Just nu i M3-nätverket
Gå till innehåll

Oönskad reklam


gest

Rekommendera Poster

Jag har fått in något slags reklamprogram i min stationära dator med Windows 8.1.  Det poppar upp störande reklam på webbsidor i Firefox och startsidan i Firefox är ibland utbytt.

Vad gör jag för att ta bort dessa störningar i datorn och hur ska jag slippa få dem i fortsättningen?

Länk till kommentar
Dela på andra webbplatser

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Gunvor (ATTENTION: The logged in user is not administrator) on AXEL2014 on 18-12-2014 22:05:17
Running from C:\Users\Gunvor\Downloads
Loaded Profile: Gunvor (Available profiles: Gunvor & GSadmin)
Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.expext.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
() C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\AsusWSPanel.exe
(Pay By Ads LTD) C:\Users\Gunvor\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe
() C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-26] (Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe [63296 2014-07-17] ()
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [sCX3200_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX3200\Scan2pc.exe [1990144 2011-06-21] ()
HKLM-x32\...\Run: [3200 Scan2PC] => C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [1990144 2011-06-21] ()
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [271872 2014-04-06] (Microsoft Corporation)
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\...\Run: [Yahoo! Search] => C:\Users\Gunvor\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe [533352 2014-11-09] (Pay By Ads LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\GSadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [s-1-5-21-1672374610-391447305-1045834109-1002] => file://C:\Program Files (x86)\AdvanceElite\bin\Pac8807.js
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_vit_14_39_ie&cd=2XzuyEtN2Y1L1QzuyDyEtByBtC0E0AyEyEyB0C0DtD0A0B0FtN0D0Tzu0SzyzyzztN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyCyB0DtDtAzyyBtG0A0EtC0EtGzzyB0EyBtG0A0DyCyDtGtBtD0AzzyD0Bzy0EzzyC0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0Ezz0DtA0CyCtBtG0AyB0B0AtGyEyDtAyDtGzytAyCtAtG0CyCyDyEzytAtCtAyCyD0Czy2Q&cr=921263652&ir=
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: AdvanceElite 1.0.0.5 -> {3b2cb4c8-72ab-4b25-8fa1-219b36a60bed} -> C:\Program Files (x86)\AdvanceElite\AdvanceEliteBHO.dll (AdvanceElite)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Gunvor\AppData\Roaming\Mozilla\Firefox\Profiles\fjcpr2yq.default
FF NewTab: hxxp://rts.dsrlte.com/?m=tab&affID=na
FF Homepage: https://www.google.se/
FF Keyword.URL: hxxp://rts.dsrlte.com/?q=
FF NetworkProxy: "type", 0
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Gunvor\AppData\Roaming\Mozilla\Firefox\Profiles\fjcpr2yq.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-09-10] (Just Develop It) <==== ATTENTION
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 MaintainerSvc1.20.7247763; C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe [123632 2014-12-18] ()
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Update AdvanceElite; C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [519408 2014-12-18] ()
R2 Util AdvanceElite; C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [519408 2014-12-18] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )
S3 Tdsshbecr; C:\Windows\system32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 {00aec75d-051f-41a9-9837-e94ac4f56303}Gw64; C:\Windows\System32\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64; C:\Windows\System32\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64.sys [48784 2014-10-17] (StdLib)
R1 {10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64; C:\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys [48832 2014-11-06] (StdLib)
R1 {1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64; C:\Windows\System32\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys [48784 2014-10-13] (StdLib)
R1 {255a824a-3cde-4dee-9785-284605606456}Gw64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys [48832 2014-10-28] (StdLib)
R1 {324e1577-96d7-407f-b1ce-1c9f8b33dad4}Gw64; C:\Windows\System32\drivers\{324e1577-96d7-407f-b1ce-1c9f8b33dad4}Gw64.sys [48784 2014-10-16] (StdLib)
R1 {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64; C:\Windows\System32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys [48784 2014-10-11] (StdLib)
R1 {336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64; C:\Windows\System32\drivers\{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys [48784 2014-10-11] (StdLib)
R1 {3b808196-ff63-49ee-b33b-efdf51723eca}Gw64; C:\Windows\System32\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys [48784 2014-10-13] (StdLib)
R1 {3cac76e7-8310-45ea-8277-96d048a78c60}w64; C:\Windows\System32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}w64.sys [48784 2014-11-27] (StdLib)
R1 {3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64; C:\Windows\System32\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys [48784 2014-10-17] (StdLib)
R1 {4530e639-76ab-4435-889d-a5e81ae090a4}Gw64; C:\Windows\System32\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {4c1b1795-a87a-4fc2-ac54-edcc060e26fa}w64; C:\Windows\System32\drivers\{4c1b1795-a87a-4fc2-ac54-edcc060e26fa}w64.sys [48784 2014-12-01] (StdLib)
R1 {51b9c91c-8e38-40ae-80de-58a590512b6b}w64; C:\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}w64.sys [48784 2014-11-22] (StdLib)
R1 {5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64; C:\Windows\System32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys [48784 2014-10-17] (StdLib)
R1 {67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64; C:\Windows\System32\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64; C:\Windows\System32\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys [48784 2014-10-19] (StdLib)
R1 {733fb217-c049-41ba-9504-3f2045e61977}Gw64; C:\Windows\System32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [48784 2014-10-21] (StdLib)
R1 {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64; C:\Windows\System32\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys [48784 2014-10-11] (StdLib)
R1 {8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}Gw64; C:\Windows\System32\drivers\{8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}Gw64.sys [48784 2014-10-12] (StdLib)
R1 {949aba83-1d7f-4d0b-b0ba-203450825231}Gw64; C:\Windows\System32\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {94d62e35-4b43-494c-bf52-ba5935df36ef}w64; C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys [48784 2014-12-01] (StdLib)
R1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys [48784 2014-10-26] (StdLib)
R1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [48784 2014-09-24] (StdLib)
R1 {bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64; C:\Windows\System32\drivers\{bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64.sys [48784 2014-11-30] (StdLib)
R1 {c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64; C:\Windows\System32\drivers\{c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64.sys [48784 2014-10-10] (StdLib)
R1 {cd4cbede-8308-4d72-9759-e1140c7c6eb5}w64; C:\Windows\System32\drivers\{cd4cbede-8308-4d72-9759-e1140c7c6eb5}w64.sys [48784 2014-11-30] (StdLib)
R1 {d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}Gw64; C:\Windows\System32\drivers\{d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}Gw64.sys [48784 2014-10-14] (StdLib)
R1 {d997fcb4-42b4-4f84-a147-2e498567c954}w64; C:\Windows\System32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}w64.sys [48784 2014-11-28] (StdLib)
R1 {dc592624-f532-4311-9fc7-6920126fc404}Gw64; C:\Windows\System32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64; C:\Windows\System32\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys [48784 2014-10-12] (StdLib)
R1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64; C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64; C:\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys [48832 2014-11-04] (StdLib)
R1 {fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64; C:\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys [48832 2014-11-01] (StdLib)
R1 {fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64; C:\Windows\System32\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys [48784 2014-10-18] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 22:05 - 2014-12-18 22:05 - 00018777 _____ () C:\Users\Gunvor\Downloads\FRST.txt
2014-12-18 22:05 - 2014-12-18 22:05 - 00000000 ____D () C:\FRST
2014-12-18 21:39 - 2014-12-18 21:39 - 02121216 _____ (Farbar) C:\Users\Gunvor\Downloads\FRST64.exe
2014-12-16 16:17 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 16:17 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-10 15:53 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 15:53 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 15:53 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 15:53 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 15:50 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 15:50 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 15:50 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 15:50 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 15:50 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 15:50 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 15:50 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 15:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 15:50 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 15:50 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 15:50 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 15:50 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 15:50 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 15:50 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 15:50 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 15:50 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 15:50 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 15:50 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 15:50 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 15:50 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 15:50 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 15:50 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 15:50 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 15:50 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 15:50 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 15:50 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 15:50 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 15:50 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 15:50 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 15:50 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 15:50 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 15:50 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 15:50 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 15:50 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 15:50 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 15:50 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 15:50 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 15:50 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 15:50 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 15:50 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 15:50 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 15:50 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 15:50 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 15:50 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 15:50 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 15:50 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 15:50 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-02 10:54 - 2014-12-01 17:43 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys
2014-12-01 16:33 - 2014-12-01 04:36 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{4c1b1795-a87a-4fc2-ac54-edcc060e26fa}w64.sys
2014-12-01 12:29 - 2014-11-30 15:33 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{cd4cbede-8308-4d72-9759-e1140c7c6eb5}w64.sys
2014-11-30 15:02 - 2014-11-30 02:34 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64.sys
2014-11-28 21:43 - 2014-11-28 11:39 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}w64.sys
2014-11-28 00:07 - 2014-11-27 09:35 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}w64.sys
2014-11-23 15:45 - 2014-11-22 21:25 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}w64.sys
2014-11-19 13:12 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:12 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:12 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:12 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-18 21:53 - 2014-10-28 17:34 - 00000000 ____D () C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
2014-12-18 21:34 - 2014-09-24 21:16 - 00000000 ____D () C:\Program Files (x86)\AdvanceElite
2014-12-18 21:16 - 2014-09-24 21:16 - 00000318 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-12-18 21:10 - 2014-04-09 17:27 - 01925694 _____ () C:\Windows\WindowsUpdate.log
2014-12-18 19:49 - 2014-06-21 14:12 - 00000000 ____D () C:\Users\Gunvor\AppData\Local\Thunderbird
2014-12-18 19:46 - 2014-06-18 03:34 - 00722724 _____ () C:\Users\Gunvor\AppData\Local\BTServer.log
2014-12-18 18:07 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini
2014-12-18 14:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-18 14:07 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-14 13:32 - 2013-12-14 11:25 - 01740478 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 13:32 - 2013-09-14 00:32 - 00732588 _____ () C:\Windows\system32\perfh01D.dat
2014-12-14 13:32 - 2013-09-14 00:32 - 00151960 _____ () C:\Windows\system32\perfc01D.dat
2014-12-14 13:29 - 2014-08-17 12:41 - 00000000 ____D () C:\Users\GSadmin
2014-12-14 13:27 - 2013-12-14 11:43 - 00000025 ___SH () C:\Windows\SysWOW64\ReadTag.ini
2014-12-14 13:26 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 23:04 - 2014-06-18 03:34 - 00000000 ____D () C:\Users\Gunvor
2014-12-12 21:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 23:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 16:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 16:10 - 2014-06-18 06:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 16:09 - 2014-06-18 06:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-26 22:10 - 2014-08-20 22:30 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-08-20 22:30 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-18 14:42 - 2013-12-14 11:12 - 00047434 _____ () C:\Windows\PFRO.log

Some content of TEMP:
====================
C:\Users\GSadmin\AppData\Local\Temp\CloudBackup3456.exe
C:\Users\GSadmin\AppData\Local\Temp\_is260B.exe
C:\Users\Gunvor\AppData\Local\Temp\setup.exe
C:\Users\Gunvor\AppData\Local\Temp\_is43D9.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================

Addition.txt

Länk till kommentar
Dela på andra webbplatser

1. För att kunna rensa datorn måste du vara inloggad som administratör så byt till det andra kontot.

 

2. Avinstallera följande på vanligt sätt (om det går):

MyPC Backup

WSE_Astromend

Yahoo! Search

 

 

3. Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på Report-knappen.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

Länk till kommentar
Dela på andra webbplatser

Jag avinstallerade de tre programmen, men jag kunde inte ladda ner AdwCleaner på min dator utan fick använda en annan dator. Scan gav följande Report:

 

# AdwCleaner v4.105 - Report created 19/12/2014 at 17:46:47
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : GSadmin - AXEL2014
# Running from : C:\Users\Gunvor\Desktop\adwcleaner_4.105.exe
# Option : Scan

***** [ Services ] *****

Service Found : MaintainerSvc1.20.7247763
Service Found : Update AdvanceElite
Service Found : Update AdvanceElite
Service Found : Util AdvanceElite
Service Found : {00aec75d-051f-41a9-9837-e94ac4f56303}Gw64
Service Found : {02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64
Service Found : {10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64
Service Found : {1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64
Service Found : {255a824a-3cde-4dee-9785-284605606456}Gw64
Service Found : {324e1577-96d7-407f-b1ce-1c9f8b33dad4}Gw64
Service Found : {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64
Service Found : {336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64
Service Found : {3b808196-ff63-49ee-b33b-efdf51723eca}Gw64
Service Found : {3cac76e7-8310-45ea-8277-96d048a78c60}w64
Service Found : {3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64
Service Found : {4530e639-76ab-4435-889d-a5e81ae090a4}Gw64
Service Found : {4c1b1795-a87a-4fc2-ac54-edcc060e26fa}w64
Service Found : {51b9c91c-8e38-40ae-80de-58a590512b6b}w64
Service Found : {5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64
Service Found : {67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64
Service Found : {6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64
Service Found : {733fb217-c049-41ba-9504-3f2045e61977}Gw64
Service Found : {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64
Service Found : {8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}Gw64
Service Found : {949aba83-1d7f-4d0b-b0ba-203450825231}Gw64
Service Found : {94d62e35-4b43-494c-bf52-ba5935df36ef}w64
Service Found : {b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64
Service Found : {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64
Service Found : {bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64
Service Found : {c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64
Service Found : {cd4cbede-8308-4d72-9759-e1140c7c6eb5}w64
Service Found : {d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}Gw64
Service Found : {d997fcb4-42b4-4f84-a147-2e498567c954}w64
Service Found : {dc592624-f532-4311-9fc7-6920126fc404}Gw64
Service Found : {e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64
Service Found : {f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64
Service Found : {f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64
Service Found : {fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64
Service Found : {fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64

***** [ Files / Folders ] *****

File Found : C:\Users\Gunvor\AppData\Roaming\Mozilla\Firefox\Profiles\fjcpr2yq.default\searchplugins\dsrlte.xml
File Found : C:\Users\Gunvor\AppData\Roaming\Mozilla\Firefox\Profiles\fjcpr2yq.default\user.js
File Found : C:\Windows\System32\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys
File Found : C:\Windows\System32\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64.sys
File Found : C:\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys
File Found : C:\Windows\System32\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys
File Found : C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys
File Found : C:\Windows\System32\drivers\{324e1577-96d7-407f-b1ce-1c9f8b33dad4}Gw64.sys
File Found : C:\Windows\System32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys
File Found : C:\Windows\System32\drivers\{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys
File Found : C:\Windows\System32\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys
File Found : C:\Windows\System32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}w64.sys
File Found : C:\Windows\System32\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys
File Found : C:\Windows\System32\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys
File Found : C:\Windows\System32\drivers\{4c1b1795-a87a-4fc2-ac54-edcc060e26fa}w64.sys
File Found : C:\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}w64.sys
File Found : C:\Windows\System32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys
File Found : C:\Windows\System32\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys
File Found : C:\Windows\System32\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys
File Found : C:\Windows\System32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys
File Found : C:\Windows\System32\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys
File Found : C:\Windows\System32\drivers\{8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}Gw64.sys
File Found : C:\Windows\System32\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys
File Found : C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys
File Found : C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys
File Found : C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys
File Found : C:\Windows\System32\drivers\{bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64.sys
File Found : C:\Windows\System32\drivers\{c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64.sys
File Found : C:\Windows\System32\drivers\{cd4cbede-8308-4d72-9759-e1140c7c6eb5}w64.sys
File Found : C:\Windows\System32\drivers\{d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}Gw64.sys
File Found : C:\Windows\System32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}w64.sys
File Found : C:\Windows\System32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys
File Found : C:\Windows\System32\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys
File Found : C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys
File Found : C:\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys
File Found : C:\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys
File Found : C:\Windows\System32\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\AdvanceElite
Folder Found : C:\Program Files (x86)\AdvanceElite
Folder Found : C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
Folder Found : C:\Users\GSadmin\AppData\Local\Temp\AdvanceElite
Folder Found : C:\Users\GSadmin\AppData\Local\Temp\AdvanceElite
Folder Found : C:\Users\GSadmin\AppData\Roaming\0V1L2Z2Z1T1I1L1T
Folder Found : C:\Users\GSadmin\AppData\Roaming\Systweak
Folder Found : C:\Users\Gunvor\AppData\Local\pay-by-ads

***** [ Scheduled Tasks ] *****

Task Found : ASP
Task Found : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AdvanceElite
Key Found : HKCU\Software\advanceelite
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3B2CB4C8-72AB-4B25-8FA1-219B36A60BED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B2CB4C8-72AB-4B25-8FA1-219B36A60BED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenOffice Packages
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Vittalia
Key Found : [x64] HKCU\Software\advanceelite
Key Found : [x64] HKCU\Software\AdvanceElite
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Vittalia
Key Found : HKLM\SOFTWARE\advanceelite
Key Found : HKLM\SOFTWARE\AdvanceElite
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B2CB4C8-72AB-4B25-8FA1-219B36A60BED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9303da31-7a21-45fd-bd61-03ea56853012}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B2CB4C8-72AB-4B25-8FA1-219B36A60BED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update AdvanceElite
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AdvanceElite
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advanceelite
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://astromenda.com/?f=1&a=ast_vit_14_39_ie&cd=2XzuyEtN2Y1L1QzuyDyEtByBtC0E0AyEyEyB0C0DtD0A0B0FtN0D0Tzu0SzyzyzztN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyCyB0DtDtAzyyBtG0A0EtC0EtGzzyB0EyBtG0A0DyCyDtGtBtD0AzzyD0Bzy0EzzyC0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0Ezz0DtA0CyCtBtG0AyB0B0AtGyEyDtAyDtGzytAyCtAtG0CyCyDyEzytAtCtAyCyD0Czy2Q&cr=921263652&ir=

-\\ Mozilla Firefox v34.0.5 (x86 sv-SE)

[fjcpr2yq.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://rts.dsrlte.com?affID=na");
[fjcpr2yq.default] - Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_vit_14_39_ie&cd=2XzuyEtN2Y1L1QzuyDyEtByBtC0E0AyEyEyB0C0DtD0A0B0FtN0D0Tzu0SzyzyzztN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1[...]
[fjcpr2yq.default] - Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_vit_14_39_ie&cd=2XzuyEtN2Y1L1QzuyDyEtByBtC0E0AyEyEyB0C0DtD0A0B0FtN0D0Tzu0SzyzyzztN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDy[...]
[fjcpr2yq.default] - Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[fjcpr2yq.default] - Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[fjcpr2yq.default] - Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_vit_14_39_ie&cd=2XzuyEtN2Y1L1QzuyDyEtByBtC0E0AyEyEyB0C0DtD0A0B0FtN0D0Tzu0SzyzyzztN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzyt[...]

*************************

AdwCleaner[R0].txt - [12682 octets] - [19/12/2014 17:41:29]
AdwCleaner[R1].txt - [12523 octets] - [19/12/2014 17:46:47]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [12584 octets] ##########
 

 

När jag öppnade Firefox igen var Yahoo tillbaka!

Länk till kommentar
Dela på andra webbplatser

Du får ha lite tålamod, det kräver många steg för att få bort allt.

 

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt

 

 

2. Starta FRST.

Bocka för Addition.txt.

Skanna med FRST och klistra in resp. bifoga de nya loggarna.

 

 

3. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Välj alternativet Enable detection of potentially unwanted applications.

Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser

1.

# AdwCleaner v4.105 - Report created 19/12/2014 at 19:04:17
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : GSadmin - AXEL2014
# Running from : C:\Users\Gunvor\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : MaintainerSvc1.20.7247763
[#] Service Deleted : Update AdvanceElite
[#] Service Deleted : Util AdvanceElite
Service Deleted : {00aec75d-051f-41a9-9837-e94ac4f56303}Gw64
Service Deleted : {02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64
Service Deleted : {10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64
Service Deleted : {1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64
Service Deleted : {255a824a-3cde-4dee-9785-284605606456}Gw64
Service Deleted : {324e1577-96d7-407f-b1ce-1c9f8b33dad4}Gw64
Service Deleted : {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64
Service Deleted : {336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64
Service Deleted : {3b808196-ff63-49ee-b33b-efdf51723eca}Gw64
Service Deleted : {3cac76e7-8310-45ea-8277-96d048a78c60}w64
Service Deleted : {3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64
Service Deleted : {4530e639-76ab-4435-889d-a5e81ae090a4}Gw64
Service Deleted : {4c1b1795-a87a-4fc2-ac54-edcc060e26fa}w64
Service Deleted : {51b9c91c-8e38-40ae-80de-58a590512b6b}w64
Service Deleted : {5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64
Service Deleted : {67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64
Service Deleted : {6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64
Service Deleted : {733fb217-c049-41ba-9504-3f2045e61977}Gw64
Service Deleted : {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64
Service Deleted : {8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}Gw64
Service Deleted : {949aba83-1d7f-4d0b-b0ba-203450825231}Gw64
Service Deleted : {94d62e35-4b43-494c-bf52-ba5935df36ef}w64
Service Deleted : {b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64
Service Deleted : {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64
Service Deleted : {bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64
Service Deleted : {c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64
Service Deleted : {cd4cbede-8308-4d72-9759-e1140c7c6eb5}w64
Service Deleted : {d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}Gw64
Service Deleted : {d997fcb4-42b4-4f84-a147-2e498567c954}w64
Service Deleted : {dc592624-f532-4311-9fc7-6920126fc404}Gw64
Service Deleted : {e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64
Service Deleted : {f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64
Service Deleted : {f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64
Service Deleted : {fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64
Service Deleted : {fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
[!] Folder Deleted : C:\Program Files (x86)\AdvanceElite
[!] Folder Deleted : C:\Program Files (x86)\AdvanceElite
Folder Deleted : C:\Users\GSadmin\AppData\Local\Temp\AdvanceElite
Folder Deleted : C:\Users\GSadmin\AppData\Roaming\0V1L2Z2Z1T1I1L1T
Folder Deleted : C:\Users\GSadmin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Gunvor\AppData\Local\pay-by-ads
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{324e1577-96d7-407f-b1ce-1c9f8b33dad4}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}w64.sys
File Deleted : C:\Windows\System32\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{4c1b1795-a87a-4fc2-ac54-edcc060e26fa}w64.sys
File Deleted : C:\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}w64.sys
File Deleted : C:\Windows\System32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys
File Deleted : C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64.sys
File Deleted : C:\Windows\System32\drivers\{c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{cd4cbede-8308-4d72-9759-e1140c7c6eb5}w64.sys
File Deleted : C:\Windows\System32\drivers\{d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}w64.sys
File Deleted : C:\Windows\System32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys
File Deleted : C:\Users\Gunvor\AppData\Roaming\Mozilla\Firefox\Profiles\fjcpr2yq.default\searchplugins\dsrlte.xml
File Deleted : C:\Users\Gunvor\AppData\Roaming\Mozilla\Firefox\Profiles\fjcpr2yq.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : ASP
Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update AdvanceElite
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AdvanceElite
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B2CB4C8-72AB-4B25-8FA1-219B36A60BED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9303da31-7a21-45fd-bd61-03ea56853012}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B2CB4C8-72AB-4B25-8FA1-219B36A60BED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B2CB4C8-72AB-4B25-8FA1-219B36A60BED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Vittalia
Key Deleted : HKCU\Software\advanceelite
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\advanceelite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenOffice Packages
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\advanceelite

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v34.0.5 (x86 sv-SE)

[fjcpr2yq.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://rts.dsrlte.com?affID=na");
[fjcpr2yq.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_vit_14_39_ie&cd=2XzuyEtN2Y1L1QzuyDyEtByBtC0E0AyEyEyB0C0DtD0A0B0FtN0D0Tzu0SzyzyzztN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1[...]
[fjcpr2yq.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_vit_14_39_ie&cd=2XzuyEtN2Y1L1QzuyDyEtByBtC0E0AyEyEyB0C0DtD0A0B0FtN0D0Tzu0SzyzyzztN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDy[...]
[fjcpr2yq.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[fjcpr2yq.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[fjcpr2yq.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_vit_14_39_ie&cd=2XzuyEtN2Y1L1QzuyDyEtByBtC0E0AyEyEyB0C0DtD0A0B0FtN0D0Tzu0SzyzyzztN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzyt[...]

*************************

AdwCleaner[R0].txt - [12682 octets] - [19/12/2014 17:41:29]
AdwCleaner[R1].txt - [12743 octets] - [19/12/2014 17:46:47]
AdwCleaner[R2].txt - [12580 octets] - [19/12/2014 19:02:33]
AdwCleaner[s0].txt - [11015 octets] - [19/12/2014 19:04:17]

########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [11076 octets] ##########
 

 

2.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Gunvor (ATTENTION: The logged in user is not administrator) on AXEL2014 on 19-12-2014 19:10:55
Running from C:\Users\Gunvor\Desktop
Loaded Profile: Gunvor (Available profiles: Gunvor & GSadmin)
Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
() C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-26] (Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe [63296 2014-07-17] ()
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [sCX3200_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX3200\Scan2pc.exe [1990144 2011-06-21] ()
HKLM-x32\...\Run: [3200 Scan2PC] => C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [1990144 2011-06-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [s-1-5-21-1672374610-391447305-1045834109-1002] => file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> {74440429-B30F-4E2D-BD14-A616D6EFE788} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=345
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Gunvor\AppData\Roaming\Mozilla\Firefox\Profiles\fjcpr2yq.default
FF NewTab:
FF SelectedSearchEngine: Yahoo! Search
FF Keyword.URL:
FF NetworkProxy: "type", 0
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )
S3 Tdsshbecr; C:\Windows\system32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 19:10 - 2014-12-19 19:11 - 00010920 _____ () C:\Users\Gunvor\Desktop\FRST.txt
2014-12-19 19:09 - 2014-12-18 21:39 - 02121216 _____ (Farbar) C:\Users\Gunvor\Desktop\FRST64.exe
2014-12-19 17:41 - 2014-12-19 19:07 - 00000000 ____D () C:\AdwCleaner
2014-12-19 17:40 - 2014-12-19 17:33 - 02166272 _____ () C:\Users\Gunvor\Desktop\adwcleaner_4.105.exe
2014-12-19 17:18 - 2014-12-19 17:18 - 00000000 ____D () C:\Users\GSadmin\AppData\Roaming\BRT
2014-12-19 17:17 - 2014-12-19 17:18 - 00000000 ____D () C:\Users\GSadmin\AppData\Roaming\Mozilla
2014-12-19 17:17 - 2014-12-19 17:18 - 00000000 ____D () C:\Users\GSadmin\AppData\Local\Mozilla
2014-12-19 16:39 - 2014-12-19 16:39 - 00000000 __SHD () C:\Users\GSadmin\AppData\Local\EmieBrowserModeList
2014-12-19 13:17 - 2014-12-19 13:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-18 22:06 - 2014-12-18 22:06 - 00026902 _____ () C:\Users\Gunvor\Downloads\Addition.txt
2014-12-18 22:05 - 2014-12-19 19:10 - 00000000 ____D () C:\FRST
2014-12-18 22:05 - 2014-12-18 22:06 - 00030314 _____ () C:\Users\Gunvor\Downloads\FRST.txt
2014-12-18 21:39 - 2014-12-18 21:39 - 02121216 _____ (Farbar) C:\Users\Gunvor\Downloads\FRST64.exe
2014-12-16 16:17 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 16:17 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-10 15:53 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 15:53 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 15:53 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 15:53 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 15:50 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 15:50 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 15:50 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 15:50 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 15:50 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 15:50 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 15:50 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 15:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 15:50 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 15:50 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 15:50 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 15:50 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 15:50 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 15:50 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 15:50 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 15:50 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 15:50 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 15:50 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 15:50 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 15:50 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 15:50 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 15:50 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 15:50 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 15:50 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 15:50 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 15:50 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 15:50 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 15:50 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 15:50 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 15:50 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 15:50 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 15:50 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 15:50 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 15:50 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 15:50 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 15:50 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 15:50 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 15:50 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 15:50 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 15:50 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 15:50 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 15:50 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 15:50 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 15:50 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 15:50 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 15:50 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 15:50 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-11-19 13:12 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:12 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:12 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:12 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 19:08 - 2014-06-18 03:34 - 00731505 _____ () C:\Users\Gunvor\AppData\Local\BTServer.log
2014-12-19 19:08 - 2013-12-14 11:43 - 00000025 ___SH () C:\Windows\SysWOW64\ReadTag.ini
2014-12-19 19:08 - 2013-12-14 11:12 - 00049218 _____ () C:\Windows\PFRO.log
2014-12-19 19:08 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-19 19:05 - 2013-12-14 11:25 - 01740478 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 19:05 - 2013-09-14 00:32 - 00732588 _____ () C:\Windows\system32\perfh01D.dat
2014-12-19 19:05 - 2013-09-14 00:32 - 00151960 _____ () C:\Windows\system32\perfc01D.dat
2014-12-19 19:01 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini
2014-12-19 19:00 - 2014-06-18 06:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-19 17:59 - 2014-04-09 17:27 - 01093044 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 17:38 - 2014-08-17 13:20 - 00003678 _____ () C:\Users\GSadmin\AppData\Local\BTServer.log
2014-12-19 17:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-19 16:02 - 2014-11-08 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-12-19 13:08 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-18 19:49 - 2014-06-21 14:12 - 00000000 ____D () C:\Users\Gunvor\AppData\Local\Thunderbird
2014-12-14 13:29 - 2014-08-17 12:41 - 00000000 ____D () C:\Users\GSadmin
2014-12-12 23:04 - 2014-06-18 03:34 - 00000000 ____D () C:\Users\Gunvor
2014-12-12 21:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 23:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 16:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 16:10 - 2014-06-18 06:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 16:09 - 2014-06-18 06:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-26 22:10 - 2014-08-20 22:30 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-08-20 22:30 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\GSadmin\AppData\Local\Temp\66821uninstall.exe
C:\Users\GSadmin\AppData\Local\Temp\CloudBackup3456.exe
C:\Users\GSadmin\AppData\Local\Temp\Quarantine.exe
C:\Users\GSadmin\AppData\Local\Temp\sqlite3.dll
C:\Users\GSadmin\AppData\Local\Temp\_is260B.exe
C:\Users\Gunvor\AppData\Local\Temp\dsrsetup.exe
C:\Users\Gunvor\AppData\Local\Temp\res.dll
C:\Users\Gunvor\AppData\Local\Temp\setup.exe
C:\Users\Gunvor\AppData\Local\Temp\_is43D9.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================

 

3.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\AdvanceEliteBHO.dll.vir    a variant of Win32/BrowseFox.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\AdvanceEliteUn.exe.vir    a variant of Win64/BrowseFox.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\AdvanceEliteUninstall.exe.vir    a variant of Win64/BrowseFox.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\pkbbmldjcnhopjhpifcocnmkooiadpbb.crx.vir    Win32/BrowseFox.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe.vir    a variant of MSIL/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\00aec75d051f41a99837.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\00aec75d051f41a9983764.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\10e3e2da8f7b42cc9f00.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\10e3e2da8f7b42cc9f0064.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\1de2a23f1c234ea18ef4.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\1de2a23f1c234ea18ef464.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\255a824a3cde4dee9785.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\255a824a3cde4dee978564.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\32c6b9d76b2c4b039178.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\32c6b9d76b2c4b03917864.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\336e37ae32354f1698ec.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\336e37ae32354f1698ec64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\34a9de73811947108938.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\34a9de7381194710893864.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\3b808196ff6349eeb33b.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\3b808196ff6349eeb33b64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\3cac76e7831045ea8277.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\3cac76e7831045ea827764.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\3fa44d1fc3004673a8c1.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\3fa44d1fc3004673a8c164.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\4530e63976ab4435889d.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\4530e63976ab4435889d64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\4c1b1795a87a4fc2ac54.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\4c1b1795a87a4fc2ac5464.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\51b9c91c8e3840ae80de.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\51b9c91c8e3840ae80de64.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\5d78e0eeca6046a49492.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\5d78e0eeca6046a4949264.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\67f29abb07b341f594cd.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\67f29abb07b341f594cd64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\6c84eb2866c44e3d8a5a.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\6c84eb2866c44e3d8a5a64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\733fb217c04941ba9504.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\733fb217c04941ba950464.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\84e2472432a54ef8b981.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\84e2472432a54ef8b98164.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\8ac13c32b1f4495e8b0b.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\8ac13c32b1f4495e8b0b64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\949aba831d7f4d0bb0ba.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\949aba831d7f4d0bb0ba64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\94d62e354b43494cbf52.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\94d62e354b43494cbf5264.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe.vir    a variant of Win32/BrowseFox.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe.vir    a variant of Win32/BrowseFox.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe.vir    a variant of Win32/BrowseFox.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe.vir    a variant of Win32/BrowseFox.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter64.exe.vir    a variant of Win64/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.expext.exe.vir    a variant of Win32/BrowseFox.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.expextdll.dll.vir    a variant of Win64/BrowseFox.CJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.PurBrowse64.exe.vir    a variant of Win64/BrowseFox.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\b0c7827fc845429a833b.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\b0c7827fc845429a833b64.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\bb7b7a60f57447c28a0b.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\bb7b7a60f57447c28a0b64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\bf42a7369bd44575b45b.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\bf42a7369bd44575b45b64.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\c61f647195aa405abe3a.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\c61f647195aa405abe3a64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\cd4cbede83084d729759.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\cd4cbede83084d72975964.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\d1c4c3bc6b7740339c86.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\d1c4c3bc6b7740339c8664.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\d997fcb442b44f84a147.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\d997fcb442b44f84a14764.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\db1293a085fd418db0d6.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\db1293a085fd418db0d664.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\dc592624f53243119fc7.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\dc592624f53243119fc764.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\e96295962cbd4eea9329.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\e96295962cbd4eea932964.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\f5d136d7adc24c8485b2.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\f5d136d7adc24c8485b264.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\f63e4e62e47d44159bb4.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\f63e4e62e47d44159bb464.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\fc7329efe953454c8e78.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\fc7329efe953454c8e7864.dll.vir    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\fce396aed8d14789946e.dll.vir    a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\fce396aed8d14789946e64.dll.vir    Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe.vir    a variant of MSIL/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{00aec75d-051f-41a9-9837-e94ac4f56303}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{00aec75d-051f-41a9-9837-e94ac4f56303}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{255a824a-3cde-4dee-9785-284605606456}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{255a824a-3cde-4dee-9785-284605606456}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{336e37ae-3235-4f16-98ec-8cdf679be7d2}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{336e37ae-3235-4f16-98ec-8cdf679be7d2}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{34a9de73-8119-4710-8938-8d3ebf75d78f}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{34a9de73-8119-4710-8938-8d3ebf75d78f}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{3b808196-ff63-49ee-b33b-efdf51723eca}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{3b808196-ff63-49ee-b33b-efdf51723eca}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{3cac76e7-8310-45ea-8277-96d048a78c60}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{3cac76e7-8310-45ea-8277-96d048a78c60}64.dll.vir    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{4530e639-76ab-4435-889d-a5e81ae090a4}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{4530e639-76ab-4435-889d-a5e81ae090a4}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{4c1b1795-a87a-4fc2-ac54-edcc060e26fa}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{4c1b1795-a87a-4fc2-ac54-edcc060e26fa}64.dll.vir    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{51b9c91c-8e38-40ae-80de-58a590512b6b}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{51b9c91c-8e38-40ae-80de-58a590512b6b}64.dll.vir    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{5d78e0ee-ca60-46a4-9492-4f24429cc925}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{5d78e0ee-ca60-46a4-9492-4f24429cc925}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{733fb217-c049-41ba-9504-3f2045e61977}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{733fb217-c049-41ba-9504-3f2045e61977}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{84e24724-32a5-4ef8-b981-cc669543b4a4}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{84e24724-32a5-4ef8-b981-cc669543b4a4}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{949aba83-1d7f-4d0b-b0ba-203450825231}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{949aba83-1d7f-4d0b-b0ba-203450825231}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{94d62e35-4b43-494c-bf52-ba5935df36ef}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{94d62e35-4b43-494c-bf52-ba5935df36ef}64.dll.vir    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{b0c7827f-c845-429a-833b-c2a798fc4fc3}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{b0c7827f-c845-429a-833b-c2a798fc4fc3}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{bf42a736-9bd4-4575-b45b-11d4dd6a3399}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{bf42a736-9bd4-4575-b45b-11d4dd6a3399}64.dll.vir    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{c61f6471-95aa-405a-be3a-f3b2dc07fdfa}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{c61f6471-95aa-405a-be3a-f3b2dc07fdfa}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{cd4cbede-8308-4d72-9759-e1140c7c6eb5}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{cd4cbede-8308-4d72-9759-e1140c7c6eb5}64.dll.vir    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{d997fcb4-42b4-4f84-a147-2e498567c954}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{d997fcb4-42b4-4f84-a147-2e498567c954}64.dll.vir    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{db1293a0-85fd-418d-b0d6-c79faa7c8ace}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{db1293a0-85fd-418d-b0d6-c79faa7c8ace}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{dc592624-f532-4311-9fc7-6920126fc404}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{dc592624-f532-4311-9fc7-6920126fc404}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{e9629596-2cbd-4eea-9329-7470e8b0fdae}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{e9629596-2cbd-4eea-9329-7470e8b0fdae}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{fce396ae-d8d1-4789-946e-2106fbe4292b}.dll.vir    a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\{fce396ae-d8d1-4789-946e-2106fbe4292b}64.dll.vir    Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BOAS.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.Bromon.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BroStats.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BrowserAdapter.dll.vir    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BRT.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.CompatibilityChecker.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.ExpExt.dll.vir    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.FFUpdate.dll.vir    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.GCUpdate.dll.vir    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.IEUpdate.dll.vir    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.Msvcmon.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.OfSvc.dll.vir    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.PurBrowse.dll.vir    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.Repmon.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.bak.vir    Win32/BrowseFox.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe.vir    Win32/BrowseFox.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\GSadmin\AppData\Roaming\0V1L2Z2Z1T1I1L1T\OpenOffice Packages\uninstaller.exe.vir    Win32/InstallCore.PC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Gunvor\AppData\Local\pay-by-ads\Yahoo! Search\1.3.15.4\chromext.dll.vir    a variant of Win32/Toolbar.Montiera.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Gunvor\AppData\Local\pay-by-ads\Yahoo! Search\1.3.15.4\dsrlte.exe.vir    a variant of Win32/Toolbar.Montiera.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Gunvor\AppData\Local\pay-by-ads\Yahoo! Search\1.3.15.4\dsrsetup.exe.vir    a variant of Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Gunvor\AppData\Local\pay-by-ads\Yahoo! Search\1.3.15.4\firefoxt.dll.vir    a variant of Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{324e1577-96d7-407f-b1ce-1c9f8b33dad4}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}w64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{4c1b1795-a87a-4fc2-ac54-edcc060e26fa}w64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}w64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{8ac13c32-b1f4-495e-8b0b-4bd4fd38c6b5}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{bf42a736-9bd4-4575-b45b-11d4dd6a3399}w64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{c61f6471-95aa-405a-be3a-f3b2dc07fdfa}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{cd4cbede-8308-4d72-9759-e1140c7c6eb5}w64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{d1c4c3bc-6b77-4033-9c86-e72fcf769bbe}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}w64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
 

Addition.txt

Länk till kommentar
Dela på andra webbplatser

1. Var du inloggad på adminstratörskontot när du körde Esets skanner?

Om inte kan den ha missat en del.

 

Samma sak med loggar från FRST. FRST behöver köras från ett adminkonto för att kunna se allt i datorn. Nu saknas schemalagda händelser och det har det blivit ett felmeddelande:

ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

 

 

2. Du har en massa rester av McAfee i datorn. Jag antar att det är rester efter en avinstallation i alla fall och om det stämmer behöver du köra MCPR från ett adminkonto för att få bort dem.

https://service.mcafee.com/FAQDocument.aspx?id=TS101331

Avsnittet Lösning, punkt 2.

 

 

3. Logga in på ett adminkonto.

Starta programmet Anteckningar.

Kopiera alla rader i rutan:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-1672374610-391447305-1045834109-1002] => file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js
C:\Program Files (x86)\AdvanceElite
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> {74440429-B30F-4E2D-BD14-A616D6EFE788} URL = http://rts.dsrlte.co...rchTerms}&r=345
C:\Users\Gunvor\AppData\Local\Pay-By-Ads
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

 

4. Logga in på adminkontot.

Starta FRST.

Bocka för Addition.txt.

Skanna med FRST och klistra in resp. bifoga de nya loggarna.

Länk till kommentar
Dela på andra webbplatser

1. Ny skanning med Eset från Admin-kontot bifogas.

2. Rensning av McAfee.

 

3.  Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by GSadmin at 2014-12-20 12:38:46 Run:1
Running from C:\Users\GSadmin\Desktop
Loaded Profile: GSadmin (Available profiles: Gunvor & GSadmin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AutoConfigURL: [s-1-5-21-1672374610-391447305-1045834109-1002] => file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js
C:\Program Files (x86)\AdvanceElite
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1672374610-391447305-1045834109-1002 -> {74440429-B30F-4E2D-BD14-A616D6EFE788} URL = http://rts.dsrlte.co...rchTerms}&r=345
C:\Users\Gunvor\AppData\Local\Pay-By-Ads
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key could not be deleted. Error: -1073741772
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key could not be deleted. Error: -1073741772
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key could not be deleted. Error: -1073741772
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => Value not found.
"C:\Program Files (x86)\AdvanceElite" => File/Directory not found.
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key could not be deleted. Error: -1073741772
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-1672374610-391447305-1045834109-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74440429-B30F-4E2D-BD14-A616D6EFE788} => Key could not be deleted. Error: -1073741772
HKCR\CLSID\{74440429-B30F-4E2D-BD14-A616D6EFE788} => Key not found.
"C:\Users\Gunvor\AppData\Local\Pay-By-Ads" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====

 

4.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by GSadmin (administrator) on AXEL2014 on 20-12-2014 13:10:42
Running from C:\Users\GSadmin\Desktop
Loaded Profile: GSadmin (Available profiles: Gunvor & GSadmin)
Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
() C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-26] (Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe [63296 2014-07-17] ()
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [sCX3200_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX3200\Scan2pc.exe [1990144 2011-06-21] ()
HKLM-x32\...\Run: [3200 Scan2PC] => C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [1990144 2011-06-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [s-1-5-21-1672374610-391447305-1045834109-1003] => file://C:\Program Files (x86)\AdvanceElite\bin\Pac8807.js
HKU\S-1-5-21-1672374610-391447305-1045834109-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\GSadmin\AppData\Roaming\Mozilla\Firefox\Profiles\5jb2wib2.default
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )
S3 Tdsshbecr; C:\Windows\system32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 13:10 - 2014-12-20 13:11 - 00009383 _____ () C:\Users\GSadmin\Desktop\FRST.txt
2014-12-20 12:38 - 2014-12-20 12:38 - 00000000 ____D () C:\Users\GSadmin\Desktop\FRST-OlderVersion
2014-12-20 12:24 - 2013-08-22 07:57 - 00001158 _____ () C:\Users\GSadmin\Desktop\Notepad.lnk
2014-12-20 12:05 - 2014-12-20 12:05 - 03480040 _____ (McAfee, Inc.) C:\Users\GSadmin\Downloads\MCPR.exe
2014-12-20 11:52 - 2014-12-20 11:52 - 00034883 _____ () C:\Users\GSadmin\Desktop\eset20.txt
2014-12-20 11:10 - 2014-12-20 12:38 - 02122240 _____ (Farbar) C:\Users\GSadmin\Desktop\FRST64.exe
2014-12-20 11:09 - 2014-12-19 17:33 - 02166272 _____ () C:\Users\GSadmin\Desktop\adwcleaner_4.105.exe
2014-12-19 19:54 - 2014-12-19 19:54 - 00034772 _____ () C:\Users\Gunvor\Desktop\eset.txt
2014-12-19 19:28 - 2014-12-19 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-19 19:14 - 2014-12-19 19:14 - 00000000 __SHD () C:\Users\Gunvor\AppData\Local\EmieBrowserModeList
2014-12-19 19:11 - 2014-12-19 19:11 - 00024665 _____ () C:\Users\Gunvor\Desktop\Addition.txt
2014-12-19 19:10 - 2014-12-19 19:11 - 00022711 _____ () C:\Users\Gunvor\Desktop\FRST.txt
2014-12-19 19:09 - 2014-12-18 21:39 - 02121216 _____ (Farbar) C:\Users\Gunvor\Desktop\FRST64.exe
2014-12-19 17:41 - 2014-12-20 11:24 - 00000000 ____D () C:\AdwCleaner
2014-12-19 17:40 - 2014-12-19 17:33 - 02166272 _____ () C:\Users\Gunvor\Desktop\adwcleaner_4.105.exe
2014-12-19 17:18 - 2014-12-19 17:18 - 00000000 ____D () C:\Users\GSadmin\AppData\Roaming\BRT
2014-12-19 17:17 - 2014-12-19 17:18 - 00000000 ____D () C:\Users\GSadmin\AppData\Roaming\Mozilla
2014-12-19 17:17 - 2014-12-19 17:18 - 00000000 ____D () C:\Users\GSadmin\AppData\Local\Mozilla
2014-12-19 16:39 - 2014-12-19 16:39 - 00000000 __SHD () C:\Users\GSadmin\AppData\Local\EmieBrowserModeList
2014-12-19 13:17 - 2014-12-19 13:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-18 22:06 - 2014-12-18 22:06 - 00026902 _____ () C:\Users\Gunvor\Downloads\Addition.txt
2014-12-18 22:05 - 2014-12-20 13:10 - 00000000 ____D () C:\FRST
2014-12-18 22:05 - 2014-12-18 22:06 - 00030314 _____ () C:\Users\Gunvor\Downloads\FRST.txt
2014-12-18 21:39 - 2014-12-18 21:39 - 02121216 _____ (Farbar) C:\Users\Gunvor\Downloads\FRST64.exe
2014-12-16 16:17 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 16:17 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-10 15:53 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 15:53 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 15:53 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 15:53 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 15:50 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 15:50 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 15:50 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 15:50 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 15:50 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 15:50 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 15:50 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 15:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 15:50 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 15:50 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 15:50 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 15:50 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 15:50 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 15:50 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 15:50 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 15:50 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 15:50 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 15:50 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 15:50 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 15:50 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 15:50 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 15:50 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 15:50 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 15:50 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 15:50 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 15:50 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 15:50 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 15:50 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 15:50 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 15:50 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 15:50 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 15:50 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 15:50 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 15:50 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 15:50 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 15:50 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 15:50 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 15:50 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 15:50 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 15:50 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 15:50 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 15:50 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 15:50 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 15:50 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 15:50 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 15:50 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 15:50 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 13:10 - 2014-08-17 13:25 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1672374610-391447305-1045834109-1003
2014-12-20 13:09 - 2013-12-14 11:25 - 01740478 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 13:09 - 2013-09-14 00:32 - 00732588 _____ () C:\Windows\system32\perfh01D.dat
2014-12-20 13:09 - 2013-09-14 00:32 - 00151960 _____ () C:\Windows\system32\perfc01D.dat
2014-12-20 13:05 - 2014-08-17 13:20 - 00014945 _____ () C:\Users\GSadmin\AppData\Local\BTServer.log
2014-12-20 13:05 - 2013-12-14 11:43 - 00000025 ___SH () C:\Windows\SysWOW64\ReadTag.ini
2014-12-20 13:05 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 12:39 - 2014-10-16 08:24 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-20 12:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-20 12:22 - 2014-04-09 17:27 - 01190234 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 12:11 - 2013-12-14 11:12 - 00050326 _____ () C:\Windows\PFRO.log
2014-12-20 12:09 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-20 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-20 11:24 - 2014-06-18 03:34 - 00738176 _____ () C:\Users\Gunvor\AppData\Local\BTServer.log
2014-12-20 10:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-19 19:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-19 19:01 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini
2014-12-19 19:00 - 2014-06-18 06:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 16:02 - 2014-11-08 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-12-19 13:08 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-18 19:49 - 2014-06-21 14:12 - 00000000 ____D () C:\Users\Gunvor\AppData\Local\Thunderbird
2014-12-18 14:14 - 2014-06-18 03:40 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1672374610-391447305-1045834109-1002
2014-12-14 13:29 - 2014-08-17 12:41 - 00000000 ____D () C:\Users\GSadmin
2014-12-12 23:04 - 2014-06-18 03:34 - 00000000 ____D () C:\Users\Gunvor
2014-12-12 21:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 23:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 16:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 16:10 - 2014-06-18 06:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 16:09 - 2014-06-18 06:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-26 22:10 - 2014-08-20 22:30 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-08-20 22:30 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\GSadmin\AppData\Local\Temp\66821uninstall.exe
C:\Users\GSadmin\AppData\Local\Temp\CloudBackup3456.exe
C:\Users\GSadmin\AppData\Local\Temp\Quarantine.exe
C:\Users\GSadmin\AppData\Local\Temp\sqlite3.dll
C:\Users\GSadmin\AppData\Local\Temp\_is260B.exe
C:\Users\Gunvor\AppData\Local\Temp\dsrsetup.exe
C:\Users\Gunvor\AppData\Local\Temp\res.dll
C:\Users\Gunvor\AppData\Local\Temp\setup.exe
C:\Users\Gunvor\AppData\Local\Temp\_is43D9.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-16 16:24

==================== End Of Log ============================

Addition.txt

Länk till kommentar
Dela på andra webbplatser

Du får ta bort två av filerna som Esets skanner hittade med hjälp av FRST.

 

Starta programmet Anteckningar.

Kopiera alla rader i rutan:

C:\Users\GSadmin\AppData\Local\Microsoft\Windows\INetCache\IE\R0U273D4\AdvanceElite[1].dll
C:\Users\GSadmin\AppData\Local\Temp\CloudBackup3456.exe
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

När du känner att du har prövat att surfa med olika webbläsare i båda kontona tillräckligt så kom tillbaks, antingen för att det behöver rensas mer eller för att det är dags att få instruktionen för hur AdwCleaner och FRST ska avinstalleras.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...