Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

still have issues, kapersky, maleware bytes,adobe cannot update


  • This topic is locked This topic is locked
18 replies to this topic

#1 sarge11

sarge11

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 27 July 2015 - 08:44 PM

Have had some wifi issues previous, It had switched from Avast to Kapersky internet security for antivirus protection and have been dealing with some issues with that software, high cpu issues, pages slow load etc. Issues have supposed to have been resolved with updated version of software. Ok now the issue at hand allowed Nephew to use my sons computer and after his visit kaperky will not update, also cannot update maleware bytes, cc cleaner, or spybot s&d . I checked on kapersky forum first for update issues and cleaned out all temp files, ran version of cccleaner on computer and cleaned out along with the registry, I did make a backup. tried to run adlice rogue killer but it would not run, ran KVRT It found one item {not a virus 2.agent.bxib} it was located in a softonic downloader for fear origin.exe, I then ran adlice rougue killer which did process though I am unable at this time to write down the results. can u all help me, windows 7 home prem

 

 

 

Ran frst as requested and am attaching files,

Attached Files


Edited by sarge11, 27 July 2015 - 09:02 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 AM

Posted 30 July 2015 - 09:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyUsers\S-1-5-21-318306028-1224638645-639042921-1007\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-318306028-1224638645-639042921-1005\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-318306028-1224638645-639042921-1000\User: Group Policy Restriction detected <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-318306028-1224638645-639042921-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\BOSS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-02-16]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-02-16]
CHR Extension: (Freemake Video Downloader) - C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-02-16]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-02-16]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
R4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Program Files (x86)\Freemake\
C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 sarge11

sarge11
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 30 July 2015 - 12:20 PM

ok I bit odd, running First from desktop, bring the file over save ass fixlist.txt. right click to run as admin and program starts and inside the box says an update is available, once it updates it says program ready to use, but now I have a folder with the olderversion and the new program that does not have the same Icon. try to run the new run and it says not a valid win 32 program ??????????



#4 sarge11

sarge11
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 30 July 2015 - 01:04 PM

ok tried more then once, the original version of program kept going deeper into the olderversion program, kept clicking on fix and it eventually stopped trying to update and run fix. copy of the fixlog follows

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015

Ran by BOSS at 2015-07-30 13:46:20 Run:1

Running from C:\Users\BOSS\Desktop\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion

Loaded Profiles: BOSS (Available Profiles: BOSS & WILLIAM & Guest)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

 

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

 

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

GroupPolicyUsers\S-1-5-21-318306028-1224638645-639042921-1007\User: Group Policy Restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-318306028-1224638645-639042921-1005\User: Group Policy Restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-318306028-1224638645-639042921-1000\User: Group Policy Restriction detected <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin HKU\S-1-5-21-318306028-1224638645-639042921-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\BOSS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com

FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-02-16]

FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com

FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-02-16]

CHR Extension: (Freemake Video Downloader) - C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-02-16]

CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-02-16]

S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

R4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

C:\Program Files (x86)\Freemake\

C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf

 

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully

HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-318306028-1224638645-639042921-1007\User => moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-318306028-1224638645-639042921-1005\User => moved successfully.

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-318306028-1224638645-639042921-1000\User => moved successfully.

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKU\S-1-5-21-318306028-1224638645-639042921-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => key removed successfully

C:\Users\BOSS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fmdownloader@gmail.com => value removed successfully

C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com => moved successfully.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com => value removed successfully

C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com => moved successfully.

C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf => moved successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf" => key removed successfully

C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx => moved successfully.

AODDriver4.2.0 => service removed successfully

EagleX64 => service removed successfully

esgiguard => service removed successfully

klkbdflt2 => service could not remove

xhunter1 => service removed successfully

C:\Program Files (x86)\Freemake => moved successfully.

"C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf" => File/Folder not found.

EmptyTemp: => 115.4 MB temporary data Removed.

 

 

The system needed a reboot..

 

==== End of Fixlog 13:47:24 ====



#5 sarge11

sarge11
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 30 July 2015 - 02:08 PM

no change though, KIS 2015 will not update, malwarebytes will not update, try and bring up a security web page and nothing happens



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 AM

Posted 31 July 2015 - 06:38 AM

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#7 sarge11

sarge11
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 31 July 2015 - 10:25 AM

as requested, only thing different was a popup that this program not intended for commercial use do u want to use yes or no, and after running popup fss file not found do u want to run another, but notepad had already popped up with the file

both files appeared to be the same

 

program run results as follows

 

 

Farbar Service Scanner Version: 26-07-2015

Ran by BOSS (administrator) on 31-07-2015 at 11:14:59

Running from "C:\Users\BOSS\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Policy:

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 AM

Posted 31 July 2015 - 12:19 PM


popup that this program not intended for commercial use do u want to use yes or no,

That is only a message from the program owner. Nothing to worry about.

===

Nothing suspicious on the last log.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#9 sarge11

sarge11
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 31 July 2015 - 04:41 PM

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by BOSS on Fri 07/31/2015 at 16:55:38.33.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\BOSS\Desktop\zoek.exe    [Scan all users] [Script inserted]

 

==== System Restore Info ======================

 

7/31/2015 4:58:31 PM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\AGEIA Technologies deleted successfully

C:\PROGRA~2\DOOM 3 deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~3\dbg deleted successfully

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\BOSS\AppData\Roaming\QuickScan deleted successfully

C:\Users\WILLIAM\AppData\Roaming\QuickScan deleted successfully

C:\Users\BOSS\AppData\Local\Adobe deleted successfully

C:\Users\BOSS\AppData\Local\EmieSiteList deleted successfully

C:\Users\BOSS\AppData\Local\EmieUserList deleted successfully

C:\Users\BOSS\AppData\Local\Research In Motion deleted successfully

C:\Users\Guest\AppData\Local\VirtualStore deleted successfully

C:\Users\WILLIAM\AppData\Local\EmieBrowserModeList deleted successfully

C:\Users\WILLIAM\AppData\Local\EmieSiteList deleted successfully

C:\Users\WILLIAM\AppData\Local\EmieUserList deleted successfully

C:\Users\WILLIAM\AppData\Local\Research In Motion deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-318306028-1224638645-639042921-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully

HKEY_USERS\S-1-5-21-318306028-1224638645-639042921-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\AGEIA Technologies not found

C:\PROGRA~2\DOOM 3 not found

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found

C:\PROGRA~3\DivX deleted

C:\Users\BOSS\.android deleted

C:\Users\WILLIAM\.android deleted

C:\install.exe deleted

C:\Users\WILLIAM\AppData\Roaming\WB.CFG deleted

C:\PROGRA~3\hash.dat deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\WILLIAM\AppData\Local\CrashRpt deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

C:\Windows\wininit.ini deleted

C:\windows\SysNative\GroupPolicy\Machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com" [07/27/2015 09:25 PM]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06/07/2013 01:35 PM]

 

==== Chromium Look ======================

 

Google Chrome Version: 43.0.2357.130

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/01/2015 11:17 AM]

 

Chrome Hotword Shared Module - BOSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Skype Click to Call - BOSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Freemake Video Downloader - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf

ShopAtHome.com - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc

Freemake Youtube Download Button - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

BeFrugal.com Add-On - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp

Chrome Hotword Shared Module - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Skype Click to Call - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Google Cast - WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd

Freemake Video Downloader - WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf

Freemake Youtube Download Button - WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

Stylish - WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe

AdBlock - WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Chrome Hotword Shared Module - WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Skype Click to Call - WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

 

==== Chromium Startpages ======================

 

C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Preferences

Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll","version":"1.3.21.123"},{"enabled":false,"name":"AVG SiteSafety plugin"},{"enabled":true,"name":"Adobe Flash Player"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Native Client"}],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://maps.google.com:80,http://maps.google.com:80":{"geolocation":1}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"default_content_settings":{},"exit_type":"Normal","exited_cleanly":true,"gaia_info_update_time":"13082753947156200","icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"selectfile":{"last_directory":"C:\\Users\\BOSS\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13036091394636000"},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Search Engines","Sessions","Apps","App settings","Extension settings","App Notifications","Encryption keys"],"app_notifications":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAARbwEdZgReEWrSXMXewBs+gAAAAACAAAAAAAQZgAAAAEAACAAAADu2oKhj0EAlu4Bbcq9wJ6oCAbs9o5ePwysR4Ncv2j+YQAAAAAOgAAAAAIAACAAAABgByRB5AhN/fX934Vw62CiBg6fHvgGFKNnfH5nRRCeDkAAAAB0Qfpm/v6d0O3H19f+JcZOwAKeBCGPWBllcgiFfZDgAJQENBpaox3OfbR0ZjyedmgAeaqCyD0XGO6ML8+2r4lmQAAAAMAuYqdiE3hX8JHRdgwqlVw5JAEjjfOb/hGoXlq9pwmBUuAb9tqxpM3kT1NEa+S17Mg9cRGBiCT1oW5n/bi74J8=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13055623128419000","has_auth_error":true,"has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAARbwEdZgReEWrSXMXewBs+gAAAAACAAAAAAAQZgAAAAEAACAAAAC9KNWiUy0mtmPoO2iPiCyZxUC0OX4GUM4TiE+Bbr11iwAAAAAOgAAAAAIAACAAAAAwLIL4jaAPXRNfnILb9Z+LUF/405oO1019WlI1z06ZFlAAAABND66EPQ2VPax67CWoB7EjaNQZQ2EmnwQRVZj/UobTxJsXTL5zzjbNwxXIVoL/zqdYzhekW0u/M+wxptKBkJFdt91f2PRPCNevetlYAUcAeUAAAAAR21W748IsU6HFCNEyYltPB5CcPJuNOuHWT5PUP+f4ww0uO/dQhk80qIpDR+nKUvLubWx3XXWVpO7qR35KEvNe","last_synced_time":"13082753953225200","managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncojNvRdSm2PvEqwojXh3qzg==","sessions":true,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1,"view_count":1},"translate_accepted_count":{"de":0,"es":1,"pl":1},"translate_blocked_languages":["en"],"translate_denied_count":{"de":2,"es":0,"pl":0},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}

32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"BILLIEB12@gmail.com","username":"BILLIEB12@gmail.com"}},"homepage":"http://www.google.com/","pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"5F1D7006C6D2D86D0801D1339F9E89770072B7D03A9AD452EF070B9D563FD247"},"default_search_provider":{"keyword":"444EAF55A3A8A5BA5D62F1938D586B3A8B072793CBF623FF835A6EB29507AAA6","name":"4BF09378E15D97BBC28778D55CDF6BEEB4BC239564D1727E4965F7503C986F8D","search_url":"D5BB0DA2D04992AE380CC88851C09DFF2D80613E1D74F5D8B5404430AEEE7230"},"default_search_provider_data":{"template_url_data":"E0B2B9420E38A0E63F00464EC4CB8CF7924C1A2D820CBD3DC98479477E00B07E"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"B6E057F52F848152A30264228A0D5B8C41A204AD64B60F28F6C274D8ED7EBCD5","bepbmhgboaologfdajaanbcjmnhjmhfn":"0A389A8F8A0AAB867831AE425A76660E5BE69891D73261AE4F229C78CFEFBC9D","dbhjdbfgekjfcfkkfjjmlmojhbllhbho":"1190E0F62EC36AE068E6CA5C177CDC78369E7AC39C2775198127D368CE8DE5CC","dnhpdliibojhegemfjheidglijccjfmc":"909088467659426430EE6A7FFCFD5DA88D7F680E270BB7F469AA1FF469C38819","eemcgdkfndhakfknompkggombfjjjeno":"2078892ED0A2E348C89ED3E02EFCC1096BF9EDD0F720A1FA40EA0EC94CD43DB3","ennkphjdgehloodpbhlhldgbnhmacadg":"BCC2D05E5652E516ACF8ADC2F43CED7B892B418573B05148278B179A2B6DC116","gfdkimpbcpahaombhbimeihdjnejgicl":"0B3E42FB9A85FECFAB6490CC82442185F460545F72361D6203BAA4361AEB2C68","kmendfapggjehodndflmmgagdbamhnfd":"7071B43B37ED2FD62825D7241AD7864ED91776D347B31D5F2C65D17DF6BFCDE4","lccekmodgklaepjeofjdjpbminllajkg":"9E0C183285437AA2B4D1238D90476325115697043D050F5B22FEDDC35185CCAC","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"07B714455EF1BE606DE70F0EC0B0C969110161F0243F26718460E4CF4D8895C0","mfehgcgbbipciphmccgaenjidiccnmng":"06E20AF25B6C981B073DCF5E6693453E363EB1504249C66BA122648E8E1FB5F5","mgndgikekgjfcpckkfioiadnlibdjbkf":"9410D1228DF17ED5B83A75841044E7314A58AF1080D37CB8EEA3767D0D1955C7","mhjfbmdgcfjbbpaeojofohoefgiehjai":"65112531556F1457557BFFA737F44A09E0A96BA472709C7E801A1B7E92B92FE8","nbpagnldghgfoolbancepceaanlmhfmd":"EAF4B9713A81E1954F6510A38EB196B60C20C2ADB79052D99462D151511ED228","neajdppkdcdipfabeoofebfddakdcjhd":"6ECAE4CB3BE150011EAD5861FFF9009A1D508E398B0302DA8C5EF8752F112DD9","nkeimhogjdpnpccoofpliimaahmaaome":"D674E3798ADA9B523443140D357A2097889C9F86FE0F3F08CFB274A2F78BC342","nmmhkkegccagdldgiimedpiccmgmieda":"5257E3A50A8B4A3458AE23DEB69141370FAE6C4544E63EA8A404F4D3C5D524EF","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"E36FFE40DDE32CD713F9BAF7F563514BE8D1FC2F073AC9F8419E91F4F048CEE2"}},"google":{"services":{"last_username":"D393B5CD3FBF452684AF9052CB88260F2533A2B800BC193D5B701E2170BEE361","username":"73D24ABE1F0BDB1FA7DCF172D9D76B038B9AE776CF369A85C483CCA06F3A5605"}},"homepage":"EB29F559B5E6EEE0ED80242D5AB61B40BB0019825EF6A931B8D0DAD9D904632A","homepage_is_newtabpage":"384F12C7BCB902BD52782613611C9D209638E0CA1383E9AF9B6E0A9A233D7912","pinned_tabs":"E46EC59073ADA7B697826995F231ADC2BE7C50A653327EEE77F85618C5FD6473","prefs":{"preference_reset_time":"4286B94940238F3F4DA60788FEDF6BF2C2C77651720CC879DA7BFF337E676A6D"},"profile":{"reset_prompt_memento":"D9872E0DF66862514865AC1B89BC433F2051F2EA95C3A48729011FCF8336DC6B"},"safebrowsing":{"incidents_sent":"79AF7981F98D6A6B6C5D7857D68D66FD0AE57CC2A1C9CF9E12C1D84080AE64F4"},"search_provider_overrides":"1B9B59FCAE58798F640137684CE9427D7CC09FFD0676EB39E32241A8AE1960F0","session":{"restore_on_startup":"6ECFB8D30BEA1A6CD20705BB19F4B28088279176E29141C1D0A8467AE713099E","startup_urls":"B54661C823C4033B9606536B81290732C002B8B2115F5A9C1BB0CE5328B0C7AB"},"software_reporter":{"prompt_reason":"D0822185ABE7A8C266AC79EC2C41198EADC07227E389DC5EDDBC77474517C667","prompt_seed":"FB7587AD6FBC29358B54BDC6B7A1AA72101CD66B9C95F182E1FB020767913B1A","prompt_version":"CCC4FB3E280F596576EFBB608C63AC57B74FF4218D6F12EE00996D5A73518AEA"},"sync":{"remaining_rollback_tries":"42ECF682986933A9C0746D9758E64361F3700F0B1D65D287FE7FA97E4D09ECA1"}},"super_mac":"2B8980EBA2D6F0942D595A445683DF1D7886A4DED22F54462422964CAB9A83C4"},"session":{"startup_urls":["http://www.google.com/"]},"sync":{"remaining_rollback_tries":0}}

 

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences

url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13082141124466000","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Default Profile","per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13080424039825800"},"signin":{"signedin_time":"13080424122460600"},"sync":{"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAr5UE7AW1gUqIm4RpkXy/EQAAAAACAAAAAAAQZgAAAAEAACAAAAB88cXN6/ZT94B+8BZe3Di5cnkpXeOyW47IIdHFAd2frQAAAAAOgAAAAAIAACAAAAAjCYHev+gaTJYkc7Eh7OvGcpC3nCQ0qlwvpMrKoEqgtUAAAADno6Q7+hwLoWNs4tRrYSYg65MRJNffjWbWTxCx32htnmVU/+rJH7zmioPHr3bOw2ltFRC/mWP5c1CN5TN9VVkMQAAAAOFDgKTv7vj7fib66yKlpqjlUl3fQ54TeQhFYpUViSY6ZVP0Aa0qDcTioewRW7LKw0LPU3NLgqhReC029p4foHg=","first_sync_time":"13080424122746600","has_setup_completed":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAr5UE7AW1gUqIm4RpkXy/EQAAAAACAAAAAAAQZgAAAAEAACAAAABKqAGGvNdqvfEl+FWzrg4V1t4Yg3WUonaPblvNsjglvgAAAAAOgAAAAAIAACAAAABO10dEURPboFqthwF2ONWqCmht0U51dhwwXBgsbupb0FAAAABE5eEIOfbB8bXmH+iljAymf/Y8JArASkkBO70epC0A/1fapWNT9TLE3vxnR4Q2gWAqpAr1uVTVS85Z3OpcJiJwpYwQEiW/8gakFpr+w0rJxEAAAACLPLxkZunikbbmERDmOnuhmvKAh9zIVg7y8Bz9JTq6GqPg6J9rCUBwbvtpqS9oyXILRZ0FSnzFyACaFv+RejN2","last_synced_time":"13082141416300000","session_sync_guid":"session_syncwzWd30h6nbKEOkMgxkQzYQ==","suppress_start":false},"sync_promo":{"startup_count":1},"translate_accepted_count":{"de":1,"es":0,"fi":0,"fr":0,"nl":0,"pl":0},"translate_blocked_languages":["en","es"],"translate_denied_count":{"de":0,"es":1,"fi":1,"fr":1,"nl":1,"pl":1},"translate_too_often_denied":true,"translate_whitelists":{}}

C2B87107F8B08DD4005679AD4BF6219D55768BF043C4D4F23ADBBA9F57B","dlmebkoiahbppacaicbgncnjhbpdfkcc":"1CB1FE9BB747BEF5DF6081C98F12366B9CF07FCA45054C3D9BCBF9DDE45B8280","eemcgdkfndhakfknompkggombfjjjeno":"C82964F2DBFEEF17BE4AB9ED0EFA24E7325AF7518CBA89D8A3AEA0AAD3EB0F57","ehgldbbpchgpcfagfpfjgoomddhccfgh":"78F12938BE5B8F533EDC31CD5C4680CA798D92672F75B12A9E0F9E5D546D557F","ennkphjdgehloodpbhlhldgbnhmacadg":"FEEFE856497FB5039AE4A48C85A2E221C57F9C5459F489779A986D9FACE08172","felcaaldnbdncclmgdcncolpebgiejap":"50B374C543B48ED4AC7E46297A2BE7D3AD82EF9B28318FD2EE4F99FF7D002F29","gfdkimpbcpahaombhbimeihdjnejgicl":"435AD3048E08A5E1B76559E6DE2F9728B883A9EA9679BA8554301DB6BF6AC311","gpljpgkbcdgokloimcnjlpomliallcdo":"D22D917289F12200E89527D589C37ECB219DFC35454DF52F0B51EE811BC9A30F","kcdcneeneoifbeenbbnjodcflhdbaggp":"771E4FC870000FB85146934563C98083432AA65B69E4CEFB41E3763246D32332","kmendfapggjehodndflmmgagdbamhnfd":"A1B8AA1AAD48FD4B1B5293B28F93CACB024E32EC02657024975DD6E4A3DE834D","lccekmodgklaepjeofjdjpbminllajkg":"233DC7C9854EBD15291F48A16D590C0DD8A6B8ABF7BF1F400CF635E163CB3976","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"B1A446AA0DDBBFB016E826CC74780721B45846CACC9E1F2AD69BD53BDD15725C","mfehgcgbbipciphmccgaenjidiccnmng":"C1E7C5E34B1D0C498F4E492EED7D6C93E515663789DE9415F02E4CD7193B4044","mfffpogegjflfpflabcdkioaeobkgjik":"0A98661B35631F904C266F5117A15999136874236FB3A8D9B40F4A6E0B61A353","mgdcgnnjenhecpdnhpnhpmgndjenmnnk":"EEDA3E02330A9F30847E4EBAF67AB5F4972D68D24BDC6BF1E6ADA07007AA8756","mgndgikekgjfcpckkfioiadnlibdjbkf":"EAD9037EA9E3FFC96F2D03D36EA1D7AAC640FD84264AEA3876D5905A3BA94839","mhjfbmdgcfjbbpaeojofohoefgiehjai":"7885E2109AAF5F3BF7584EE5F0B6AB088CE35694CFD04ADDD57526EF0EA81E7B","mmffncokckfccddfenhkhnllmlobdahm":"7302CCD6EA91DEA41D217E13ECA8080D99568223D6759E4500FE385BA17D9D53","nbpagnldghgfoolbancepceaanlmhfmd":"C67B7EB4D6B931C698C0C0C544F043703AE34871A636A7FDDE40A6F923E34883","neajdppkdcdipfabeoofebfddakdcjhd":"9D9459B2D289B4D88B9512075B6283526FFBB9B2943D5B812A46918564379065","nkeimhogjdpnpccoofpliimaahmaaome":"52FD77564F8376989820619E31939F24898567F1AB6F458861B94438810156C6","nmmhkkegccagdldgiimedpiccmgmieda":"7E3C0FA7E90362D7471D60ED148F4B7F25DDCD48A5374882CA44FEE36933623B","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"320D6A881C4F7306C9908F4049B10D6FB02CC29AD57C7919C45C9B17B18DD79B","pjkljhegncpnkpknbcohdijeoejaedia":"FA2F20D19ACB24F0455E32EB6F6EBEC0CA6190022D9755BE9675CDBC570FA3FD","pnhjnmacgahapmnnifmneapinilajfol":"8883D4F4980CB53A0379918BB379857F7E35CC1AC8030C6861F0989483231F48"}},"google":{"services":{"last_username":"08020BB3D1B93D3953914E2B016380AEB00764F6F1850B7CB484A85E3C6D447A","username":"2128F707743557875AC64D2742D1C97AAEF4CAD4C8C0E6F3E7348BDD0B01A892"}},"homepage":"17FC2317617B576AA3AF04EB3496F6B713D1CDEFED2511DA374303C6B310FC56","homepage_is_newtabpage":"37373351DE2049EBADE58D0482CE2F6B0F06711C788A750E5D65A9864F34532D","pinned_tabs":"E46EC59073ADA7B697826995F231ADC2BE7C50A653327EEE77F85618C5FD6473","prefs":{"preference_reset_time":"4286B94940238F3F4DA60788FEDF6BF2C2C77651720CC879DA7BFF337E676A6D"},"profile":{"reset_prompt_memento":"D9872E0DF66862514865AC1B89BC433F2051F2EA95C3A48729011FCF8336DC6B"},"safebrowsing":{"incidents_sent":"79AF7981F98D6A6B6C5D7857D68D66FD0AE57CC2A1C9CF9E12C1D84080AE64F4"},"search_provider_overrides":"1B9B59FCAE58798F640137684CE9427D7CC09FFD0676EB39E32241A8AE1960F0","session":{"restore_on_startup":"5EECEB4FD98D70A9E74AF10E0FA597DE2C5CCB24D95FECC87FC28F75CF7981F3","startup_urls":"8C66C66B47F7AA94B31418080DB39A4E7CDFAC2E997F85DF5557D57858D7C783"},"software_reporter":{"prompt_reason":"D0822185ABE7A8C266AC79EC2C41198EADC07227E389DC5EDDBC77474517C667","prompt_seed":"FB7587AD6FBC29358B54BDC6B7A1AA72101CD66B9C95F182E1FB020767913B1A","prompt_version":"CCC4FB3E280F596576EFBB608C63AC57B74FF4218D6F12EE00996D5A73518AEA"},"sync":{"remaining_rollback_tries":"42ECF682986933A9C0746D9758E64361F3700F0B1D65D287FE7FA97E4D09ECA1"}},"super_mac":"1234C6EAFFA44FD92F4215B39162416291A335678AC14F57024827F66A27FFEA"},"session":{"restore_on_startup":4,"startup_urls":["http://www.yahoo.com/"]},"sync":{"remaining_rollback_tries":0}}

 

C:\Users\WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Preferences

ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"settings":{"4":100}},"ssl.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":58678},"settings":{"4":100,"5":34,"6":4},"supports_spdy":true},"stats.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":41268},"settings":{"4":100}},"stats.g.doubleclick.net:80":{"alternative_service":[{"port":80,"probability":0.02,"protocol_str":"quic"}]},"talkgadget.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":286568},"supports_spdy":true},"themes.googleusercontent.com:80":{"network_stats":{"srtt":43578}},"video.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":32613}},"www.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":29837},"settings":{"4":100}},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":27570}},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":298326},"settings":{"4":100,"5":56,"6":20}},"www.googleadservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":70359}},"www.googleadservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":35875}},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":97779}},"www.googletagmanager.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.googletagmanager.com:80":{"alternative_service":[{"port":80,"probability":0.02,"protocol_str":"quic"}]},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":0.02,"protocol_str":"quic"}]},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":122138},"settings":{"4":100,"5":58,"6":0},"supports_spdy":true},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"settings":{"4":100}},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.02,"protocol_str":"quic"}]}},"supports_quic":{"address":"::ffff:2601:902","used_quic":true},"version":3}},"ntp":{"app_page_names":["Apps"],"most_visited_blacklist":{"099f731bd36568bc2d911326b2de2408":null,"1a025e7715ffca85805205f9606f1ba3":null,"25ced5084fbc9e9ba93fc856c17b84e4":null,"28a52e57644d25739bb0f47829dc250a":null,"2e48375928af60143aa8b0964d3333d1":null,"334aee45773c058690a763bc4b101280":null,"6275a4596668dd69f1b2576e8d7e6791":null,"659a99a73dbb3f88e6b569ffb3ab2cd4":null,"68bf95053856f6e31b19f1cdb59005e6":null,"6b8e21d71c1bcd34ceb1c6be0437b3a8":null,"77c3ea4fbb0e9e62cf45eb934325da8e":null,"8e4213515a5efbc398545aefc243a90f":null,"92ce552f14996363363894938dab2f00":null,"9b2e7c1e36d25cb681a209270605c97f":null,"ab285a8fe1556015559ba475abcaa28e":null,"b996b637d9094ab041d69b28bf940b7a":null,"d52474e201c66b421ba03dd5078a00c2":null,"d642fb642686af0c511c473ad076edff":null,"eb26639fe3b3ed6f4173a82c9926d91b":null}},"partition":{"per_host_zoom_levels":{"2166136261":{"www.omegle.com":-0.5778829311823857}}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://[*.]www.youtube.com:443,*":{"fullscreen":1}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\WILLIAM\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\WILLIAM\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13050550702815600"},"translate_accepted_count":{"ar":0,"pl":0},"translate_blocked_languages":["en"],"translate_denied_count":{"ar":1,"pl":1},"translate_whitelists":{}}

:["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\36.0.1985.125\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"36FDA4F3467D5B48BB5BE28830D49F21216C57D0C046FB426B7E7F41E0567789"},"default_search_provider":{"keyword":"444EAF55A3A8A5BA5D62F1938D586B3A8B072793CBF623FF835A6EB29507AAA6","name":"4BF09378E15D97BBC28778D55CDF6BEEB4BC239564D1727E4965F7503C986F8D","search_url":"D5BB0DA2D04992AE380CC88851C09DFF2D80613E1D74F5D8B5404430AEEE7230"},"default_search_provider_data":{"template_url_data":"E0B2B9420E38A0E63F00464EC4CB8CF7924C1A2D820CBD3DC98479477E00B07E"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"5C69D25C60B6EB3054A745B4F83026B96264B76946C91B479278B6F5DBFEF3C9","bepbmhgboaologfdajaanbcjmnhjmhfn":"0A389A8F8A0AAB867831AE425A76660E5BE69891D73261AE4F229C78CFEFBC9D","boadgeojelhgndaghljhdicfkmllpafd":"9A19B273D9414AFE76FDB8986A03EBB01B223CC77EC7A4DBC590959C8FAA0CD8","bpegkgagfojjbcpkihigfmkojdmmimdf":"59D483BAA09F8CC86769FE73E0DFF78B57601F1FD1C8929AF1C3E3113FA46DF6","dbhjdbfgekjfcfkkfjjmlmojhbllhbho":"9F10090224A67A8A37241EBC1B3DC9B2D88B887CBF4C5F3B78637BB3533815D2","dnhpdliibojhegemfjheidglijccjfmc":"4460E74C9454F9C32F82C5E9D7B4685CFE34E5D618674F346E64184B2ED984E1","eemcgdkfndhakfknompkggombfjjjeno":"A3ABFF13687B3FE43E823972C95EE354042F27F2ACA065BE1F084D6BAA5A55CB","ehgldbbpchgpcfagfpfjgoomddhccfgh":"80CD010B8216F55ECCC940250E1849B8A3CA25D3B37FD0805CCE4302EA34D9B3","ennkphjdgehloodpbhlhldgbnhmacadg":"44EEA908E53EBB0496420E302D1E0D2EB2F021BF9ADB7EB4F5F98EB8D49233E4","fjnbnpbmkenffdnngjfgmeleoegfcffe":"41F6457AE3BFEAE67D13E7490462148019523EFAFFB33750078D73469354D32C","gfdkimpbcpahaombhbimeihdjnejgicl":"E820F4FC78B0F2BE59D254C3A0996709D5CE9813BD8F20AAD58389166118A60C","gighmmpiobklfepjocnamgkkbiglidom":"C159788A31E28C573B153038B2AB08717165674822B9C5E83F9CF37070958597","gomekmidlodglbbmalcneegieacbdmki":"BEAA1522D6A4A043B1FEB603A69008E059CBD526F1A6DC86E14B4E9EEB78F969","kmendfapggjehodndflmmgagdbamhnfd":"9D48E47BF12C528BECECB854809A0D8FB9B30C2E22D713FF4C8F30D1368E97F3","lccekmodgklaepjeofjdjpbminllajkg":"A875442F8E783979243E1A77D1137E2E2615F47B83C30AFF84510EDBEAC032BA","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"AD0F96E5B48095DE27AB400EFE0CE102D160EF23939BB466B54E56467B668A32","mfehgcgbbipciphmccgaenjidiccnmng":"AAA3BAFD27F7811B83E40EF8A3D99DBF038A9B5C4454283B58C84BF0B8DFAF32","mgndgikekgjfcpckkfioiadnlibdjbkf":"61ABFB9DB380205A5F11B52089E1802ED68D8532DF7F96DBDD7ACDF078C939FB","mhjfbmdgcfjbbpaeojofohoefgiehjai":"EF12BE39F5BD1E2EEBAD14AFF08399CC067CB58691875E7E5DBCB9ECA4DA045D","nbpagnldghgfoolbancepceaanlmhfmd":"62ABA263CB544171677D527665C7C3806EE53EFEB443956538E8A001A794E809","neajdppkdcdipfabeoofebfddakdcjhd":"9237847EDBA4032430BEB550461CED2A9558207417EA1BC75C69B819AFD0DFD6","nkeimhogjdpnpccoofpliimaahmaaome":"E8FCDFAB3BA1297BD88687A016B03F27828EF8D02863DA4464788D764D82F505","nmmhkkegccagdldgiimedpiccmgmieda":"CC72F15C188E7C177BE90D52A467DEE6B4F834EFDAA7AA803F726DF403CE51CC","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"2A8C4767D3FC592CD96C99A10259BBB590008FF1ACA0E90881AF6FF9E2783DD3"}},"google":{"services":{"last_username":"9129CE4536F95226481E2EA86A6C9187BCCA5B6DF62EC9BAE1760FAE89DDBB8D","username":"EA256B62AB12374F58BE185B08F54E7B3333845D3F6515E5E7E4B5993BC6A2B8"}},"homepage":"7C0B9C70C66D504BE95009F1DE9B66BD48794AEF7A571CEAA213CB576532C30A","homepage_is_newtabpage":"384F12C7BCB902BD52782613611C9D209638E0CA1383E9AF9B6E0A9A233D7912","pinned_tabs":"E46EC59073ADA7B697826995F231ADC2BE7C50A653327EEE77F85618C5FD6473","prefs":{"preference_reset_time":"4286B94940238F3F4DA60788FEDF6BF2C2C77651720CC879DA7BFF337E676A6D"},"profile":{"reset_prompt_memento":"D9872E0DF66862514865AC1B89BC433F2051F2EA95C3A48729011FCF8336DC6B"},"safebrowsing":{"incidents_sent":"79AF7981F98D6A6B6C5D7857D68D66FD0AE57CC2A1C9CF9E12C1D84080AE64F4"},"search_provider_overrides":"1B9B59FCAE58798F640137684CE9427D7CC09FFD0676EB39E32241A8AE1960F0","session":{"restore_on_startup":"6ECFB8D30BEA1A6CD20705BB19F4B28088279176E29141C1D0A8467AE713099E","startup_urls":"5758E5EC40C8B4AA447C988E0EF25139E6B5CD85DCE73EDD172FD44611252527"},"software_reporter":{"prompt_reason":"D0822185ABE7A8C266AC79EC2C41198EADC07227E389DC5EDDBC77474517C667","prompt_seed":"FB7587AD6FBC29358B54BDC6B7A1AA72101CD66B9C95F182E1FB020767913B1A","prompt_version":"CCC4FB3E280F596576EFBB608C63AC57B74FF4218D6F12EE00996D5A73518AEA"},"sync":{"remaining_rollback_tries":"42ECF682986933A9C0746D9758E64361F3700F0B1D65D287FE7FA97E4D09ECA1"}},"super_mac":"DF42F745AC7C15E5B88F8917143BEE37C1BF1D6F5D63F98E2B3B9A918318133C"},"sync":{"remaining_rollback_tries":0}}

 

 

==== Chromium Fix ======================

 

C:\Users\WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.darklyrics.com_0.localstorage deleted successfully

C:\Users\WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage deleted successfully

C:\Users\WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.plyrics.com_0.localstorage deleted successfully

C:\Users\WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully

C:\Users\WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully

C:\Users\WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\BOSS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\WILLIAM\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

No Flash Cache Found

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=124 folders=36 355197216 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\BOSS\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Guest\AppData\Local\Temp emptied successfully

C:\Users\WILLIAM\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\BOSS\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Fri 07/31/2015 at 17:26:28.67 ======================

 

 

still unable to update, kapersky,malware bytes, flash player, all are connection errors, do you think something is still active virus,  malware



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 AM

Posted 01 August 2015 - 08:06 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

AlternateDataStreams: C:\Users\BOSS\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\AionInstaller (1).exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\AionInstaller.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\amd_catalyst_13.10_beta.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\ApplicationCompatibilityToolkitSetup.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\Battlefield_4_Downloader.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\battlelog-web-plugins_2.3.2_130.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\battlelog-web-plugins_2.3.2_131 (1).exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\battlelog-web-plugins_2.3.2_131.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\chromeinstall-7u21.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\dfsetup215.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\DPT_setup.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\FreemakeVideoDownloaderSetup (1).exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\FreemakeVideoDownloaderSetup.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\FTB_Launcher.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\InstallIMVU_493.0_st.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\InstallWizard101.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\jdk-7u45-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.6.2.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.6.4.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.7.2 (1).exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.7.2.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.7.4.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.7.5.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\npp.6.5.3.Installer.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\OriginThinSetup.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\pcsx2-0.9.8-installer.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\Silverlight (1).exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\Silverlight (2).exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\Titanium_Studio.exe:BDU
AlternateDataStreams: C:\Users\WILLIAM\Downloads\ventrilo-3.0.8-Windows-x64.exe:BDU

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persist please let me know which browser you are using to get these updates.

If you get any error message when trying to update please post the exact message for my review.

#11 sarge11

sarge11
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 01 August 2015 - 10:19 AM

I am using the specific programs to run the update, not through a browser,  I was going to try to run the updates on the other users account??. anyhow as requested ran frst and clicked fix once, It again searched for an update and after updating indicated that it was updated and ready for use. The icon for the program had changed and there was another folder with older version. I went into the older version and there was the original FRST Program, pasted the log there ran the program it to started to update but I pushed the scan button multiple times, the program stopped responding then ran the fixlist txt. results as follows

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015

Ran by BOSS at 2015-08-01 11:04:14 Run:2

Running from C:\Users\BOSS\Desktop\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion

Loaded Profiles: BOSS (Available Profiles: BOSS & WILLIAM & Guest)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

 

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

 

AlternateDataStreams: C:\Users\BOSS\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\AionInstaller (1).exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\AionInstaller.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\amd_catalyst_13.10_beta.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\ApplicationCompatibilityToolkitSetup.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\Battlefield_4_Downloader.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\battlelog-web-plugins_2.3.2_130.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\battlelog-web-plugins_2.3.2_131 (1).exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\battlelog-web-plugins_2.3.2_131.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\chromeinstall-7u21.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\dfsetup215.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\DPT_setup.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\FreemakeVideoDownloaderSetup (1).exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\FreemakeVideoDownloaderSetup.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\FTB_Launcher.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\InstallIMVU_493.0_st.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\InstallWizard101.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\jdk-7u45-windows-x64.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\Minecraft.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.6.2.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.6.4.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.7.2 (1).exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.7.2.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.7.4.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\minecraft_server.1.7.5.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\npp.6.5.3.Installer.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\OriginThinSetup.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\pcsx2-0.9.8-installer.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\Silverlight (1).exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\Silverlight (2).exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\Titanium_Studio.exe:BDU

AlternateDataStreams: C:\Users\WILLIAM\Downloads\ventrilo-3.0.8-Windows-x64.exe:BDU

 

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

C:\Users\BOSS\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\AionInstaller (1).exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\AionInstaller.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\amd_catalyst_13.10_beta.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\ApplicationCompatibilityToolkitSetup.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\Battlefield_4_Downloader.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\battlelog-web-plugins_2.3.2_130.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\battlelog-web-plugins_2.3.2_131 (1).exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\battlelog-web-plugins_2.3.2_131.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\chromeinstall-7u21.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\dfsetup215.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\DPT_setup.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\FreemakeVideoDownloaderSetup (1).exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\FreemakeVideoDownloaderSetup.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\FTB_Launcher.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\InstallIMVU_493.0_st.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\InstallWizard101.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\jdk-7u45-windows-x64.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\Minecraft.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\minecraft_server.1.6.2.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\minecraft_server.1.6.4.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\minecraft_server.1.7.2 (1).exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\minecraft_server.1.7.2.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\minecraft_server.1.7.4.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\minecraft_server.1.7.5.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\npp.6.5.3.Installer.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\OriginThinSetup.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\pcsx2-0.9.8-installer.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\Silverlight (1).exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\Silverlight (2).exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\Titanium_Studio.exe => ":BDU" ADS removed successfully.

C:\Users\WILLIAM\Downloads\ventrilo-3.0.8-Windows-x64.exe => ":BDU" ADS removed successfully.

EmptyTemp: => 28 MB temporary data Removed.

 

 

The system needed a reboot..

 

==== End of Fixlog 11:04:52 ====



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:38 AM

Posted 01 August 2015 - 10:52 AM

We do not need the Farbar tool for now.

Delete all the folders/versions associated with it.

When all is well we can try to download it and run the application.

===

Do the steps 1 to 4 recommended on this Kaspersky page.

For 5 just download and run the Kaspersky Virus Removal Tool 2011

http://support.kaspersky.com/9915

Keep me posted.

#13 sarge11

sarge11
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 01 August 2015 - 12:44 PM

quick post this specific virus removal tool 2011??? is that date or a for 2011 or no?



#14 sarge11

sarge11
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 01 August 2015 - 12:55 PM

disregard previos post its the most recent kvrt, change parameters at all????



#15 sarge11

sarge11
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:10:38 AM

Posted 02 August 2015 - 11:09 AM

ok ran KVRT both ways the first time as it was installed no results, the second time I included the system drive which scan took much longer. that also did not find anything. Odd thing though when I started that computer this am, once the desktop came up black popup that kvrt was running a cleanup script????. I checked the reports doesn't give any info what it was doing or cleaning???

 

also noticed that there is a license problem showing, I know its good just got this in april, should I uninstall and reinstall, or is this legit or the work of malware????


Edited by sarge11, 02 August 2015 - 11:36 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users