not found.

"C:\Users\Anna\Downloads\SpyHunter-Installer.exe" => File/Directory not found.

C:\Users\Anna\AppData\Local\genienext => Moved successfully.

C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie => Moved successfully.

C:\Users\Anna\AppData\Local\Mobogenie => Moved successfully.

C:\Users\Anna\Documents\Mobogenie => Moved successfully.

C:\Users\Anna\daemonprocess.txt => Moved successfully.

C:\ProgramData\WPM => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C3B3668-58A0-4382-A415-F6C874FB8359} => Key not found.

C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D4D6E48-C398-423C-9D23-26032FD8DBC5} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D4D6E48-C398-423C-9D23-26032FD8DBC5} => Key deleted successfully.

C:\Windows\System32\Tasks\Desk 365 RunAsStdUser not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.

C:\ProgramData\Temp => ":A724744F" ADS removed successfully.

C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob => Key deleted successfully.

"C:\Users\Anna\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx" => File/Directory not found.

 

==== End of Fixlog ====

[Annasofia]

Min uppkoppling är nog sådär, scannern är på 50% efter 2 timmar så antar att jag får återkomma i morgon

[Annasofia]

från ESET:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\FRST\Quarantine\Mobogenie12-02-2014_19-51-46\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application

C:\FRST\Quarantine\Mobogenie12-02-2014_19-51-46\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application

C:\FRST\Quarantine\Mobogenie12-02-2014_19-51-46\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application

D:\Stuff\SoftonicDownloader_for_vlc-media-player.exe Win32/SoftonicDownloader.A potentially unwanted application

[Cecilia]

Det mesta som Esets skanner hittade ligger i karantänmapparna för AdwCleaner och FRST så de är redan oskadliggjorda, men den sista är en installationsfil som kommer att vilja installera olämpliga tilllägg/program samtidigt som VLC installeras. Softonic är inte en bra webbplats att hämta sina program från eftersom de oftast lägger till egna grejer till den ordinarie installationen.

 

Du får själv avgöra om du vill ta bort filen D:\Stuff\SoftonicDownloader_for_vlc-media-player.

 

Kör FRST igen och klistra in den nya FRST.txt för en koll av att jag fick med allt som skulle bort.

[Annasofia]

jag tog bort sofftonic. Den fanns ju inte att avinstallera så valde bara "ta bort", det kanske räcker då?

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01

Ran by Anna (administrator) on ANNAERIKSSON on 13-02-2014 08:16:53

Running from C:\Users\Anna\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Windows\system32\atibtmon.exe

(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

() C:\Program Files (x86)\AgentService\AgentService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\ProgramData\DatacardService\HWDeviceService64.exe

(Lexmark International, Inc.) C:\Windows\system32\spool\DRIVERS\x64\3\lxeaserv.exe

( ) C:\Windows\system32\lxeacoms.exe

(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamgui.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe

(ASUS) C:\Windows\AsScrPro.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe

() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe

() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

(ATK) C:\Program Files\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\spotify.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

() C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

() C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)

HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()

HKLM\...\Run: [lxeamon.exe] - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2010-05-05] ()

HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2010-05-05] ()

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)

HKLM-x32\...\Run: [updateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-03-31] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\Run: [spotify Web Helper] - C:\Users\Anna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-18] (Spotify Ltd)

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\Run: [spotify] - C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-18] (Spotify Ltd)

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: F - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: G - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {0f7eaf8f-61e2-11e2-97a9-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {20f64693-574b-11e1-ac71-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {2c912684-955e-11e1-aaa6-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3a495118-1df2-11e1-a83d-001e101f7fb6} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3a495125-1df2-11e1-a83d-001e101f7fb6} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3c779586-0d9e-11e2-8746-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3c779594-0d9e-11e2-8746-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {3c7795bc-0d9e-11e2-8746-001e101f4e71} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {6e039e6c-1041-11e0-99b7-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {6e039e79-1041-11e0-99b7-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {6e039e83-1041-11e0-99b7-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {7657ef89-1f73-11e1-a1ee-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {7657efc4-1f73-11e1-a1ee-001e101f1ed9} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {7e3d5586-1df4-11e1-bfe3-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {8097dd99-543d-11e1-b396-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {8ec2459f-5659-11e1-b3df-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {8ec245ac-5659-11e1-b3df-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {910b5c04-28c3-11e1-a994-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {910b5c19-28c3-11e1-a994-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {910b5c3a-28c3-11e1-a994-001e101f7f74} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {97afd708-2988-11e1-ad82-485b39ea3bad} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {a99a5e10-1020-11e2-a415-001e101f82a0} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {a99a5e5f-1020-11e2-a415-001e101f82a0} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {cedd90af-71e2-11e1-91a7-001e101f7fb6} - G:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {d9b9d3cd-142e-11e0-9cd1-001e101f1f81} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {ed1eac84-1dfc-11e1-a021-485b39ea3bad} - F:\AutoRun.exe

HKU\S-1-5-21-1228158096-368230399-1422481915-1000\...\MountPoints2: {ed1eac91-1dfc-11e1-a021-485b39ea3bad} - F:\AutoRun.exe

 

==================== Internet (Whitelisted) ====================

 

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Lexmark Verktygsfält - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Lexmark Verktygsfält - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\..\Interfaces\{2C03D92F-2CD1-4A7A-9529-C195DB818DF6}: [NameServer]80.251.201.177 80.251.201.178

Tcpip\..\Interfaces\{57DE699A-D777-4957-BA79-BCBAF61BCA78}: [NameServer]80.251.201.177 80.251.201.178

Tcpip\..\Interfaces\{8316EB88-4218-4B93-94BC-CA6CD577A343}: [NameServer]80.251.201.177 80.251.201.178

Tcpip\..\Interfaces\{8BC71885-6F48-4DDE-9C22-D757F3DD4955}: [NameServer]80.251.201.177 80.251.201.178

Tcpip\..\Interfaces\{BC5C39AC-8BA9-48AD-B396-C20B04B1AB85}: [NameServer]80.251.201.177 80.251.201.178

 

Chrome: 

=======

CHR Extension: (Norton Identity Protection) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-10]

CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-21]

CHR StartMenuInternet: Google Chrome - Chrome.exe

 

==================== Services (Whitelisted) =================

 

R2 AgentService; C:\Program Files (x86)\AgentService/AgentService.exe [73216 2010-03-19] ()

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()

R2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)

R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )

R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )

R2 MBAMScheduler; C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2012-10-03] ()

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-02] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-02] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140211.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140212.002\ENG64.SYS [126040 2014-01-17] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140212.002\EX64.SYS [2099288 2014-01-17] (Symantec Corporation)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()

R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-02] (Symantec Corporation)

R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)

R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)

S3 TdsNordecr; C:\Windows\System32\DRIVERS\nordecr.sys [28672 2007-10-30] (Todos Data System AB)

S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-12 22:12 - 2014-02-12 22:12 - 00000770 _____ () C:\Users\Anna\Desktop\ESET.txt

2014-02-12 19:59 - 2014-02-12 19:59 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-12 19:58 - 2014-02-12 19:58 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe

2014-02-12 19:51 - 2014-02-13 08:16 - 00000000 ____D () C:\Users\Anna\Desktop\FRST-OlderVersion

2014-02-11 21:17 - 2014-02-11 21:17 - 00001790 _____ () C:\Users\Anna\Desktop\sc-cleaner.txt

2014-02-11 21:13 - 2014-02-11 21:13 - 00043481 _____ () C:\Users\Anna\Desktop\Addition.txt

2014-02-11 21:12 - 2014-02-13 08:16 - 00022852 _____ () C:\Users\Anna\Desktop\FRST.txt

2014-02-11 21:08 - 2014-02-11 21:09 - 00043481 _____ () C:\Users\Anna\Downloads\Addition.txt

2014-02-11 20:57 - 2014-02-12 19:37 - 00000000 ____D () C:\AdwCleaner

2014-02-11 20:57 - 2014-02-11 20:57 - 01166132 _____ () C:\Users\Anna\Desktop\adwcleaner.exe

2014-02-11 20:53 - 2014-02-11 21:17 - 00001790 _____ () C:\sc-cleaner.txt

2014-02-11 20:52 - 2014-02-11 20:52 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Anna\Desktop\sc-cleaner.exe

2014-02-11 18:32 - 2014-02-11 18:32 - 00000710 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-11 18:32 - 2014-02-11 18:32 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Malwarebytes

2014-02-11 18:32 - 2014-02-11 18:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-11 18:32 - 2014-02-11 18:32 - 00000000 ____D () C:\Malwarebytes' Anti-Malware

2014-02-11 18:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-02-11 18:27 - 2014-02-11 18:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-11 00:42 - 2014-02-11 20:35 - 00214670 _____ () C:\Windows\PFRO.log

2014-02-11 00:29 - 2013-09-10 03:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys

2014-02-10 23:35 - 2014-02-10 23:35 - 00000000 _____ () C:\autoexec.bat

2014-02-10 23:34 - 2014-02-11 18:24 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-02-10 23:34 - 2014-02-10 23:34 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-02-10 23:18 - 2014-02-10 23:18 - 00003146 _____ () C:\Windows\System32\Tasks\{1C81E417-6697-446C-8FE4-6F20F2664605}

2014-02-10 22:52 - 2014-02-13 08:06 - 00000560 _____ () C:\Windows\setupact.log

2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-10 22:50 - 2014-02-11 00:50 - 00000000 ____D () C:\Users\Anna\AppData\Local\NPE

2014-02-10 22:47 - 2014-02-13 08:16 - 00000000 ____D () C:\FRST

2014-02-10 22:46 - 2014-02-13 08:16 - 02152448 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe

2014-02-06 21:59 - 2014-02-06 23:00 - 00000000 ____D () C:\Users\Anna\AppData\Local\cache

2014-02-06 21:59 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Anna\.android

2014-01-15 22:34 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-15 22:34 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-15 22:34 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-15 22:34 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-15 22:34 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-15 22:34 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-15 22:34 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-15 22:34 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-15 22:34 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

 

==================== One Month Modified Files and Folders =======

 

2014-02-13 08:17 - 2014-02-11 21:12 - 00022852 _____ () C:\Users\Anna\Desktop\FRST.txt

2014-02-13 08:17 - 2010-12-26 16:00 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Spotify

2014-02-13 08:16 - 2014-02-12 19:51 - 00000000 ____D () C:\Users\Anna\Desktop\FRST-OlderVersion

2014-02-13 08:16 - 2014-02-10 22:47 - 00000000 ____D () C:\FRST

2014-02-13 08:16 - 2014-02-10 22:46 - 02152448 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe

2014-02-13 08:15 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-13 08:15 - 2009-07-14 05:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-13 08:10 - 2010-07-28 12:35 - 01125483 _____ () C:\Windows\WindowsUpdate.log

2014-02-13 08:07 - 2011-01-17 15:56 - 00143320 _____ () C:\ProgramData\lxeascan.log

2014-02-13 08:07 - 2010-07-28 12:52 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-13 08:06 - 2014-02-10 22:52 - 00000560 _____ () C:\Windows\setupact.log

2014-02-13 08:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-12 22:25 - 2010-07-28 12:52 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-12 22:20 - 2013-01-31 18:14 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-12 22:12 - 2014-02-12 22:12 - 00000770 _____ () C:\Users\Anna\Desktop\ESET.txt

2014-02-12 19:59 - 2014-02-12 19:59 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-12 19:58 - 2014-02-12 19:58 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe

2014-02-12 19:51 - 2010-12-25 17:11 - 00000000 ____D () C:\Users\Anna

2014-02-12 19:37 - 2014-02-11 20:57 - 00000000 ____D () C:\AdwCleaner

2014-02-12 19:37 - 2010-12-30 19:09 - 00000000 ____D () C:\Program Files (x86)\Conduit

2014-02-11 21:17 - 2014-02-11 21:17 - 00001790 _____ () C:\Users\Anna\Desktop\sc-cleaner.txt

2014-02-11 21:17 - 2014-02-11 20:53 - 00001790 _____ () C:\sc-cleaner.txt

2014-02-11 21:13 - 2014-02-11 21:13 - 00043481 _____ () C:\Users\Anna\Desktop\Addition.txt

2014-02-11 21:09 - 2014-02-11 21:08 - 00043481 _____ () C:\Users\Anna\Downloads\Addition.txt

2014-02-11 20:57 - 2014-02-11 20:57 - 01166132 _____ () C:\Users\Anna\Desktop\adwcleaner.exe

2014-02-11 20:57 - 2013-01-17 17:55 - 00002085 _____ () C:\Users\Anna\Desktop\Webbläsare.lnk

2014-02-11 20:53 - 2010-12-25 17:18 - 00001419 _____ () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-11 20:52 - 2014-02-11 20:52 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Anna\Desktop\sc-cleaner.exe

2014-02-11 20:37 - 2010-07-28 13:14 - 00001523 _____ () C:\Windows\system32\ServiceFilter.ini

2014-02-11 20:35 - 2014-02-11 00:42 - 00214670 _____ () C:\Windows\PFRO.log

2014-02-11 20:30 - 2013-08-10 15:44 - 00000000 ____D () C:\ProgramData\Wincert

2014-02-11 18:32 - 2014-02-11 18:32 - 00000710 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-11 18:32 - 2014-02-11 18:32 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Malwarebytes

2014-02-11 18:32 - 2014-02-11 18:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-11 18:32 - 2014-02-11 18:32 - 00000000 ____D () C:\Malwarebytes' Anti-Malware

2014-02-11 18:28 - 2014-02-11 18:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-11 18:24 - 2014-02-10 23:34 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-02-11 18:08 - 2009-08-04 11:58 - 00629752 _____ () C:\Windows\system32\perfh01D.dat

2014-02-11 18:08 - 2009-08-04 11:58 - 00126256 _____ () C:\Windows\system32\perfc01D.dat

2014-02-11 18:08 - 2009-07-14 06:13 - 01478850 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-11 00:50 - 2014-02-10 22:50 - 00000000 ____D () C:\Users\Anna\AppData\Local\NPE

2014-02-10 23:35 - 2014-02-10 23:35 - 00000000 _____ () C:\autoexec.bat

2014-02-10 23:34 - 2014-02-10 23:34 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-02-10 23:18 - 2014-02-10 23:18 - 00003146 _____ () C:\Windows\System32\Tasks\{1C81E417-6697-446C-8FE4-6F20F2664605}

2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-10 22:50 - 2010-12-26 20:44 - 00000000 ____D () C:\ProgramData\Norton

2014-02-10 22:40 - 2011-08-13 16:31 - 00000000 ____D () C:\Windows\Minidump

2014-02-07 21:37 - 2010-07-28 13:14 - 00002610 _____ () C:\Windows\system32\AutoRunFilter.ini

2014-02-06 23:00 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Anna\AppData\Local\cache

2014-02-06 21:59 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Anna\.android

2014-02-06 21:56 - 2011-02-20 06:03 - 00420912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll

2014-02-06 21:56 - 2011-02-19 07:40 - 00773680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll

2014-02-06 19:21 - 2013-01-31 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-06 19:21 - 2013-01-31 18:14 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-06 19:21 - 2011-11-28 21:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-06 18:45 - 2010-12-26 16:00 - 00000000 ____D () C:\Users\Anna\AppData\Local\Spotify

2014-02-05 22:53 - 2013-12-02 18:30 - 00001272 _____ () C:\Users\Anna\Desktop\Nortons installationsfiler.lnk

2014-01-30 22:46 - 2011-01-07 11:07 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Skype

2014-01-27 23:48 - 2013-12-12 12:11 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-01-22 17:52 - 2013-05-29 18:53 - 00000000 ____D () C:\Users\Anna\Desktop\Ny mapp

2014-01-19 09:12 - 2013-09-03 17:30 - 00000000 ____D () C:\Users\Anna\Desktop\Halmstad

2014-01-16 17:54 - 2009-07-14 05:45 - 04966000 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-16 17:35 - 2013-07-17 06:29 - 00000000 ____D () C:\Windows\system32\MRT

2014-01-16 17:30 - 2011-01-10 23:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

Some content of TEMP:

====================

C:\Users\Anna\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-23 05:00

 

==================== End Of Log ============================

[Annasofia]

klistrar in den också för det verkar inte vilja ta allt:

 

 

FRST 13.txt

[Cecilia]

Starta Anteckningar.
Kopiera alla rader i rutan:

2014-02-10 23:34 - 2014-02-10 23:34 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-12 19:37 - 2010-12-30 19:09 - 00000000 ____D () C:\Program Files (x86)\Conduit

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.

 

Hur är det med datorn nu?
 

[Annasofia]

Jag tror att den mår bra nu, märker inte av awesomehp eller något. Har inte använt datorn så mycket men jag tror att den är frisk nu Tack för all din hjälp, vilken fantastisk människa du är! Förstår inte hälften av vad det är jag gjort med datorn men du ska ha stort tack för hjälpen, igen! 

 

fick upp detta efter fix i FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2014 01

Ran by Anna at 2014-02-13 17:41:42 Run:2

Running from C:\Users\Anna\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

2014-02-10 23:34 - 2014-02-10 23:34 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-02-12 19:37 - 2010-12-30 19:09 - 00000000 ____D () C:\Program Files (x86)\Conduit

*****************

 

C:\Program Files\Enigma Software Group => Moved successfully.

C:\Program Files (x86)\Conduit => Moved successfully.

 

==== End of Fixlog ====

[Cecilia]

Bara trevligt att kunna hjälpa till

 

Då får du avinstallera specialprogrammen.

 

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort ShortcutCleaner och eventuella loggar.

 

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

[Annasofia]

Stort tack för all din hjälp!!

Jag ska läsa dina råd så jag förhoppningsvis slipper bli med massa virus igen.

Tack igen!