Fiskarfred

Member
  • Content Count

    59
  • Joined

  • Last visited

Everything posted by Fiskarfred

  1. I am not sure if I am infected - but lately, I have had trouble connecting to the internet. In particular, I have had trouble connecting my VPN through my wifi. This is usually solved by logging in and out, but not always. I wanted to be safe so I am just wondering if you are detecting anything! I also made a scan with my EAM in addition to the other reports (scan_181009-123225.txt) scan_181009-123225.txt scan_181009-123854.txt FRST.txt Addition.txt
  2. When I opened Windows Explorer, I got the prompt for an unknown publisher to make changes to the computer again under the name Internet Explorer. Note that I had to accept this prompt to open the programs, so I did. When I tried to fix with FRST, it didn't work at first as it said that there was no fixlist.txt even though there clearly was. I tried several times and even put them in a separate folder with nothing else, made new fixlist.txt, but it didn't work. In the process, I had to allow "FRST" to make changes to my computer, after this, the prompts changed from saying "FRST" to "Svchost" again. Svchost promt to make changes is back. I downloaded a new FRST version and it worked. I have attached the result. Finally, after the fix, I took the liberty of running a new EEK and FRST scan and now I got even more alerts than before on EEK. I have attached these logs too. Note that every time I have to open a new program, I have to give "Svchost" permission to make changes to the computer. I have a feeling that every time I have to do this, the worm spreads..? Fixlog.txt scan_180309-183454.txt Addition.txt FRST.txt
  3. Also, I now apparently got 3 important and 14 optional windows updates to install. Could this be the worm in disguise or should I install these updates? It says the important updates are Security updates for Microsoft Visual C++ 2005 Service Pack 1 and are published 2012... I will wait with installing them until I hear what you think.
  4. Weird, now it seems to be back. EEK said that even FRST is affected. I still get the promt to use admin privileges on some programs, it seems. It is almost as if the worm has "revived" itself? Now it asked for admin privileges to open FRST. Also, when I try to open other programs (that actually do need admin privileges), it says that the modules cannot be found. (loadlibrarypythondll not found, then it opens a new "Error"-window showing the way to to a Local\Temp file called python27.dll) FRST.txt Addition.txt scan_180308-224935.txt
  5. When I opened windows explorer to see your reply, I had to allow Svchost to make changes to my computer to open the browser, so I did. While following your instructions I shut down the browser. When opening the browser to attach the log I did not need to give Svchost any permissions to open the browser. I tried to open some other programs and no Svchost promt came up. I even tried opening a program with administrator rights and the program's name came up instead of Svchost (I didn't run the program just in case, though). Should my computer be cured now? If so, is there anything I should look out for (and if I notice it, return here)? Fixlog.txt
  6. When I tried to install a program, the computer said that svchost was created by an unknown publisher that wanted to make changes to my computer. The same applies anytime I try to open any program as an administrator. I scanned C:\windows\svchost.exe and it had a worm. Figured I'd ask you experts for help. Thank you in advance. Addition_06-03-2018 21.33.33.txt FRST_06-03-2018 21.33.33.txt scan_180306-212820.txt
  7. I followed your instructions but the program failed to start 4 times. Something kept the repair from running according the log ("_Windows_Repair_Log (try 1 - fail)"). I have attached this log in this thread. The log encouraged me to retry the repair in safe mode, which I did, and it succeeded. The program seems to have done several things, all beyond the grasp of my understanding. I have included the two logs that were created from the succeeded repair ("_Windows_Repair_Log" and "Repair_Volume_Shadow_Copy_Service"). With this repair completed, I tried to restart the SFCfix program. It gave me the same results as last time, but it did create a log this time ("SFCFix")! Lastly, I went onto CMD and executed another "sfc /scannow" command. The command prompt still told me that Windows Resource Protection found corrupt files but was unable to fix some of them, and still no log file was found in "%WinDir%\Logs\CBS\CBS.log". What's the next step to finally fix the corrupted files on my computer? Best Wishes. Fiskarfred _Windows_Repair_Log (try 1 - fail).txt _Windows_Repair_Log.txt Repair_Volume_Shadow_Copy_Service.txt SFCFix.txt
  8. Thank you for the link to this tool. It was unable to find a corruption but urged me to show the generated log file to "a helpter", being able to help me further. The SFCfix program didn't generate a log either. Any help with this? I have attached a photo of what the program said.
  9. Thank you for going above and beyond what was asked of you. Reading through one of your articles I came across another problem. I am not sure if this is the right place to ask for help it but doesn't hurt trying. No hard feelings from my part if this does not belong here and you decide to close this thread. When executing a System File Checker tool, "sfc /scannow", in cmd, the command prompt told me that Windows Resource Protection found corrupt files but was unable to fix some of them. It gave me a path to where the log was kept and I went onto Microsoft support hoping to tackle the problem by following their instructions as to "view details of the System File Checker process to find the corrupted file, and then manually replace the corrupted file with a known good copy of the file." According to the command prompt, the log would be found in %WinDir%\Logs\CBS\CBS.log, but when I went to this location (in my case C:\Windows\Logs\CBS\CBS.log), I did not find any logs, only a CBS.txt document which was 729 MB. Was the log file ever created? If so, how do I reach it? If it wasn't, how do I create one? Thank you and best wishes. Fiskarfred PS. I have made sure that I can see hidden files and folders, it was still not there.
  10. I see. Thank you Kevin for all your assistance! Best Wishes. Fiskarfred
  11. After disabling the Emsisoft Online Armor firewall, my internet browsing speeds went up significantly! I reactivated the firewall after confirming this but would it be a safe and sustainable strategy to keep the firewall deactivated, virus-protection wise? Is there any way to reach as fast internet speeds as when I have the firewall deactivated but still be protected?
  12. There is really no noticeable difference since I ran the fixlist. With this in mind, do you suspect there to be any viruses left? If not, do you have any ideas as to why my internet connection is so slow at times, even though the internet speeds for all the other computers in the household (even with the same Ethernet connection) are way faster? (I have cleaned my computer thoroughly and as I've said before it's not a matter of CPU or RAM, it's solely my internet connection which is significantly slow) Thank you for your help.
  13. I want to start off by thanking you for having this service, greatly appreciated! Prior Scan I ran an EEK scan a few days ago, it detected three viruses (see log). Before writing this forum post, I ran another scan as I was asked. It found a new virus, but from a program that I haven't touched since before my last scan. Please also note that the primary scan was a full scan and the latter (as you know) was a smart scan. Symptoms My internet connection has been significantly slowed down lately, but my RAM memory and CPU usage isn't as gravely infected. Sometimes (..often..) internet connection is completely cut off. I am sure that the router is not to blame because my other computer (also connected by Ethernet cable) has plenty of internet -- it shouldn't be a problem as we have a fiber broadband. New scans I have attached the logs (including the prior one) in this topic as I was asked. Best Wishes. a2scan_150530-034212.txt Addition.txt FRST.txt Scan_150529-142115 (before I did Emsisoft Forum).txt
  14. ieapfltr.dll from Internet Explorer
  15. It didn't work. I reinstalled Windows though, so I guess it's resolved.
  16. I wanted to scan my computer but realized that I only have Emisoft Online-Armor in the taskbar. Nothing happens when I try to start Emisoft Anti-Malware, no matter if I start it using start menu or if I go onto Control Panel and try to "Turn on the virus protection". When I'm on the control panel and press turn on now and check that I trust the publisher etc. Nothing happens. OS: Windows 7 Home Premium 64-bit RAM: 8,00 GB Processor: Intel® Core i5-2400 CPU @ 3.10GHz 3.10GHz Emisoft Anti-Malware (Latest edition?[i cannot check since it will not start]) Emisoft Online-Armor (Latest edition) CCleaner (v. 4.12.4657 [64-bit]) Thank you for helping me! :-)
  17. I was minding my own businesses the other day when suddenly a note popped up at the bottom right, saying that I should block a suspicious file(because I didn't recognize it) and ask for further assistance on here. I took a screenshot of the box, and the screenshot is included in the thread. Thank you for helping me!
  18. Alright, I had an un-genuine version of Windows Ultimate, but now I "downgraded" to a genuine version of Windows Home Premium(which I didn't know I had in English, which is why I didn't have it installed in the first place). Since I had to format my hard-drive before installing the new Windows operating system, I'm guessing I lost all the malware in the process(everything has been running fine all day). So I guess this issue is resolved. Thanks for setting me on the right path, I'll get back to you if the computer starts to act up again. :-)
  19. I have a windows disc and product key laying around(a legal and genuine one), I'll install it now, let me get back to you once It's done. :-)
  20. ALSO: I am not sure if this matters but It's better to be safe and say it than sorry. I dont have a genuine version of windows but I still get windows updates daily. Do Windows give me updates even though I don't have a legit windows or are those updates false?
  21. I didn't notice any problems during the scan, although I wasn't paying attention 100%. PROBLEMS: - After the scan, I shut off my computer, same problem as before persisted and the screen was black although the lights on the chassi were still on, and I could also still hear the buzzing from the fans on the inside. - When I had restarted my computer and was having the mouse over "Choose Files...", a distorted mouse icon is used, I'll attach pictures below. - The computer is running slow and if freezing every 30 seconds or so. When I select the combofix.txt log for upload it says "upload skipped (no file was selected for upload)" although It worked to select and upload "photo 1" "photo 2" and "photo 3" the same way without difficulties. I will attach a screenshot showing you what it looks like. I can however access the document and I will take the liberty of posting the log below: C:\ComboFix.txt ComboFix 14-08-14.02 - Carl Fredrik 2014-08-14 21:43:50.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1033.18.8173.6305 [GMT 2:00] Körs från: c:\users\Carl Fredrik\Desktop\Combo-Fix.exe AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((( Filer skapade från 2014-07-14 till 2014-08-14 )))))))))))))))))))))))))))))) . . 2014-08-14 19:50 . 2014-08-14 19:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-08-14 19:50 . 2014-08-14 19:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-08-14 19:50 . 2014-08-14 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-14 19:44 . 2014-08-14 19:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F3565DA-498C-43EF-B3FE-A273CAA9A5DD}\offreg.dll 2014-08-14 00:26 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-14 00:26 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-14 00:26 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-14 00:26 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-14 00:26 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-14 00:26 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-14 00:26 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-14 00:26 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-12 13:49 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F3565DA-498C-43EF-B3FE-A273CAA9A5DD}\mpengine.dll 2014-08-12 11:24 . 2014-08-12 20:45 -------- d-----w- c:\program files (x86)\Warcraft III 2014-08-12 11:17 . 2014-08-12 11:21 -------- d-----w- c:\users\Carl Fredrik\Warcraft III 1.21b ROC Installer enGB 2014-08-12 11:13 . 2014-08-12 11:17 -------- d-----w- c:\users\Carl Fredrik\Warcraft III 1.21b TFT Installer enGB 2014-08-08 23:52 . 2014-08-08 23:52 -------- d-----w- c:\users\Carl Fredrik\AppData\Roaming\MP3SkypeRecorder 2014-08-08 23:52 . 2014-08-08 23:52 -------- d-----w- c:\users\Carl Fredrik\AppData\Local\MP3_Skype_Recorder 2014-08-08 18:17 . 2014-08-08 18:17 -------- d-----w- c:\windows\ERUNT 2014-08-08 18:10 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-08-08 18:09 . 2014-08-08 18:11 -------- d-----w- C:\AdwCleaner 2014-08-01 20:38 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll 2014-08-01 20:38 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe 2014-08-01 20:38 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll 2014-08-01 20:38 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll 2014-08-01 20:38 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll 2014-08-01 20:38 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll 2014-08-01 20:38 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll 2014-08-01 20:38 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll 2014-08-01 20:38 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll 2014-08-01 20:38 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2014-08-01 20:37 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll 2014-08-01 20:37 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll 2014-08-01 20:37 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe 2014-08-01 20:37 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2014-07-28 14:55 . 2014-07-28 14:57 -------- d-----w- c:\users\Carl Fredrik\AppData\Roaming\Mount&Blade With Fire and Sword 2014-07-27 14:46 . 2014-07-27 14:46 -------- d-----w- c:\users\Carl Fredrik\AppData\Roaming\Crazy Viking Studios 2014-07-27 09:45 . 2014-07-27 09:45 7501528 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe 2014-07-27 09:45 . 2014-07-27 09:45 7259328 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll 2014-07-27 09:41 . 2014-07-27 09:41 5532368 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe 2014-07-27 09:41 . 2014-07-27 09:41 5233848 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll 2014-07-27 09:41 . 2014-07-27 09:41 189128 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE 2014-07-25 22:45 . 2014-07-25 22:45 -------- d-----w- C:\GOG Games 2014-07-25 21:34 . 2014-07-25 21:34 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2014-07-20 12:06 . 2014-07-20 12:06 319912 ----a-w- c:\windows\system32\javaws.exe 2014-07-20 12:06 . 2014-07-20 12:06 189352 ----a-w- c:\windows\system32\javaw.exe 2014-07-20 12:06 . 2014-07-20 12:06 189352 ----a-w- c:\windows\system32\java.exe 2014-07-20 12:06 . 2014-07-20 12:06 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-07-20 12:05 . 2014-07-20 12:05 -------- d-----w- c:\program files\Java 2014-07-15 19:52 . 2014-07-15 19:52 122 ----a-w- C:\reset.bat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-14 00:34 . 2014-03-16 13:20 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-07-20 11:59 . 2014-03-16 21:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-20 11:59 . 2014-03-16 21:14 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-15 20:11 . 2014-04-29 14:11 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2014-07-10 10:52 . 2014-07-10 10:52 77312 ----a-w- c:\windows\system32\eamclean.exe 2014-07-09 00:18 . 2014-06-04 16:40 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2014-07-09 00:18 . 2014-04-29 10:05 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2014-07-01 14:24 . 2014-07-01 14:24 0 ---ha-w- c:\users\Carl Fredrik\AppData\Local\BITE927.tmp 2014-06-18 02:18 . 2014-07-09 09:19 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 09:19 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-06 10:10 . 2014-07-09 09:19 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 09:19 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 09:17 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 09:17 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 09:17 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-06-04 16:40 . 2014-04-29 10:05 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2014-05-30 08:08 . 2014-07-09 09:19 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-05-30 08:08 . 2014-07-09 09:19 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-05-30 08:08 . 2014-07-09 09:19 340992 ----a-w- c:\windows\system32\schannel.dll 2014-05-30 08:08 . 2014-07-09 09:19 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-05-30 08:08 . 2014-07-09 09:19 307200 ----a-w- c:\windows\system32\ncrypt.dll 2014-05-30 08:08 . 2014-07-09 09:19 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-05-30 08:08 . 2014-07-09 09:19 22016 ----a-w- c:\windows\system32\credssp.dll 2014-05-30 07:52 . 2014-07-09 09:19 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-05-30 07:52 . 2014-07-09 09:19 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52 . 2014-07-09 09:19 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2014-05-30 07:52 . 2014-07-09 09:19 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52 . 2014-07-09 09:19 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52 . 2014-07-09 09:19 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-05-30 07:52 . 2014-07-09 09:19 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2014-05-30 06:45 . 2014-07-09 09:19 497152 ----a-w- c:\windows\system32\drivers\afd.sys . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-07-27 09:41 1730256 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-07-27 09:41 1730256 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-07-27 09:41 1730256 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2014-03-18 6277912] "Spotify Web Helper"="c:\users\Carl Fredrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-05 1178168] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224] "Spotify"="c:\users\Carl Fredrik\AppData\Roaming\Spotify\spotify.exe" [2014-07-05 6162488] "uTorrent"="c:\users\Carl Fredrik\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-10 1329744] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-03-18 6277912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2014-08-13 4857256] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784] . c:\users\Carl Fredrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CCleaner.exe - Shortcut.lnk - c:\program files\CCleaner\CCleaner.exe [2014-3-18 4613912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys;c:\windows\syswow64\drivers\oahlp64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe;c:\program files (x86)\Online Armor\oasrv.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x] S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x] S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys;c:\windows\SysWow64\Drivers\OADriver.sys [x] S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys;c:\windows\SysWOW64\Drivers\OAmon.sys [x] S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe;c:\program files (x86)\Online Armor\OAcat.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x] S3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x] S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys;c:\windows\SYSNATIVE\DRIVERS\oanet.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-07-19 13:57 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe . Innehåll i mappen 'Schemalagda aktiviteter': . 2014-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16 11:59] . 2014-08-14 c:\windows\Tasks\CCleanerClean.job - c:\program files\CCleaner\CCleaner.exe [2014-03-18 18:57] . 2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29 14:50] . 2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29 14:50] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-07-27 09:45 2335960 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-07-27 09:45 2335960 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-07-27 09:45 2335960 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@OnlineArmor GUI"="c:\program files (x86)\Online Armor\oaui.exe" [2013-10-11 7558464] . ------- Extra genomsökning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105 Trusted Zone: bitdefender.com Trusted Zone: emisoft.com Trusted Zone: google.com Trusted Zone: google.com\mail Trusted Zone: opera.com\www Trusted Zone: youtube.com TCP: DhcpNameServer = 193.150.193.150 83.255.245.11 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . SafeBoot-CleanHlp SafeBoot-CleanHlp.sys AddRemove-Genie Timeline - c:\program files\Genie9\Genie Timeline\uninstall.exe . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2014-08-14 21:52:38 ComboFix-quarantined-files.txt 2014-08-14 19:52 ComboFix2.txt 2014-05-26 21:07 . Före genomsökningen: 1 381 785 464 832 bytes free Efter genomsökningen: 1 381 747 564 544 bytes free . - - End Of File - - A90D7ED62C11C0C43FF21A7B587B81F4 A36C5E4F47E84449FF07ED3517B43A31
  22. I still have some problems. I have a list which describes all my problems, the last of which I detected this morning, although it has happened before. - Sometimes, despite having no programs on the task manager, the screen freezes for a few seconds then resumes. - When this happens^ the mouse cursor icon changes to the "Text Select"-cursor or the "Vertical Select" cursor. - Sometimes when I sign on the desktop background picture is gone and it's all black. - Sometimes when I sign on, there is no internet access. - Sometimes when I have gone to start menu -> Shut off, the screen will go black but the computer will still be working and the lights will still be on, it won't shut off until I manually cut the power. Should I still go through with your instructions above? Edit: Typos