Ytterligare en awesomehp...

[elin747]

Hej, 

ser att det är många som drabbats av awesomehp-sjukan. Så även jag. har laddat ner MBAM och FRST, men vet inte riktigt vad jag ska göra mer... någon som vet?

 

Tack!

/Elin

[Cecilia]

Hej!

 

1. Dubbelklicka på mbam-setup för att installera programmet.

Se till i slutet av installationen att det är bockar för:
Uppdatera Malwarebytes' Anti-Malware
Starta Malwarebytes' Anti-Malware
Klicka på Slutför
Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj Utför fullständig skanning och klicka på Skanna.
Skanningen tar ett tag.
När den är klar så klicka på OK och sedan Visa resultat.
Bocka för allt och tryck sedan Ta bort markerade.
När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.
Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.
Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.
Kopiera loggen och klistra in den i ditt svar.

 

2. Spara ShortcutCleaner på skrivbordet: http://www.bleepingcomputer.com/download/shortcut-cleaner/dl/172/
Starta den nedladdade filen ss-cleaner.exe.
Vänta tills den är klar.
En rapport kommer upp, bifoga den till ditt svar.

 

3. Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på Report-knappen.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt

4. Ladda ner Farbar Recovery Scan Tool (FRST) och spara på skrivbordet.
För 64-bitars Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe
För 32-bitars Windows: http://download.bleepingcomputer.com/farbar/FRST.exe

Starta FRST.
Läs villkoren för programmet.
Klicka på Yes för att acceptera.
Klicka på Scan-knappen.
När det är klart kommer det att ha skapats två loggar FRST.txt och Addition.txt på skrivbordet.
Klistra in innehållet i FRST.txt direkt i ditt svar och bifoga Addition.txt.
Klicka på Använd fullständig editor för att se hur du bifogar filer.

 

OBS! Om du använder Internet Explorer 11, får du bifoga loggar i stället för att klistra in dem. Klicka på knappen "Använd fullständig editor" för att se hur du bifogar filer.

[elin747]

Hej!

Tack för svar!

 

MBAM tog ett tag, ett gäng timmar... Sen hängde sig MBAM när den skulle ta bort det som hittats, var tvungen att starta om och då rensade jag karantänen, där det såg ut som att det som hittats låg. Här kommer logg, som av beskriven anledning kan vara fel...

 

2014/02/23 19:31:20 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE Executing scheduled update:  Daily

2014/02/23 19:31:32 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE Starting protection

2014/02/23 19:31:32 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE Protection started successfully

2014/02/23 19:31:32 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE Starting IP protection

2014/02/23 19:32:04 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE IP Protection started successfully

2014/02/23 19:32:18 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE Starting database refresh

2014/02/23 19:32:18 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE Stopping IP protection

2014/02/23 19:32:21 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE IP Protection stopped successfully

2014/02/23 19:32:33 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE Database refreshed successfully

2014/02/23 19:32:33 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE Starting IP protection

2014/02/23 19:32:38 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE Scheduled update executed successfully:  database updated from version v2013.04.04.07 to version v2014.02.23.07

2014/02/23 19:32:45 +0100 HÄSTFLICK-DATOR hästflickan MESSAGE IP Protection started successfully

[elin747]

Här kommer logg från sc-cleaner...

sc-cleaner.txt

[elin747]

Här report från adw:

 

# AdwCleaner v3.019 - Report created 24/02/2014 at 00:40:28

# Updated 17/02/2014 by Xplode

# Operating System : Windows Vista Home Basic Service Pack 1 (32 bits)

# Username : hästflickan - HÄSTFLICK-DATOR

# Running from : C:\Users\hästflickan\Desktop\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : vToolbarUpdater17.3.0

 

***** [ Files / Folders ] *****

 

File Found : C:\Program Files\Mozilla Firefox\.autoreg

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\searchplugins\Conduit.xml

File Found : C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\user.js

Folder Found : C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml

Folder Found : C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Found : C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Folder Found : C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

Folder Found : C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa}

Folder Found C:\Program Files\AVG Secure Search

Folder Found C:\Program Files\Common Files\AVG Secure Search

Folder Found C:\Program Files\Conduit

Folder Found C:\Program Files\ConduitEngine

Folder Found C:\Program Files\MediaPlayerV1

Folder Found C:\Program Files\Mobogenie

Folder Found C:\Program Files\SupTab

Folder Found C:\Program Files\ToggleSW

Folder Found C:\Program Files\uTorrentControl2

Folder Found C:\ProgramData\AVG Secure Search

Folder Found C:\ProgramData\IePluginService

Folder Found C:\ProgramData\WPM

Folder Found C:\Users\HSTFLI~1\AppData\Local\Temp\CT3072253

Folder Found C:\Users\hästflickan\AppData\Local\AVG Secure Search

Folder Found C:\Users\hästflickan\AppData\Local\Conduit

Folder Found C:\Users\hästflickan\AppData\Local\genienext

Folder Found C:\Users\hästflickan\AppData\Local\Mobogenie

Folder Found C:\Users\hästflickan\AppData\Local\SwvUpdater

Folder Found C:\Users\hästflickan\AppData\LocalLow\AVG Secure Search

Folder Found C:\Users\hästflickan\AppData\LocalLow\Conduit

Folder Found C:\Users\hästflickan\AppData\LocalLow\ConduitEngine

Folder Found C:\Users\hästflickan\AppData\LocalLow\PriceGong

Folder Found C:\Users\hästflickan\AppData\LocalLow\ToggleSW

Folder Found C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2

Folder Found C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Conduit

Folder Found C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\ConduitCommon

Folder Found C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\CT2088752

Folder Found C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\CT3072253

Folder Found C:\Users\hästflickan\AppData\Roaming\newnext.me

Folder Found C:\Windows\system32\AI_RecycleBin

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Software\ToggleSW

Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ToggleSW Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A81A48BB-C869-4C98-A45B-0B29F4DBFC97}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6C2170C-FC80-41A2-95E2-A114705A2DDE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A81A48BB-C869-4C98-A45B-0B29F4DBFC97}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A61586-AACD-4F6E-8EFE-719F0800C4E9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E6D6D6A7-197D-409B-A0DF-07E12CDA6E3E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2088752

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\conduitEngine

Key Found : HKLM\Software\conduitEngine

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47686387-C55C-4202-BA38-63C21948E91A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{691D8BDC-05F8-4667-90A1-F84CA3DAA021}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9D0A99B-32F6-4653-BC77-B3B079610DAC}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC645831-B054-416E-B1AB-E0E6604FF8F1}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A81A48BB-C869-4C98-A45B-0B29F4DBFC97}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleSW Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\Software\supTab

Key Found : HKLM\Software\supWPM

Key Found : HKLM\Software\ToggleSW

Key Found : HKLM\Software\uTorrentControl2

Key Found : HKLM\Software\Wpm

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v7.0.6001.18639

 

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://www.awesomehp.com/web/?type=ds&ts=1391261408&from=amt&uid=HitachiXHTS543216L9A300_090603FB22005CC6NS3AX&q={searchTerms}

 

-\\ Mozilla Firefox v3.6.10 (sv-SE)

 

[ File : C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\prefs.js ]

 

Line Found : user_pref("CT2088752.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Line Found : user_pref("CT2088752.CTID", "CT2088752");

Line Found : user_pref("CT2088752.CurrentServerDate", "7-8-2011");

Line Found : user_pref("CT2088752.DialogsAlignMode", "LTR");

Line Found : user_pref("CT2088752.DownloadReferralCookieData", "");

Line Found : user_pref("CT2088752.EMailNotifierPollDate", "Sat Sep 10 2011 01:34:58 GMT+0200");

Line Found : user_pref("CT2088752.FeedLastCount128728594662093846", 356);

Line Found : user_pref("CT2088752.FeedPollDate128728593579282204", "Sat Sep 10 2011 01:34:59 GMT+0200");

Line Found : user_pref("CT2088752.FeedPollDate128728593868969193", "Sat Sep 10 2011 01:34:59 GMT+0200");

Line Found : user_pref("CT2088752.FeedPollDate128728594303656973", "Sat Sep 10 2011 01:34:59 GMT+0200");

Line Found : user_pref("CT2088752.FeedPollDate128728594641156345", "Sat Sep 10 2011 01:34:59 GMT+0200");

Line Found : user_pref("CT2088752.FeedPollDate128728605119906817", "Sat Sep 10 2011 01:34:59 GMT+0200");

Line Found : user_pref("CT2088752.FeedPollDate128728631330531749", "Sat Sep 10 2011 01:34:59 GMT+0200");

Line Found : user_pref("CT2088752.FeedPollDate128728637292250655", "Sat Sep 10 2011 01:35:00 GMT+0200");

Line Found : user_pref("CT2088752.FeedPollDate128728637427719582", "Sat Sep 10 2011 01:35:00 GMT+0200");

Line Found : user_pref("CT2088752.FeedPollDate128728637736781257", "Sat Sep 10 2011 01:35:00 GMT+0200");

Line Found : user_pref("CT2088752.FeedTTL128728593579282204", 5);

Line Found : user_pref("CT2088752.FeedTTL128728637292250655", 15);

Line Found : user_pref("CT2088752.FirstServerDate", "25-10-2010");

Line Found : user_pref("CT2088752.FirstTime", true);

Line Found : user_pref("CT2088752.FirstTimeFF3", true);

Line Found : user_pref("CT2088752.FirstTimeSettingsDone", true);

Line Found : user_pref("CT2088752.FixPageNotFoundErrors", true);

Line Found : user_pref("CT2088752.GroupingServerCheckInterval", 1440);

Line Found : user_pref("CT2088752.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Line Found : user_pref("CT2088752.Initialize", true);

Line Found : user_pref("CT2088752.InitializeCommonPrefs", true);

Line Found : user_pref("CT2088752.InstallationAndCookieDataSentCount", 3);

Line Found : user_pref("CT2088752.InstalledDate", "Mon Oct 25 2010 09:42:54 GMT+0200");

Line Found : user_pref("CT2088752.InvalidateCache", false);

Line Found : user_pref("CT2088752.IsGrouping", false);

Line Found : user_pref("CT2088752.IsMulticommunity", false);

Line Found : user_pref("CT2088752.IsOpenThankYouPage", true);

Line Found : user_pref("CT2088752.IsOpenUninstallPage", true);

Line Found : user_pref("CT2088752.LanguagePackLastCheckTime", "Sun Aug 07 2011 15:27:52 GMT+0200");

Line Found : user_pref("CT2088752.LanguagePackReloadIntervalMM", 1440);

Line Found : user_pref("CT2088752.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");

Line Found : user_pref("CT2088752.LastLogin_2.7.2.0", "Sun Aug 07 2011 15:27:52 GMT+0200");

Line Found : user_pref("CT2088752.LatestVersion", "3.3.3.2");

Line Found : user_pref("CT2088752.Locale", "sv");

Line Found : user_pref("CT2088752.LoginCache", 4);

Line Found : user_pref("CT2088752.MCDetectTooltipHeight", "83");

Line Found : user_pref("CT2088752.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Line Found : user_pref("CT2088752.MCDetectTooltipWidth", "295");

Line Found : user_pref("CT2088752.RadioIsPodcast", false);

Line Found : user_pref("CT2088752.RadioLastCheckTime", "Sat Sep 10 2011 01:34:59 GMT+0200");

Line Found : user_pref("CT2088752.RadioLastUpdateIPServer", "3");

Line Found : user_pref("CT2088752.RadioLastUpdateServer", "128929877726170000");

Line Found : user_pref("CT2088752.RadioMediaID", "9446982");

Line Found : user_pref("CT2088752.RadioMediaType", "Media Player");

Line Found : user_pref("CT2088752.RadioMenuSelectedID", "EBRadioMenu_CT20887529446982");

Line Found : user_pref("CT2088752.RadioStationName", "Sveriges%20Radio%20P1%20");

Line Found : user_pref("CT2088752.RadioStationURL", "hxxp://wm-live.sr.se/SR-P1-High");

Line Found : user_pref("CT2088752.SavedHomepage", "hxxp://se.yahoo.com/?p=us");

Line Found : user_pref("CT2088752.SearchEngine", "S%C3%B6k||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2088752&octid=EB_ORIGINAL_CTID&SearchSource=1");

Line Found : user_pref("CT2088752.SearchFromAddressBarIsInit", true);

Line Found : user_pref("CT2088752.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088752&q=");

Line Found : user_pref("CT2088752.SearchInNewTabEnabled", true);

Line Found : user_pref("CT2088752.SearchInNewTabIntervalMM", 1440);

Line Found : user_pref("CT2088752.SearchInNewTabLastCheckTime", "Sat Sep 10 2011 01:34:58 GMT+0200");

Line Found : user_pref("CT2088752.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

Line Found : user_pref("CT2088752.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");

Line Found : user_pref("CT2088752.SettingsCheckIntervalMin", 120);

Line Found : user_pref("CT2088752.SettingsLastCheckTime", "Sat Sep 10 2011 01:34:58 GMT+0200");

Line Found : user_pref("CT2088752.SettingsLastUpdate", "1285580322");

Line Found : user_pref("CT2088752.ThirdPartyComponentsInterval", 504);

Line Found : user_pref("CT2088752.ThirdPartyComponentsLastCheck", "Sat Sep 10 2011 01:34:58 GMT+0200");

Line Found : user_pref("CT2088752.ThirdPartyComponentsLastUpdate", "1256047192");

Line Found : user_pref("CT2088752.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");

Line Found : user_pref("CT2088752.UserID", "UN14453046536251646");

Line Found : user_pref("CT2088752.WeatherNetwork", "");

Line Found : user_pref("CT2088752.WeatherPollDate", "Sat Sep 10 2011 01:35:00 GMT+0200");

Line Found : user_pref("CT2088752.WeatherUnit", "C");

Line Found : user_pref("CT2088752.alertChannelId", "514531");

Line Found : user_pref("CT2088752.clientLogIsEnabled", true);

Line Found : user_pref("CT2088752.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

Line Found : user_pref("CT2088752.myStuffEnabled", true);

Line Found : user_pref("CT2088752.myStuffPublihserMinWidth", 400);

Line Found : user_pref("CT2088752.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

Line Found : user_pref("CT2088752.myStuffServiceIntervalMM", 1440);

Line Found : user_pref("CT2088752.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

Line Found : user_pref("CT2088752.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

Line Found : user_pref("CT3072253.autoDisableScopes", -1);

Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");

Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2088752");

Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2088752");

Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2088752");

Line Found : user_pref("browser.search.defaultenginename", "awesomehp");

Line Found : user_pref("browser.search.defaultthis.engineName", "ToggleSW Customized Web Search");

Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088752&SearchSource=3&q={searchTerms}");

 

-\\ Google Chrome v

 

[ File : C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found : homepage

 

*************************

 

AdwCleaner[R0].txt - [23143 octets] - [24/02/2014 00:40:28]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [23204 octets] ##########

[elin747]

Här kommer FRST direkt inklippt, bifogat finns addition.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2014 02

Ran by hästflickan (administrator) on HÄSTFLICK-DATOR on 24-02-2014 00:49:03

Running from C:\Users\hästflickan\Desktop

Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) OS Language: Swedish

Internet Explorer Version 7

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================
 

 

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe

(OptionNV) C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe

() C:\ProgramData\MobileBrServ\mbbservice.exe

(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe

(CyberLink) C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PlayMovie\PMVService.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe

() C:\Program Files\AVG Secure Search\vprot.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Emotum) C:\Program Files\Emotum\Mobile Broadband\Mobile.exe

(Spotify Ltd) C:\Users\hästflickan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Technology Nexus AB) C:\Program Files\Personal\bin\Personal.exe

(Telenor) C:\Program Files\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\Users\hästflickan\Desktop\adwcleaner.exe

(Google Inc.) C:\Users\hästflickan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\hästflickan\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\system32\cmd.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\ScriptHelper.exe

(Google Inc.) C:\Users\hästflickan\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\hästflickan\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\hästflickan\Desktop\FRST (1).exe

(Google Inc.) C:\Users\hästflickan\AppData\Local\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-04] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [894512 2007-06-08] (Synaptics, Inc.)

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-12] (Google)

HKLM\...\Run: [smpcSys] - C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)

HKLM\...\Run: [eRecoveryService] - [X]

HKLM\...\Run: [PCMAgent] - C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe [143360 2008-03-21] (CyberLink Corp.)

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608 2008-04-11] (CyberLink)

HKLM\...\Run: [PlayMovie] - C:\Program Files\CyberLink\PlayMovie\PMVService.exe [172032 2008-03-31] (CyberLink Corp.)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2552856 2014-02-22] ()

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)

HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM\...\Winlogon: [userinit] C:\Windows\system32\ezShellStart.exe

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\Run: [smpcSys] - C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV)

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-04-28] (Nero AG)

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2010-09-11] (Google Inc.)

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\Run: [Google Update] - C:\Users\hästflickan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-09-16] (Google Inc.)

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\Run: [Emotum Mobile Broadband] - C:\Program Files\Emotum\Mobile Broadband\Mobile.exe [348968 2010-03-29] (Emotum)

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\Run: [spotify Web Helper] - C:\Users\hästflickan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-16] (Spotify Ltd)

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\MountPoints2: {0562507e-03f7-11e1-9e51-00238bebbe70} - E:\AutoRun.exe

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\MountPoints2: {496fbd44-d56c-11df-a644-00238bebbe70} - G:\LaunchU3.exe -a

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\MountPoints2: {bb5de380-43da-11e2-a7ee-0017c497fa6a} - E:\AutoRun.exe

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\MountPoints2: {c0a4269c-ebb2-11e0-966a-0017c497fa6a} - E:\AutoRun.exe

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\MountPoints2: {c0a426aa-ebb2-11e0-966a-001e101f1f81} - E:\AutoRun.exe

HKU\S-1-5-21-2494588292-394669857-3107600210-1000\...\MountPoints2: {c266609b-24f8-11e1-bfd8-0017c497fa6a} - E:\setup.exe AUTORUN=1

AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-09-12] (Google)

Startup: C:\Users\hästflickan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391261408&from=amt&uid=HitachiXHTS543216L9A300_090603FB22005CC6NS3AX&q={searchTerms}

URLSearchHook: HKLM - ToggleSW Toolbar - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - C:\Program Files\ToggleSW\tbTogg.dll (Conduit Ltd.)

URLSearchHook: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

URLSearchHook: HKCU - ToggleSW Toolbar - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - C:\Program Files\ToggleSW\tbTogg.dll (Conduit Ltd.)

URLSearchHook: HKCU - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2088752

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=fY5oenZOkF-42sf_QqYLMH_Baiw?q={searchTerms}

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2088752

SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/?d=4dd7d7f6&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File

BHO: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

BHO: ToggleSW Toolbar - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - C:\Program Files\ToggleSW\tbTogg.dll (Conduit Ltd.)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: Media Viewer - {e796ec04-d666-4092-9fd4-3ef679de178c} - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ie\MediaViewerV1alpha623.dll ()

Toolbar: HKLM - ToggleSW Toolbar - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - C:\Program Files\ToggleSW\tbTogg.dll (Conduit Ltd.)

Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - ToggleSW Toolbar - {6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} - C:\Program Files\ToggleSW\tbTogg.dll (Conduit Ltd.)

Toolbar: HKCU - uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)

ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll [49152 2010-09-11] (EasyBits Software Corp.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 195.54.122.211 195.54.122.221

 

FireFox:

========

FF ProfilePath: C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default

FF user.js: detected! => C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\user.js

FF DefaultSearchEngine: awesomehp

FF NetworkProxy: "type", 0

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)

FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @se.nexus/Personal - C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\hästflickan\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\hästflickan\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF SearchPlugin: C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\searchplugins\conduit.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml

FF Extension: Microsoft .NET Framework Assistant - C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-25]

FF Extension: uTorrentControl2 Community Toolbar - C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012-05-29]

FF Extension: ToggleSW Toolbar - C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa} [2010-10-11]

FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-02-27]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-10]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha623.net] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ff

FF Extension: Media Viewer - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ff [2014-02-23]

FF StartMenuInternet: FIREFOX.EXE - firefox.exe

 

Chrome: 

=======

CHR HomePage: hxxp://isearch.avg.com/?cid={1C2F5D6D-FE55-48D0-B14F-1165DAE464B4}&mid=07a591b6a649d608366c330a4e3df7aa-80aa1934c453eb0baf69c5c93860fdab7f0065c8&lang=en&ds=AVG&pr=fr&d=2012-12-19 00:13:14&v=13.3.0.17&sap=hp

CHR Extension: (YouTube) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]

CHR Extension: (No Name) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-02-01]

CHR Extension: (Google Search) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]

CHR Extension: (Media Viewer) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbmlmbgadgfhocgbcoijdmoghfoekebd [2014-02-23]

CHR Extension: (Skype Click to Call) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-02-28]

CHR Extension: (Into The Mist) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2013-01-27]

CHR Extension: (AVG Security Toolbar) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-05-06]

CHR Extension: (Google Wallet) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]

CHR Extension: (Cuevana Stream) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj [2011-08-07]

CHR Extension: (uTorrentControl2) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-05-29]

CHR Extension: (Gmail) - C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]

CHR HKLM\...\Chrome\Extension: [dbmlmbgadgfhocgbcoijdmoghfoekebd] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ch\MediaViewerV1alpha623.crx [2014-02-23]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-02-11]

CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-26]

CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\hästflickan\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\hästflickan\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

CHR StartMenuInternet: Google Chrome - Chrome.exe

 

========================== Services (Whitelisted) =================

 

R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)

R2 ETService; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576 2008-07-16] ()

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-12] (Google)

R2 GtDetectSc; C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe [196704 2007-12-18] (OptionNV)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [227680 2011-08-12] ()

R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-26] (AVG Secure Search)

S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

 

==================== Drivers (Whitelisted) ====================

 

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies)

R3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)

R3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)

R3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)

S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [17920 2011-07-21] (Windows ® Win 7 DDK provider)

S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [32256 2009-06-24] (http://libusb-win32.sourceforge.net)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 RDID1116; C:\Windows\System32\Drivers\rdwm1116.sys [116864 2012-10-23] (Roland Corporation)

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\CyberLink\PlayMovie\000.fcl [41456 2008-03-31] (Cyberlink Corp.)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]

S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]

S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-24 00:48 - 2014-02-24 00:48 - 01144320 _____ (Farbar) C:\Users\hästflickan\Desktop\FRST (1).exe

2014-02-24 00:40 - 2014-02-24 00:43 - 00000000 ____D () C:\AdwCleaner

2014-02-24 00:39 - 2014-02-24 00:39 - 01241834 _____ () C:\Users\hästflickan\Desktop\adwcleaner.exe

2014-02-24 00:37 - 2014-02-24 00:37 - 00009602 _____ () C:\Users\hästflickan\Desktop\sc-cleaner.txt

2014-02-24 00:33 - 2014-02-24 00:33 - 00009602 _____ () C:\sc-cleaner.txt

2014-02-24 00:29 - 2014-02-24 00:29 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\hästflickan\Desktop\sc-cleaner.exe

2014-02-23 19:31 - 2014-02-23 19:31 - 00000000 ____D () C:\Users\hästflickan\AppData\Roaming\Malwarebytes

2014-02-23 19:30 - 2014-02-23 19:30 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-23 19:30 - 2014-02-23 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-23 19:30 - 2014-02-23 19:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware

2014-02-23 19:30 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 ____D () C:\Program Files\MediaViewerV1

2014-02-22 20:17 - 2014-02-22 20:22 - 00032437 _____ () C:\Users\hästflickan\Desktop\Addition.txt

2014-02-22 20:17 - 2014-02-22 20:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\hästflickan\Desktop\mbam-setup-1.75.0.1300.exe

2014-02-22 20:16 - 2014-02-24 00:49 - 00029679 _____ () C:\Users\hästflickan\Desktop\FRST.txt

2014-02-22 20:16 - 2014-02-24 00:49 - 00000000 ____D () C:\FRST

2014-02-22 20:15 - 2014-02-22 20:15 - 01142784 _____ (Farbar) C:\Users\hästflickan\Desktop\FRST.exe

2014-02-20 21:16 - 2014-02-20 21:16 - 00000254 __RSH () C:\ProgramData\ntuser.pol

2014-02-20 21:16 - 2014-02-20 21:16 - 00000000 ____D () C:\Program Files\MediaPlayerV1

2014-02-10 22:12 - 2014-01-16 09:59 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-02-01 21:05 - 2014-02-08 11:07 - 00000000 ____D () C:\Users\hästflickan\Documents\RegistryDr

2014-02-01 14:37 - 2014-02-01 14:37 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\RegistryDR

2014-02-01 14:34 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\hästflickan\AppData\Roaming\newnext.me

2014-02-01 14:34 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\genienext

2014-02-01 14:34 - 2014-02-01 14:40 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\Mobogenie

2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\cache

2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 ____D () C:\Users\hästflickan\.android

2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 _____ () C:\Users\hästflickan\daemonprocess.txt

2014-02-01 14:32 - 2014-02-10 21:46 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin

2014-02-01 14:32 - 2014-02-01 14:40 - 00000000 ____D () C:\Program Files\Mobogenie

2014-02-01 14:31 - 2014-02-24 00:10 - 00000000 ____D () C:\Program Files\SupTab

2014-02-01 14:31 - 2014-02-22 19:40 - 00000000 ____D () C:\ProgramData\WPM

2014-02-01 14:31 - 2014-02-22 19:40 - 00000000 ____D () C:\ProgramData\IePluginService

2014-02-01 14:31 - 2014-02-10 21:46 - 00000000 ____D () C:\Program Files\Registry Dr

2014-02-01 14:29 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\SwvUpdater

2014-01-26 21:10 - 2014-01-26 21:10 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-01-26 21:08 - 2014-01-26 21:10 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-01-26 21:08 - 2014-01-26 21:10 - 00000000 ____D () C:\Program Files\iTunes

2014-01-26 21:08 - 2014-01-26 21:08 - 00000000 ____D () C:\Program Files\iPod

 

==================== One Month Modified Files and Folders =======

 

2014-02-24 00:50 - 2014-02-22 20:16 - 00029679 _____ () C:\Users\hästflickan\Desktop\FRST.txt

2014-02-24 00:49 - 2014-02-22 20:16 - 00000000 ____D () C:\FRST

2014-02-24 00:48 - 2014-02-24 00:48 - 01144320 _____ (Farbar) C:\Users\hästflickan\Desktop\FRST (1).exe

2014-02-24 00:43 - 2014-02-24 00:40 - 00000000 ____D () C:\AdwCleaner

2014-02-24 00:39 - 2014-02-24 00:39 - 01241834 _____ () C:\Users\hästflickan\Desktop\adwcleaner.exe

2014-02-24 00:37 - 2014-02-24 00:37 - 00009602 _____ () C:\Users\hästflickan\Desktop\sc-cleaner.txt

2014-02-24 00:33 - 2014-02-24 00:33 - 00009602 _____ () C:\sc-cleaner.txt

2014-02-24 00:33 - 2010-09-16 21:30 - 00001962 _____ () C:\Users\hästflickan\Desktop\Google Chrome.lnk

2014-02-24 00:33 - 2010-09-16 20:30 - 00001726 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-24 00:33 - 2010-09-11 16:14 - 00000951 _____ () C:\Users\hästflickan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-24 00:33 - 2010-09-11 16:12 - 00001783 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk

2014-02-24 00:31 - 2010-09-17 17:47 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-24 00:30 - 2010-09-16 21:29 - 00001028 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2494588292-394669857-3107600210-1000UA.job

2014-02-24 00:29 - 2014-02-24 00:29 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\hästflickan\Desktop\sc-cleaner.exe

2014-02-24 00:13 - 2006-11-02 13:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-24 00:13 - 2006-11-02 13:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-24 00:10 - 2014-02-01 14:34 - 00000000 ____D () C:\Users\hästflickan\AppData\Roaming\newnext.me

2014-02-24 00:10 - 2014-02-01 14:34 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\genienext

2014-02-24 00:10 - 2014-02-01 14:31 - 00000000 ____D () C:\Program Files\SupTab

2014-02-24 00:10 - 2014-02-01 14:29 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\SwvUpdater

2014-02-24 00:06 - 2010-09-03 14:09 - 01784939 _____ () C:\Windows\WindowsUpdate.log

2014-02-23 22:37 - 2010-11-26 19:38 - 00000000 ____D () C:\ProgramData\MFAData

2014-02-23 19:31 - 2014-02-23 19:31 - 00000000 ____D () C:\Users\hästflickan\AppData\Roaming\Malwarebytes

2014-02-23 19:30 - 2014-02-23 19:30 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-23 19:30 - 2014-02-23 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-23 19:30 - 2014-02-23 19:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware

2014-02-23 19:30 - 2010-09-17 17:47 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-23 19:29 - 2010-09-16 21:29 - 00000976 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2494588292-394669857-3107600210-1000Core.job

2014-02-23 19:27 - 2010-09-16 20:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 ____D () C:\Program Files\MediaViewerV1

2014-02-23 18:11 - 2010-09-11 16:18 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml

2014-02-23 18:11 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-22 23:27 - 2006-11-02 13:58 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-22 20:22 - 2014-02-22 20:17 - 00032437 _____ () C:\Users\hästflickan\Desktop\Addition.txt

2014-02-22 20:17 - 2014-02-22 20:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\hästflickan\Desktop\mbam-setup-1.75.0.1300.exe

2014-02-22 20:15 - 2014-02-22 20:15 - 01142784 _____ (Farbar) C:\Users\hästflickan\Desktop\FRST.exe

2014-02-22 19:40 - 2014-02-01 14:31 - 00000000 ____D () C:\ProgramData\WPM

2014-02-22 19:40 - 2014-02-01 14:31 - 00000000 ____D () C:\ProgramData\IePluginService

2014-02-22 18:54 - 2012-12-19 00:12 - 00000000 ____D () C:\Program Files\AVG Secure Search

2014-02-20 21:16 - 2014-02-20 21:16 - 00000254 __RSH () C:\ProgramData\ntuser.pol

2014-02-20 21:16 - 2014-02-20 21:16 - 00000000 ____D () C:\Program Files\MediaPlayerV1

2014-02-20 21:16 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-02-20 18:38 - 2014-01-09 23:28 - 00000000 ____D () C:\Users\hästflickan\Documents\HKR sociala medier 2014

2014-02-18 21:48 - 2013-08-18 16:59 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-18 21:32 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-02-16 22:07 - 2008-01-21 07:18 - 01420744 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-16 22:07 - 2008-01-21 07:18 - 00606582 _____ () C:\Windows\system32\perfh01D.dat

2014-02-16 22:07 - 2008-01-21 07:18 - 00120694 _____ () C:\Windows\system32\perfc01D.dat

2014-02-16 22:05 - 2006-11-02 13:49 - 00118151 _____ () C:\Windows\setupact.log

2014-02-16 21:41 - 2008-01-21 04:02 - 00256044 _____ () C:\Windows\PFRO.log

2014-02-10 21:46 - 2014-02-01 14:32 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin

2014-02-10 21:46 - 2014-02-01 14:31 - 00000000 ____D () C:\Program Files\Registry Dr

2014-02-08 11:07 - 2014-02-01 21:05 - 00000000 ____D () C:\Users\hästflickan\Documents\RegistryDr

2014-02-06 22:42 - 2012-12-19 00:14 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\AVG Secure Search

2014-02-03 23:09 - 2012-05-29 21:08 - 00000000 ____D () C:\Users\hästflickan\AppData\Roaming\uTorrent

2014-02-03 22:15 - 2010-09-16 21:22 - 00000000 ____D () C:\Users\hästflickan\AppData\Roaming\FileZilla

2014-02-02 00:57 - 2013-03-23 17:28 - 00000000 ____D () C:\Users\hästflickan\Documents\REAPER Media

2014-02-01 14:40 - 2014-02-01 14:34 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\Mobogenie

2014-02-01 14:40 - 2014-02-01 14:32 - 00000000 ____D () C:\Program Files\Mobogenie

2014-02-01 14:37 - 2014-02-01 14:37 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\RegistryDR

2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\cache

2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 ____D () C:\Users\hästflickan\.android

2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 _____ () C:\Users\hästflickan\daemonprocess.txt

2014-02-01 14:34 - 2010-09-11 16:10 - 00000000 ____D () C:\Users\hästflickan

2014-01-26 21:30 - 2010-09-12 11:48 - 00000000 ____D () C:\Users\hästflickan\AppData\Roaming\Spotify

2014-01-26 21:10 - 2014-01-26 21:10 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-01-26 21:10 - 2014-01-26 21:08 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-01-26 21:10 - 2014-01-26 21:08 - 00000000 ____D () C:\Program Files\iTunes

2014-01-26 21:08 - 2014-01-26 21:08 - 00000000 ____D () C:\Program Files\iPod

2014-01-26 21:08 - 2011-08-15 22:56 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-01-26 20:56 - 2011-02-17 22:46 - 00000000 ____D () C:\ProgramData\Apple

2014-01-26 20:21 - 2013-03-27 22:52 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\Spotify

 

Files to move or delete:

====================

C:\Users\hästflickan\setupessentialsc2rolw.exe

 

 

Some content of TEMP:

====================

C:\Users\hästflickan\AppData\Local\Temp\AZ_538587146183546107.exe

C:\Users\hästflickan\AppData\Local\Temp\AZ_6104348156712691186.exe

C:\Users\hästflickan\AppData\Local\Temp\DataCard_Setup.exe

C:\Users\hästflickan\AppData\Local\Temp\GLFF7FD.tmp.ConduitEngineSetup.exe

C:\Users\hästflickan\AppData\Local\Temp\GUR4614.exe

C:\Users\hästflickan\AppData\Local\Temp\GUR5733.exe

C:\Users\hästflickan\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe

C:\Users\hästflickan\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

C:\Users\hästflickan\AppData\Local\Temp\MobileCM.exe

C:\Users\hästflickan\AppData\Local\Temp\msgDB43.exe

C:\Users\hästflickan\AppData\Local\Temp\Quarantine.exe

C:\Users\hästflickan\AppData\Local\Temp\ResetDevice.exe

C:\Users\hästflickan\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\hästflickan\AppData\Local\Temp\SkypeSetup.exe

C:\Users\hästflickan\AppData\Local\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe

C:\Users\hästflickan\AppData\Local\Temp\SkypeSetupFull(6.3.73.105)(Trackable457)trackable.exe

C:\Users\hästflickan\AppData\Local\Temp\SpotifyUpgrader.exe

C:\Users\hästflickan\AppData\Local\Temp\SyncrosoftLicenseControlSetup.exe

C:\Users\hästflickan\AppData\Local\Temp\utt8DD1.tmp.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-23 18:22

 

==================== End Of Log ============================

Addition.txt

[elin747]

Puh, det var allt enligt dina tydliga instruktioner. Är det fixat nu eller är det mer som måste göras?

[Cecilia]

Ja, det återstår en del innan allt olämpligt är borta från datorn.

 

1. Avinstallera:

Conduit pga http://www.systemlookup.com/CLSID/70651-ConduitEngin_dll_ConduitEngine_dll_ConduitEngin0_dll_ConduitEngin1_dll_prxConduitEngin_dll_prxConduitEngine_dll_prxConduitEngin0_dll_prxConduitEngin1_dll_prxConduitEngin2_dll_ldrConduitEngine_dll_Local_DLL.html

Software Version Updater

ToggleSW Toolbar http://www.systemlookup.com/CLSID/58315-tbTogg_dll_tbTog0_dll_tbTog1_dll_tbTog2_dll_prxtbTogg_dll_prxtbTog0_dll_prxtbTog1_dll_prxtbTog2_dll_prxtbTog3_dll.html

uTorrentControl2 Toolbar http://www.systemlookup.com/CLSID/74052-tbuTor_dll_tbuTo0_dll_tbuTo1_dll_tbuTo2_dll_prxtbuTor_dll_prxtbuTo0_dll_prxtbuTo1_dll_prxtbuTo2_dll_prxtbuTo3_dll.html

Media Player

 

samt

Java™ 6 Update 18
Java™ 6 Update 37

Eftersom det är gamla programversioner med många kända säkerhetshål som gör det lätt att infektera datorn från en webbsida.
 

Starta om datorn.

 

2. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt

 

3. Kör FRST igen och klistra in den nya FRST.txt så får vi se vad som återstår att ta bort.

[elin747]

Hej!

Det gick inte så bra, datorn hängde sig när jag körde Adware. Hittade heller inte alla filerna för avinstallering, men kanske har det funkat ändå?

 

Och förresten, tusen tack. Hade aldrig fixat detta själv!

AdwCleanerS0.txt

FRST_24-02-2014_20-17-03.txt

[Cecilia]

Hej!

 

Bara trevligt att hjälpa till men än är det inte klart.

 

Om du inte har startat om datorn sedan du körde AdwCleaner så gör det.

 

Stäng alla program, inklusive webbläsare.

Kör AdwCleaner igen och klicka på Clean-knappen så kanske den kan städa bort lite till. Bifoga den nya rapporten.

[elin747]

Startade om datorn (windows ville uppdatera en massa saker, vet inte om det har med detta att göra...) och körde adware. Den hittade inget. Klickade på clean ändå, då ställer den sig bara på "svarar inte". Testade flera gånger men fastnar där. Bifogar rapport men ser tom ut.

AdwCleanerS3.txt

[Cecilia]

Okej, då rensar vi en del med FRST.

 

Starta Anteckningar.

Kopiera alla rader i rutan:

HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391261408&from=amt&uid=HitachiXHTS543216L9A300_090603FB22005CC6NS3AX&q={searchTerms}
URLSearchHook: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File
URLSearchHook: HKCU - (No Name) - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} -  No File
URLSearchHook: HKCU - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2088752
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=fY5oenZOkF-42sf_QqYLMH_Baiw?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2088752
BHO: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Media Viewer - {e796ec04-d666-4092-9fd4-3ef679de178c} - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ie\MediaViewerV1alpha623.dll ()
Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} -  No File
Toolbar: HKCU - uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
FF user.js: detected! => C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\user.js
FF DefaultSearchEngine: awesomehp
FF Extension: uTorrentControl2 Community Toolbar - C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012-05-29]
FF Extension: ToggleSW Toolbar - C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa} [2010-10-11]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha623.net] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ff
FF Extension: Media Viewer - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ff [2014-02-23]
S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
2014-02-01 14:37 - 2014-02-01 14:37 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\RegistryDR
2014-02-01 14:34 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\hästflickan\AppData\Roaming\newnext.me
2014-02-01 14:34 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\genienext
2014-02-01 14:34 - 2014-02-01 14:40 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\Mobogenie
2014-02-01 14:31 - 2014-02-10 21:46 - 00000000 ____D () C:\Program Files\Registry Dr
2014-02-01 14:29 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\SwvUpdater
2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 ____D () C:\Program Files\MediaViewerV1
2014-02-08 11:07 - 2014-02-01 21:05 - 00000000 ____D () C:\Users\hästflickan\Documents\RegistryDr

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

[elin747]

Här kommer fixlog! Startar om datorn, som den säger. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-02-2014 02

Ran by hästflickan at 2014-02-24 23:07:05 Run:1

Running from C:\Users\hästflickan\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391261408&from=amt&uid=HitachiXHTS543216L9A300_090603FB22005CC6NS3AX&q={searchTerms}

URLSearchHook: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File

URLSearchHook: HKCU - (No Name) - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} -  No File

URLSearchHook: HKCU - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2088752

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=fY5oenZOkF-42sf_QqYLMH_Baiw?q={searchTerms}

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2088752

BHO: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File

BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Media Viewer - {e796ec04-d666-4092-9fd4-3ef679de178c} - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ie\MediaViewerV1alpha623.dll ()

Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File

Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKCU - No Name - {6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} -  No File

Toolbar: HKCU - uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File

FF user.js: detected! => C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\user.js

FF DefaultSearchEngine: awesomehp

FF Extension: uTorrentControl2 Community Toolbar - C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012-05-29]

FF Extension: ToggleSW Toolbar - C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa} [2010-10-11]

FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha623.net] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ff

FF Extension: Media Viewer - C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ff [2014-02-23]

S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]

S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]

S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]

S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]

2014-02-01 14:37 - 2014-02-01 14:37 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\RegistryDR

2014-02-01 14:34 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\hästflickan\AppData\Roaming\newnext.me

2014-02-01 14:34 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\genienext

2014-02-01 14:34 - 2014-02-01 14:40 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\Mobogenie

2014-02-01 14:31 - 2014-02-10 21:46 - 00000000 ____D () C:\Program Files\Registry Dr

2014-02-01 14:29 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\hästflickan\AppData\Local\SwvUpdater

2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 ____D () C:\Program Files\MediaViewerV1

2014-02-08 11:07 - 2014-02-01 21:05 - 00000000 ____D () C:\Users\hästflickan\Documents\RegistryDr

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => Value deleted successfully.

HKCR\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03} => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa} => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => Value deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03} => Key deleted successfully.

HKCR\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.

HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0} => Key deleted successfully.

HKCR\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e796ec04-d666-4092-9fd4-3ef679de178c} => Key deleted successfully.

HKCR\CLSID\{e796ec04-d666-4092-9fd4-3ef679de178c} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} => Value deleted successfully.

HKCR\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.

HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} => Value deleted successfully.

HKCR\CLSID\{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} => Value deleted successfully.

HKCR\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} => Key not found.

HKCR\PROTOCOLS\Handler\msnim => Key deleted successfully.

HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key deleted successfully.

C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\user.js => Moved successfully.

Firefox DefaultSearchEngine deleted successfully.

C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} => Moved successfully.

C:\Users\hästflickan\AppData\Roaming\Mozilla\Firefox\Profiles\m6j50osp.default\Extensions\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa} => Moved successfully.

HKLM\Software\Mozilla\Firefox\Extensions\\ext@MediaViewerV1alpha623.net => Value deleted successfully.

C:\Program Files\MediaViewerV1\MediaViewerV1alpha623\ff => Moved successfully.

Norton Internet Security => Service deleted successfully.

NAVENG => Service deleted successfully.

NAVEX15 => Service deleted successfully.

SRTSP => Service deleted successfully.

SRTSPX => Service deleted successfully.

C:\Users\hästflickan\AppData\Local\RegistryDR => Moved successfully.

C:\Users\hästflickan\AppData\Roaming\newnext.me => Moved successfully.

C:\Users\hästflickan\AppData\Local\genienext => Moved successfully.

C:\Users\hästflickan\AppData\Local\Mobogenie => Moved successfully.

C:\Program Files\Registry Dr => Moved successfully.

C:\Users\hästflickan\AppData\Local\SwvUpdater => Moved successfully.

C:\Program Files\MediaViewerV1 => Moved successfully.

C:\Users\hästflickan\Documents\RegistryDr => Moved successfully.

 

 

The system needs a manual reboot. 

 

==== End of Fixlog ====

[Cecilia]

Bra!

 

Hur mycket är kvar av awesomehp nu efter omstarten av datorn?

 

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar klicka på List of threats found, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

[elin747]

där hittades en del, ja...

 

C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\uTorrentControl2\ldrtbuTor.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\uTorrentControl2\prxtbuTor.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\uTorrentControl2\tbuTor.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\uTorrentControl2\uTorrentControl2ToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application

C:\FRST\Quarantine\MediaViewerV124-02-2014_23-07-13\MediaViewerV1alpha623\ie\MediaViewerV1alpha623.dll a variant of Win32/AdWare.BetterSurf.C application

C:\FRST\Quarantine\Mobogenie24-02-2014_23-07-08\Version\NewVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application

C:\FRST\Quarantine\Mobogenie24-02-2014_23-07-08\Version\NewVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application

C:\FRST\Quarantine\Mobogenie24-02-2014_23-07-08\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application

C:\Program Files\REAPER\Plugins\CVPiano\CVPiano-GVI-Modeled_Setup.exe Win32/PrcView potentially unsafe application

C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.26.7.519_0\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application

C:\Users\hästflickan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\16CBBA1E\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application

C:\Users\hästflickan\AppData\Local\Temp\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Users\hästflickan\AppData\Local\Temp\tbTogg.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Users\hästflickan\AppData\Local\Temp\utt8DD1.tmp.exe a variant of Win32/Toolbar.Conduit potentially unwanted application

C:\Users\hästflickan\AppData\Local\Temp\fullpackage_temp1391261366\tmp\wpm.exe a variant of Win32/ELEX.Y potentially unwanted application

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTo0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTo1.dll Win32/Toolbar.Conduit.Y potentially unwanted application

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application

[Cecilia]

Den första hälften är filer som ligger i AdwCleaners resp. FRSTs karantäner och är därför redan oskadliggjorda.

 

C:\Program Files\REAPER\Plugins\CVPiano\CVPiano-GVI-Modeled_Setup.exe Win32/PrcView potentially unsafe application

Detta program tittar på vad för program (processer) som körs i datorn. Det kan vara osäkert beroende på vad syftet är. Känner du till det programmet?

 

Övriga låter vi FRST ta bort.

Starta Anteckningar.

Kopiera alla rader i rutan:

C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.26.7.519_0\APISupport\APISupport.dll 
C:\Users\hästflickan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\16CBBA1E\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi 
C:\Users\hästflickan\AppData\Local\Temp\ConduitEngine.dll 
C:\Users\hästflickan\AppData\Local\Temp\tbTogg.dll 
C:\Users\hästflickan\AppData\Local\Temp\utt8DD1.tmp.exe 
C:\Users\hästflickan\AppData\Local\Temp\fullpackage_temp1391261366\tmp\wpm.exe 
C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\ldrtbuTo0.dll 
C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll 
C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTo0.dll 
C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTo1.dll 
C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTor.dll 
C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

 

Fungerar allt bra nu?

Har du några frågor innan du får instruktionerna för att bort specialprogrammen?

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

[elin747]

Hej!

 

Datorn verkar fungera bra nu, inga konstiga grejer kvar när jag använder internet etc! Filen med Reaper och CV-Piano är till ett musikstudioprogram och en pianoplugin, så det använder jag. Varför den behöver se datorn processer är dock oklart.

 

Jag gjorde en frst enligt dina instruktioner, med följande log. Ser det OK ut?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-02-2014 02

Ran by hästflickan at 2014-02-25 21:21:01 Run:2

Running from C:\Users\hästflickan\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.26.7.519_0\APISupport\APISupport.dll 

C:\Users\hästflickan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\16CBBA1E\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi 

C:\Users\hästflickan\AppData\Local\Temp\ConduitEngine.dll 

C:\Users\hästflickan\AppData\Local\Temp\tbTogg.dll 

C:\Users\hästflickan\AppData\Local\Temp\utt8DD1.tmp.exe 

C:\Users\hästflickan\AppData\Local\Temp\fullpackage_temp1391261366\tmp\wpm.exe 

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\ldrtbuTo0.dll 

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll 

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTo0.dll 

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTo1.dll 

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTor.dll 

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll

*****************

 

C:\Users\hästflickan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.26.7.519_0\APISupport\APISupport.dll => Moved successfully.

C:\Users\hästflickan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\16CBBA1E\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi => Moved successfully.

C:\Users\hästflickan\AppData\Local\Temp\ConduitEngine.dll => Moved successfully.

C:\Users\hästflickan\AppData\Local\Temp\tbTogg.dll => Moved successfully.

C:\Users\hästflickan\AppData\Local\Temp\utt8DD1.tmp.exe => Moved successfully.

C:\Users\hästflickan\AppData\Local\Temp\fullpackage_temp1391261366\tmp\wpm.exe => Moved successfully.

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\ldrtbuTo0.dll => Moved successfully.

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll => Moved successfully.

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTo0.dll => Moved successfully.

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTo1.dll => Moved successfully.

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\tbuTor.dll => Moved successfully.

C:\Users\hästflickan\AppData\LocalLow\uTorrentControl2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll => Moved successfully.

 

==== End of Fixlog ====

[Cecilia]

Utmärkt!

 

Några fler frågor innan jag skriver hur du ska avinstallera specialprogrammen?

 

Du har en gammal version av AVG och det är viktigt att alltid ha den senaste versionen eftersom varje ny version innehåller nya och förbättrade funktioner för att upptäcka och ta bort de senaste typerna av skadliga program. Avinstallera den AVG du har, kör AVG Remover som finns på sidan http://www.avg.com/us-en/utilities och starta om datorn innan du installerar senaste AVG: http://www.avg.com/us-en/free-antivirus-download

[elin747]

Hej!

 

Ljuvligt, då ska datorn vara i sitt best mode nu Allt verkar funka, så jag har inga frågor. Har uppdaterat AVG enligt dina instruktioner, tack för tipset!

[Cecilia]

Hej!

 

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.
Klicka på Uninstall-knappen.

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort (släng i papperskorgen) ShortcutCleaner och eventuella loggar.

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/
Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

[elin747]

Hej!

Tack för tips och all hjälp. Verkar som att allt är fixat nu. Du är en superhjälte på nätet, verkligen! Hoppas att slippa höra av mig pga problem igen, men om jag behöver så är det ljuvligt att det finns sådana som du!

 

Elin

[Cecilia]

Tack själv för fina ord

[elin747]

Allt fixat enligt dina instruktioner och det verkar fungera väl.

 

Tusen tack för all hjälp, du är en superhjälte på nätet! Hade aldrig fixat på egen hand.