Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing popups and Browser redirects


  • This topic is locked This topic is locked
17 replies to this topic

#1 nash_holt

nash_holt

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 19 March 2016 - 05:39 PM

When I open my Browser, all is fine. No popups. But every once in a while I get hit with popups, and they hit hard. I can never get the names of the programs running them but it is most likely more than one. The popups are even in my steam store page and my AVG messages. Ive uninstalled everything that looked suspicious and went through many of my program files but with no luck please help

 

pScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by nashc_000 (administrator) on NASH (19-03-2016 17:30:48)
Running from C:\Users\nashc_000\Downloads
Loaded Profiles: nashc_000 (Available Profiles: nashc_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Spotify Ltd) C:\Users\nashc_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\nashc_000\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-18] (AVAST Software)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2875464 2016-03-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\Run: [Spotify Web Helper] => C:\Users\nashc_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-03-18] (Spotify Ltd)
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1345288 2015-08-17] (Bogdan Sharkov)
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\Run: [GoogleChromeAutoLaunch_F59B72EA7A9007A0136D438A4918B679] => C:\Users\nashc_000\AppData\Local\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.)
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\Run: [MyComGames] => C:\Users\nashc_000\AppData\Local\MyComGames\MyComGames.exe [4844912 2016-03-14] (MY.COM B.V.)
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\Run: [Google Update] => C:\Users\nashc_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-03-07] (Google Inc.)
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\MountPoints2: F - "F:\BlacklistAutoRun.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-07] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49410;https=127.0.0.1:49410
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\Parameters: [NameServer] 82.163.142.70 95.211.158.149
Tcpip\..\Interfaces\{099DF90D-863E-4114-B6FD-04A59D50423A}: [NameServer] 82.163.142.70 95.211.158.149
Tcpip\..\Interfaces\{099DF90D-863E-4114-B6FD-04A59D50423A}: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{5B6CE101-8106-4DC4-AAB5-7F0EACBB103B}: [NameServer] 82.163.142.70 95.211.158.149
Tcpip\..\Interfaces\{5B6CE101-8106-4DC4-AAB5-7F0EACBB103B}: [DhcpNameServer] 82.163.142.70
Tcpip\..\Interfaces\{CA23C54C-0775-4CE5-B945-06C8BE5F4AAD}: [NameServer] 82.163.142.70 95.211.158.149
Tcpip\..\Interfaces\{ED6F0B02-405F-4701-B6FC-9D3603F42A53}: [NameServer] 82.163.142.70 95.211.158.149
Tcpip\..\Interfaces\{ED6F0B02-405F-4701-B6FC-9D3603F42A53}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBeQwNWQ4QFBgXcV9eTA0QEVQOeFwAVxQSFAUSIloBUA5CQFMFIk0FA1ADB0VXfVBdFElXTwhkJVR/E1gT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={E3422AF3-E93E-42D1-8557-BDECBC04EE76}&mid=f6f2f30d22c947cca0b9a59d735dd472-cd8d2dd20e5e1f7c00c9c0d519c5581c9dbcec28&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-17 23:03:15&v=4.2.8.608&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> OldSearch URL = 
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E3422AF3-E93E-42D1-8557-BDECBC04EE76}&mid=f6f2f30d22c947cca0b9a59d735dd472-cd8d2dd20e5e1f7c00c9c0d519c5581c9dbcec28&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-17 23:03:15&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-07] (AVAST Software)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll [2016-03-17] (AVG)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-03-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-07] (AVAST Software)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll [2016-03-17] (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-03-18] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.8\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-03-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-03-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-1091138052-1691735502-2221781494-1001: @my.com/Games -> C:\Users\nashc_000\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-30] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-1091138052-1691735502-2221781494-1001: @nsroblox.roblox.com/launcher -> C:\Users\nashc_000\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1091138052-1691735502-2221781494-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\nashc_000\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1091138052-1691735502-2221781494-1001: @tools.google.com/Google Update;version=3 -> C:\Users\nashc_000\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1091138052-1691735502-2221781494-1001: @tools.google.com/Google Update;version=9 -> C:\Users\nashc_000\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome: 
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=ME9C9BCCD-FE03-4501-8590-36440E0253EC&SearchSource=55&CUI=&UM=8&UP=SP503CACB7-BCE1-487D-A867-EF361A968919&SSPV="
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-06]
CHR Extension: (YouTube) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-06]
CHR Extension: (Adblock Plus) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-13]
CHR Extension: (AVG Secure Search) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-03-17]
CHR Extension: (Google Search) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-06]
CHR Extension: (Avast Online Security) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-13]
CHR Extension: (Lone Tree) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2016-03-06]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2016-03-07]
CHR Extension: (Skype) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-07]
CHR Extension: (Gmail) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-06]
CHR HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-07] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1580352 2016-03-02] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-11] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2015-01-03] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
R3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [835152 2016-03-10] (Valve Corporation) [File not signed]
R2 vToolbarUpdater40.2.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe [1957448 2016-03-17] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1216584 2016-03-17] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-07] (AVAST Software)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2961112 2013-12-20] (Realtek Semiconductor Corporation                           )
S3 SaiH075C; C:\Windows\system32\DRIVERS\SaiH075C.sys [326784 2006-07-27] (Saitek) [File not signed]
R3 SaiK075C; C:\Windows\System32\drivers\SaiK075C.sys [181024 2013-04-30] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-19 17:23 - 2016-03-19 17:24 - 00083788 _____ C:\Users\nashc_000\Downloads\Addition.txt
2016-03-19 17:21 - 2016-03-19 17:30 - 00027652 _____ C:\Users\nashc_000\Downloads\FRST.txt
2016-03-19 17:21 - 2016-03-19 17:30 - 00000000 ____D C:\FRST
2016-03-19 17:20 - 2016-03-19 17:20 - 02374144 _____ (Farbar) C:\Users\nashc_000\Downloads\FRST64.exe
2016-03-17 23:03 - 2016-03-17 23:03 - 00000000 ____D C:\Users\nashc_000\AppData\Local\AVG Web TuneUp
2016-03-17 23:03 - 2016-03-17 23:03 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-03-17 23:03 - 2016-03-17 23:03 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2016-03-17 23:03 - 2016-03-17 23:03 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-03-17 23:03 - 2016-03-17 23:03 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2016-03-17 23:03 - 2016-03-17 23:03 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-03-17 23:03 - 2016-03-17 23:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-17 23:02 - 2016-03-17 23:03 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-03-17 22:50 - 2016-03-17 22:50 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\AVG
2016-03-17 22:48 - 2016-03-17 22:48 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\TuneUp Software
2016-03-17 22:48 - 2016-03-17 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-03-17 22:47 - 2016-03-17 22:47 - 00000000 ___HD C:\$AVG
2016-03-17 22:40 - 2016-03-18 22:48 - 00000000 ____D C:\ProgramData\MFAData
2016-03-17 22:40 - 2016-03-17 22:40 - 00000000 ____D C:\Users\nashc_000\AppData\Local\MFAData
2016-03-17 22:39 - 2016-03-17 22:39 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-03-17 22:39 - 2016-03-17 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-03-17 22:36 - 2016-03-17 22:47 - 00000000 ____D C:\ProgramData\Avg
2016-03-17 22:36 - 2016-03-17 22:46 - 00000000 ____D C:\Program Files (x86)\AVG
2016-03-17 22:34 - 2016-03-17 22:50 - 00000000 ____D C:\Users\nashc_000\AppData\Local\Avg
2016-03-17 22:34 - 2016-03-17 22:39 - 00000000 ____D C:\Users\nashc_000\AppData\Local\AvgSetupLog
2016-03-17 22:34 - 2016-03-17 22:34 - 02946480 _____ (AVG Technologies CZ, s.r.o.) C:\Users\nashc_000\Downloads\AVG_Protection_1472.exe
2016-03-17 22:31 - 2016-03-17 22:31 - 00001228 _____ C:\Users\nashc_000\Desktop\cmd.exe - Shortcut.lnk
2016-03-17 22:26 - 2016-03-17 22:28 - 00000055 _____ C:\Users\nashc_000\Desktop\Ehran
2016-03-14 23:42 - 2016-03-14 23:42 - 00020144 _____ C:\Windows\System32\Tasks\{6C093698-177E-A968-7DDA-1ADBD68A90C7}
2016-03-14 23:42 - 2016-03-14 23:42 - 00000000 ____D C:\ProgramData\ccd5ca3a
2016-03-14 23:42 - 2016-03-14 23:42 - 00000000 ____D C:\ProgramData\{0310fb6c-5190-0}
2016-03-14 23:42 - 2016-03-14 23:42 - 00000000 ____D C:\ProgramData\{0216bb40-2190-1}
2016-03-13 22:58 - 2016-03-13 22:58 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-03-13 20:56 - 2016-03-13 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-13 20:56 - 2016-03-13 20:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-13 20:56 - 2016-03-13 20:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-13 20:55 - 2016-03-13 20:56 - 13163744 _____ (Microsoft Corporation) C:\Users\nashc_000\Downloads\Silverlight_x64.exe
2016-03-12 23:27 - 2016-03-12 23:27 - 00000000 ____D C:\Users\nashc_000\Documents\DyingLight
2016-03-12 23:05 - 2016-02-08 16:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-12 23:05 - 2016-02-08 15:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-12 23:04 - 2016-02-08 15:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-12 23:04 - 2016-02-08 15:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-12 23:04 - 2016-02-08 15:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-12 23:04 - 2016-02-08 15:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-12 23:04 - 2016-02-08 15:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-12 23:04 - 2016-02-08 15:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-12 23:04 - 2016-02-08 15:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-12 23:04 - 2016-02-08 15:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-12 23:04 - 2016-02-08 15:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-12 23:04 - 2016-02-08 15:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-12 23:04 - 2016-02-08 14:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-12 23:04 - 2016-02-08 14:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-12 23:04 - 2016-02-08 14:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-12 23:04 - 2016-02-08 13:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-12 23:04 - 2016-02-08 13:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-12 23:04 - 2016-02-08 13:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-12 23:04 - 2016-02-08 13:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-12 23:04 - 2016-02-08 13:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-12 23:04 - 2016-02-08 12:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-12 23:04 - 2016-02-08 12:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-12 23:04 - 2016-02-08 12:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-12 23:04 - 2016-02-08 12:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-12 23:04 - 2016-02-08 12:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-12 23:04 - 2016-02-08 12:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-12 23:04 - 2016-02-08 12:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-12 23:04 - 2016-02-08 12:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-12 23:04 - 2016-02-08 12:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-12 23:04 - 2016-02-08 11:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-12 22:59 - 2016-03-12 23:23 - 00000000 ____D C:\Program Files\Dying Light
2016-03-12 22:57 - 2016-02-05 14:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-12 22:57 - 2016-02-05 14:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-12 22:57 - 2016-02-05 10:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-12 22:57 - 2016-02-05 10:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-12 22:07 - 2016-02-05 09:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-12 22:07 - 2016-02-05 09:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-12 22:07 - 2016-02-05 09:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-12 22:07 - 2016-02-05 09:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-12 22:05 - 2016-02-12 14:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-12 22:05 - 2016-02-12 10:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-12 22:05 - 2016-02-12 09:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-12 22:05 - 2016-02-12 09:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-12 22:05 - 2016-02-12 09:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-12 22:05 - 2016-02-12 09:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-12 22:05 - 2016-02-12 09:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-12 22:05 - 2016-02-12 09:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-12 22:05 - 2016-02-12 09:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-12 22:05 - 2016-02-12 09:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-12 22:05 - 2016-02-12 09:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-12 22:05 - 2016-02-12 09:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-12 22:03 - 2016-02-04 13:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-12 22:03 - 2016-02-03 15:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-12 22:03 - 2016-02-03 15:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-12 22:03 - 2016-02-03 10:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-12 22:03 - 2016-02-03 10:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-12 22:03 - 2016-02-03 10:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-12 21:18 - 2016-02-04 12:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-12 21:18 - 2016-02-04 12:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-12 21:17 - 2016-01-31 14:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-12 20:59 - 2016-02-04 13:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-12 20:59 - 2016-02-04 13:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-12 20:59 - 2016-02-04 12:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-12 20:59 - 2016-02-04 12:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-12 20:00 - 2016-02-06 13:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-08 21:35 - 2016-03-12 22:59 - 00000669 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dying Light.lnk
2016-03-08 21:35 - 2016-03-12 22:59 - 00000657 _____ C:\Users\Public\Desktop\Dying Light.lnk
2016-03-07 23:13 - 2016-03-07 23:09 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-07 23:10 - 2016-03-07 23:10 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\AVAST Software
2016-03-07 23:10 - 2016-03-07 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-07 23:09 - 2016-03-19 17:14 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1091138052-1691735502-2221781494-1001UA.job
2016-03-07 23:09 - 2016-03-18 22:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-07 23:09 - 2016-03-17 22:49 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-07 23:09 - 2016-03-17 22:14 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1091138052-1691735502-2221781494-1001Core.job
2016-03-07 23:09 - 2016-03-12 23:20 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-07 23:09 - 2016-03-12 23:20 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-07 23:09 - 2016-03-07 23:10 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-03-07 23:09 - 2016-03-07 23:09 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-03-07 23:09 - 2016-03-07 23:09 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-07 23:09 - 2016-03-07 23:09 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-07 23:09 - 2016-03-07 23:09 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-07 23:09 - 2016-03-07 23:09 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-07 23:09 - 2016-03-07 23:09 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-07 23:09 - 2016-03-07 23:09 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1091138052-1691735502-2221781494-1001UA
2016-03-07 23:09 - 2016-03-07 23:09 - 00003508 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1091138052-1691735502-2221781494-1001Core
2016-03-07 23:09 - 2016-03-07 23:09 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-03-07 23:06 - 2016-03-07 23:06 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-07 23:05 - 2016-03-07 23:05 - 05066104 _____ (AVAST Software) C:\Users\nashc_000\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-03-07 23:05 - 2016-03-07 23:05 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-06 19:17 - 2016-03-07 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2016-03-06 19:17 - 2016-03-06 19:17 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\System Healer
2016-03-06 19:17 - 2016-03-06 19:17 - 00000000 ____D C:\ProgramData\341ea545-7221-0
2016-03-06 19:17 - 2016-03-06 19:17 - 00000000 ____D C:\ProgramData\341ea545-4927-1
2016-03-06 19:16 - 2016-03-14 23:42 - 00000000 ____D C:\ProgramData\9ebf4027-6fd3-0
2016-03-06 19:16 - 2016-03-14 23:42 - 00000000 ____D C:\ProgramData\9ebf4027-2391-1
2016-03-02 10:21 - 2016-03-02 10:21 - 00269232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2016-02-27 20:45 - 2016-03-07 22:39 - 00000000 ____D C:\Users\nashc_000\Desktop\New folder
2016-02-27 20:43 - 2016-02-27 20:41 - 1576582975 _____ C:\Users\nashc_000\Desktop\STA 1.0 Full.rar
2016-02-27 19:54 - 2016-02-27 19:54 - 00000000 ____D C:\Users\nashc_000\Desktop\JSGME
2016-02-27 19:28 - 2016-02-27 19:28 - 00025632 _____ C:\Users\nashc_000\Desktop\v09_fix_widscreen_v1.04_SepUpd_2015 (1).rar
2016-02-27 19:20 - 2016-02-27 19:16 - 236360710 _____ C:\Users\nashc_000\Desktop\SSM 2.3.rar
2016-02-27 19:15 - 2016-02-27 19:15 - 00399443 _____ C:\Users\nashc_000\Desktop\JSGME.7z
2016-02-27 18:53 - 2016-02-27 19:52 - 00000000 ____D C:\Users\nashc_000\Desktop\New folder (3)
2016-02-27 14:03 - 2016-02-27 14:16 - 00002369 _____ C:\Users\Public\Desktop\Steel Fury - Kharkov 1942.lnk
2016-02-27 14:03 - 2016-02-27 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lighthouse Interactive
2016-02-27 14:02 - 2016-03-07 22:40 - 00000000 ____D C:\Program Files (x86)\Lighthouse Interactive
2016-02-27 13:59 - 2016-02-27 14:00 - 00000000 ____D C:\Users\nashc_000\Desktop\New folder (2)
2016-02-27 13:06 - 2016-03-07 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-02-27 13:06 - 2016-02-27 13:06 - 00000000 ____D C:\Program Files (x86)\PowerISO
2016-02-27 12:59 - 2016-02-27 02:59 - 959977252 _____ (Igor Pavlov) C:\Users\nashc_000\Desktop\Steel_Panzer_Mod_v2.0.exe
2016-02-27 01:25 - 2016-02-27 02:59 - 959977252 _____ (Igor Pavlov) C:\Users\nashc_000\Downloads\Steel_Panzer_Mod_v2.0.exe
2016-02-26 19:05 - 2016-02-26 19:05 - 00001561 _____ C:\Users\nashc_000\Desktop\Murdered - Soul Suspect.lnk
2016-02-26 19:05 - 2016-02-26 19:05 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\Murdered - Soul Suspect
2016-02-25 22:53 - 2016-02-25 22:53 - 00000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Men of War Assault Squad 2.lnk
2016-02-25 22:53 - 2016-02-25 22:53 - 00000926 _____ C:\Users\Public\Desktop\Men of War Assault Squad 2.lnk
2016-02-25 22:49 - 2016-03-19 15:52 - 00000000 ____D C:\Program Files (x86)\Men of War Assault Squad 2
2016-02-24 20:42 - 2016-03-07 22:43 - 00000000 ____D C:\MyGames
2016-02-21 20:57 - 2016-02-21 21:00 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-02-21 20:57 - 2016-02-21 20:57 - 00969584 _____ (ROBLOX Corporation) C:\Users\nashc_000\Downloads\version-957ce0cc47814d39-Roblox.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-19 17:26 - 2015-01-11 21:10 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\uTorrent
2016-03-19 17:14 - 2015-01-03 00:43 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\Skype
2016-03-19 17:10 - 2016-02-06 22:40 - 00000000 ____D C:\Users\nashc_000\AppData\Local\LogMeIn Hamachi
2016-03-19 15:50 - 2015-06-06 20:29 - 00000000 ____D C:\Users\nashc_000\AppData\Local\CrashDumps
2016-03-19 12:55 - 2015-01-02 19:38 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-19 11:36 - 2015-01-03 10:26 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7C7B80A7-7BF8-46E3-8BAA-EC7CF7D75650}
2016-03-19 00:03 - 2015-01-03 10:26 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1091138052-1691735502-2221781494-1001
2016-03-18 23:35 - 2015-01-03 02:41 - 00000000 ____D C:\Users\nashc_000\AppData\Local\Arma 3
2016-03-18 23:07 - 2015-04-13 20:22 - 00000000 ____D C:\Users\nashc_000\AppData\Local\Arma 3 Launcher
2016-03-18 23:04 - 2015-01-03 02:41 - 00000000 ____D C:\Users\nashc_000\Documents\Arma 3
2016-03-18 22:59 - 2013-09-30 14:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-18 22:59 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-03-18 22:57 - 2015-12-27 02:30 - 00000000 ____D C:\Users\nashc_000\AppData\Local\MyComGames
2016-03-18 22:56 - 2015-01-03 10:26 - 00000000 __RDO C:\Users\nashc_000\SkyDrive
2016-03-18 22:52 - 2014-10-26 04:25 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-18 22:52 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-18 22:51 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-18 22:33 - 2015-02-15 14:30 - 00000000 ____D C:\Users\nashc_000\Desktop\Games
2016-03-18 22:32 - 2015-02-01 21:35 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-18 21:56 - 2015-01-02 20:07 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\Spotify
2016-03-18 21:53 - 2015-01-03 00:48 - 00000000 ____D C:\Users\nashc_000\AppData\Local\Spotify
2016-03-18 10:45 - 2016-02-06 23:18 - 00000000 ____D C:\Users\nashc_000\.oracle_jre_usage
2016-03-18 10:45 - 2015-01-24 17:19 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-18 10:45 - 2015-01-24 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-18 10:44 - 2015-01-24 17:19 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-18 00:26 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-03-17 23:00 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-03-17 22:48 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-03-14 20:15 - 2015-07-24 00:50 - 00002419 _____ C:\Users\nashc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-13 22:58 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-13 22:58 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-13 21:44 - 2015-01-03 10:27 - 00000000 ____D C:\Users\nashc_000\AppData\Local\Google
2016-03-12 23:47 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-12 23:36 - 2015-01-06 05:46 - 00000000 ____D C:\Windows\system32\MRT
2016-03-12 23:28 - 2015-01-06 05:46 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-12 22:58 - 2015-01-02 22:28 - 00000000 ____D C:\Games
2016-03-12 22:54 - 2013-08-22 09:44 - 00337808 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-08 21:27 - 2015-01-02 19:58 - 00000000 ___RD C:\Users\nashc_000\Desktop\Utilities
2016-03-08 07:41 - 2015-07-25 11:48 - 00000000 ____D C:\ProgramData\fab043d4000013db
2016-03-08 02:00 - 2013-08-22 10:38 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 02:00 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-07 23:19 - 2015-07-19 11:50 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-03-07 22:41 - 2015-01-03 10:20 - 00000000 ____D C:\Users\nashc_000
2016-03-07 22:40 - 2015-12-27 02:30 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2016-03-07 22:40 - 2015-12-25 11:12 - 00000000 ____D C:\Program Files (x86)\FFMPEG
2016-03-07 22:40 - 2015-12-25 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Author
2016-03-07 22:40 - 2015-12-25 10:57 - 00000000 ____D C:\Program Files (x86)\Digiarty
2016-03-07 22:40 - 2015-10-15 21:05 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-03-07 22:40 - 2015-08-13 04:38 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-07 22:40 - 2015-08-13 04:38 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-07 22:40 - 2015-08-03 00:47 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2016-03-07 22:40 - 2015-08-03 00:47 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-03-07 22:40 - 2015-07-20 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman - Arkham Origins
2016-03-07 22:40 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2016-03-07 22:40 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\WinMetadata
2016-03-07 22:36 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\registration
2016-03-06 23:29 - 2015-07-20 13:12 - 00000000 ____D C:\Users\nashc_000\Documents\WB Games
2016-03-06 23:29 - 2015-01-03 10:20 - 00000000 ____D C:\Users\nashc_000\AppData\Roaming\Adobe
2016-03-05 17:37 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-02-27 16:21 - 2015-05-27 20:36 - 00000000 ____D C:\Users\nashc_000\AppData\Local\ElevatedDiagnostics
2016-02-26 23:54 - 2015-01-03 00:43 - 00000000 ____D C:\ProgramData\Skype
2016-02-26 19:07 - 2015-01-05 15:44 - 00000000 ____D C:\Users\nashc_000\Documents\My Games
2016-02-26 19:05 - 2015-02-11 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-02-26 18:52 - 2015-02-11 19:18 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-02-25 23:04 - 2015-01-03 10:20 - 00000000 ____D C:\Users\nashc_000\AppData\Local\NVIDIA
2016-02-21 21:00 - 2015-07-02 22:05 - 00000254 _____ C:\Users\nashc_000\AppData\LocalLow\rbxcsettings.rbx
2016-02-21 16:51 - 2015-11-03 19:07 - 00000222 _____ C:\Users\nashc_000\Desktop\Unturned.url
2016-02-21 16:51 - 2015-01-20 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2016-02-21 16:51 - 2015-01-20 21:12 - 00000000 ____D C:\R.G. Catalyst
2016-02-19 22:20 - 2015-07-26 01:48 - 00000000 ____D C:\Windows\Minidump
 
==================== Files in the root of some directories =======
 
2015-07-15 02:58 - 2015-07-19 11:47 - 0000024 _____ () C:\Users\nashc_000\AppData\Roaming\appdataFr25.bin
2015-05-25 10:49 - 2015-06-22 11:18 - 0000298 _____ () C:\Users\nashc_000\AppData\Roaming\BreakingPoint_Login.ini
2015-05-25 13:24 - 2015-06-22 18:14 - 0001380 _____ () C:\Users\nashc_000\AppData\Roaming\BreakingPoint_Options.ini
2015-07-18 00:34 - 2015-07-18 00:39 - 0001288 _____ () C:\Users\nashc_000\AppData\Roaming\Bubble Dock.boostrap.log
2015-07-18 00:36 - 2015-07-18 00:38 - 0005737 _____ () C:\Users\nashc_000\AppData\Roaming\Bubble Dock.installation.log
2015-02-08 18:40 - 2015-10-10 14:14 - 0000099 _____ () C:\Users\nashc_000\AppData\Roaming\LauncherSettings_live.cfg
2015-07-18 00:39 - 2015-07-18 00:39 - 0000078 _____ () C:\Users\nashc_000\AppData\Roaming\Selection Tools.installation.log
2015-10-10 14:00 - 2015-10-10 14:00 - 0010496 _____ () C:\Users\nashc_000\AppData\Roaming\TheHunterSettings_live.bin
2015-02-08 18:43 - 2015-10-10 14:06 - 0000040 _____ () C:\Users\nashc_000\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-07-18 00:34 - 2015-07-18 00:34 - 0000097 _____ () C:\Users\nashc_000\AppData\Roaming\WindApp.boostrap.log
2015-07-18 00:38 - 2015-07-18 00:38 - 0000078 _____ () C:\Users\nashc_000\AppData\Roaming\WindApp.installation.log
2015-01-22 21:40 - 2015-01-22 21:40 - 0000088 _____ () C:\Users\nashc_000\AppData\Local\13ec74422d36b040a2c62e9114b8cb49
2015-04-08 20:02 - 2015-04-08 20:04 - 0011804 _____ () C:\Users\nashc_000\AppData\Local\Temp-log.txt
2015-07-15 18:33 - 2015-07-15 18:33 - 0000000 _____ () C:\Users\nashc_000\AppData\Local\Temp.dat
2015-01-22 21:42 - 2015-01-22 21:42 - 0001630 _____ () C:\ProgramData\tempimage.bmp
 
Some files in TEMP:
====================
C:\Users\nashc_000\AppData\Local\Temp\770.exe
C:\Users\nashc_000\AppData\Local\Temp\msvcr80.dll
C:\Users\nashc_000\AppData\Local\Temp\nvcuda.exe
C:\Users\nashc_000\AppData\Local\Temp\SimPack.exe
C:\Users\nashc_000\AppData\Local\Temp\sppsvc.exe
C:\Users\nashc_000\AppData\Local\Temp\zlib1.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-17 04:06
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 AM

Posted 20 March 2016 - 08:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBeQwNWQ4QFBgXcV9eTA0QEVQOeFwAVxQSFAUSIloBUA5CQFMFIk0FA1ADB0VXfVBdFElXTwhkJVR/E1gT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={E3422AF3-E93E-42D1-8557-BDECBC04EE76}&mid=f6f2f30d22c947cca0b9a59d735dd472-cd8d2dd20e5e1f7c00c9c0d519c5581c9dbcec28&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-17 23:03:15&v=4.2.8.608&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E3422AF3-E93E-42D1-8557-BDECBC04EE76}&mid=f6f2f30d22c947cca0b9a59d735dd472-cd8d2dd20e5e1f7c00c9c0d519c5581c9dbcec28&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-17 23:03:15&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.8\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=ME9C9BCCD-FE03-4501-8590-36440E0253EC&SearchSource=55&CUI=&UM=8&UP=SP503CACB7-BCE1-487D-A867-EF361A968919&SSPV="
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-13]
CHR HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-07]
R2 vToolbarUpdater40.2.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe [1957448 2016-03-17] (AVG Secure Search)
C:\Program Files (x86)\YTDownloader
C:\ProgramData\makulitsidwe
CustomCLSID: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\nashc_000\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\nashc_000\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
Task: {82745283-501F-411E-B82C-A8A319AB8C75} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {9C5F8C02-B9DE-4E26-B10C-5DB97888DADB} - System32\Tasks\{448BA949-B31F-4D12-A042-AE423F90EF65} => pcalua.exe -a C:\ProgramData\makulitsidwe\1.1.0.29\Uninstaller.exe -c /ga=1503
Task: {CCA6895E-256E-48C3-8329-BDD2FF0D6C5C} - \SMupdate1 -> No File <==== ATTENTION
Task: {CECABD0F-9F77-478A-8511-7D18565AC0F5} - \PastaLeads -> No File <==== ATTENTION[

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

Please post the logs and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 AM

Posted 25 March 2016 - 06:54 AM

Are you still with me?

#4 nash_holt

nash_holt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 26 March 2016 - 09:56 PM

alright so i have went through the steps and am in the process of the "fix" on the FRST program and it has been on my "appdata/local/temp" file for quite some time now. is that normal?



#5 nash_holt

nash_holt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 26 March 2016 - 11:18 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by nashc_000 (2016-03-26 22:59:53) Run:2
Running from C:\Users\nashc_000\Desktop
Loaded Profiles: nashc_000 (Available Profiles: nashc_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBeQwNWQ4QFBgXcV9eTA0QEVQOeFwAVxQSFAUSIloBUA5CQFMFIk0FA1ADB0VXfVBdFElXTwhkJVR/E1gT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={E3422AF3-E93E-42D1-8557-BDECBC04EE76}&mid=f6f2f30d22c947cca0b9a59d735dd472-cd8d2dd20e5e1f7c00c9c0d519c5581c9dbcec28&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-17 23:03:15&v=4.2.8.608&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E3422AF3-E93E-42D1-8557-BDECBC04EE76}&mid=f6f2f30d22c947cca0b9a59d735dd472-cd8d2dd20e5e1f7c00c9c0d519c5581c9dbcec28&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-17 23:03:15&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.8\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=ME9C9BCCD-FE03-4501-8590-36440E0253EC&SearchSource=55&CUI=&UM=8&UP=SP503CACB7-BCE1-487D-A867-EF361A968919&SSPV="
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-13]
CHR HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-07]
R2 vToolbarUpdater40.2.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe [1957448 2016-03-17] (AVG Secure Search)
C:\Program Files (x86)\YTDownloader
C:\ProgramData\makulitsidwe
CustomCLSID: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\nashc_000\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\nashc_000\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
Task: {82745283-501F-411E-B82C-A8A319AB8C75} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {9C5F8C02-B9DE-4E26-B10C-5DB97888DADB} - System32\Tasks\{448BA949-B31F-4D12-A042-AE423F90EF65} => pcalua.exe -a C:\ProgramData\makulitsidwe\1.1.0.29\Uninstaller.exe -c /ga=1503
Task: {CCA6895E-256E-48C3-8329-BDD2FF0D6C5C} - \SMupdate1 -> No File <==== ATTENTION
Task: {CECABD0F-9F77-478A-8511-7D18565AC0F5} - \PastaLeads -> No File <==== ATTENTION[

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch => key not found.
HKCR\CLSID\OldSearch => key not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.
Chrome HomePage => not found.
Chrome StartupUrls => not found.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
Chrome DefaultSuggestURL => not found.
C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => not found
C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => not found
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
vToolbarUpdater40.2.8 => service not found.
"C:\Program Files (x86)\YTDownloader" => not found.
"C:\ProgramData\makulitsidwe" => not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B} => key not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82745283-501F-411E-B82C-A8A319AB8C75} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C5F8C02-B9DE-4E26-B10C-5DB97888DADB} => key not found.
C:\Windows\System32\Tasks\{448BA949-B31F-4D12-A042-AE423F90EF65} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{448BA949-B31F-4D12-A042-AE423F90EF65} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCA6895E-256E-48C3-8329-BDD2FF0D6C5C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CECABD0F-9F77-478A-8511-7D18565AC0F5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaLeads => key not found.
EmptyTemp: => 104.7 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-26 23:06:37)

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 23:06:37 ====

#6 nash_holt

nash_holt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 26 March 2016 - 11:19 PM

Got it to work as you can see. Im having to do most of the replies by phone because the pop ups got significantly worse.....the bleeping computers website is almost inoperable from my desktop lol

#7 nash_holt

nash_holt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 26 March 2016 - 11:24 PM

PCKeeper
OM
DNSUnlocker

Those are the popup ads are by
And PastaLead

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 AM

Posted 27 March 2016 - 07:51 AM


Run both of these tool.

You can download them using a Good computer or you phone and copy both programs to the Desktop of the compromised computer.
Run the programs and post the logs.
Let me know if the problem persists.


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 AM

Posted 01 April 2016 - 07:56 AM

Are you still with me?

#10 nash_holt

nash_holt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 01 April 2016 - 11:15 AM

Yes, i am. I have my logs and more information posted before your last message

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 AM

Posted 01 April 2016 - 12:29 PM

I see not logs before my last two messages.

#12 nash_holt

nash_holt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 01 April 2016 - 09:43 PM

btw that second log i pasted is the log from my adwcleaner


Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by nashc_000 (2016-03-26 22:59:53) Run:2
Running from C:\Users\nashc_000\Desktop
Loaded Profiles: nashc_000 (Available Profiles: nashc_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBeQwNWQ4QFBgXcV9eTA0QEVQOeFwAVxQSFAUSIloBUA5CQFMFIk0FA1ADB0VXfVBdFElXTwhkJVR/E1gT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={E3422AF3-E93E-42D1-8557-BDECBC04EE76}&mid=f6f2f30d22c947cca0b9a59d735dd472-cd8d2dd20e5e1f7c00c9c0d519c5581c9dbcec28&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-17 23:03:15&v=4.2.8.608&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVsBVAxJFlQWbQ0JB19cFVQTIRQABAFHDFYWcAhaAgBAFgZCJh9aFQQTSEcFME0FCFwEURNNfX5dDH4DQFc=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E3422AF3-E93E-42D1-8557-BDECBC04EE76}&mid=f6f2f30d22c947cca0b9a59d735dd472-cd8d2dd20e5e1f7c00c9c0d519c5581c9dbcec28&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-17 23:03:15&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.8\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=ME9C9BCCD-FE03-4501-8590-36440E0253EC&SearchSource=55&CUI=&UM=8&UP=SP503CACB7-BCE1-487D-A867-EF361A968919&SSPV="
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-13]
CHR HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-07]
R2 vToolbarUpdater40.2.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe [1957448 2016-03-17] (AVG Secure Search)
C:\Program Files (x86)\YTDownloader
C:\ProgramData\makulitsidwe
CustomCLSID: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\nashc_000\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\nashc_000\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
Task: {82745283-501F-411E-B82C-A8A319AB8C75} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {9C5F8C02-B9DE-4E26-B10C-5DB97888DADB} - System32\Tasks\{448BA949-B31F-4D12-A042-AE423F90EF65} => pcalua.exe -a C:\ProgramData\makulitsidwe\1.1.0.29\Uninstaller.exe -c /ga=1503
Task: {CCA6895E-256E-48C3-8329-BDD2FF0D6C5C} - \SMupdate1 -> No File <==== ATTENTION
Task: {CECABD0F-9F77-478A-8511-7D18565AC0F5} - \PastaLeads -> No File <==== ATTENTION[
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. 
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. 
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch => key not found. 
HKCR\CLSID\OldSearch => key not found. 
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. 
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found. 
Chrome HomePage => not found.
Chrome StartupUrls => not found.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
Chrome DefaultSuggestURL => not found.
C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => not found
C:\Users\nashc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => not found
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found. 
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
vToolbarUpdater40.2.8 => service not found.
"C:\Program Files (x86)\YTDownloader" => not found.
"C:\ProgramData\makulitsidwe" => not found.
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B} => key not found. 
HKU\S-1-5-21-1091138052-1691735502-2221781494-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82745283-501F-411E-B82C-A8A319AB8C75} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C5F8C02-B9DE-4E26-B10C-5DB97888DADB} => key not found. 
C:\Windows\System32\Tasks\{448BA949-B31F-4D12-A042-AE423F90EF65} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{448BA949-B31F-4D12-A042-AE423F90EF65} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCA6895E-256E-48C3-8329-BDD2FF0D6C5C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CECABD0F-9F77-478A-8511-7D18565AC0F5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaLeads => key not found. 
EmptyTemp: => 104.7 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-26 23:06:37)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 23:06:37 ====

here it is again just in case



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 AM

Posted 02 April 2016 - 08:42 AM

What problem persists if any?

#14 nash_holt

nash_holt
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 02 April 2016 - 06:54 PM

The pop up problem is completely fixed. The only thing that ive noticed is that my chrome browser doesn't connect to certain websites and pages. While my firefox browser has no problems

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 AM

Posted 03 April 2016 - 06:57 AM

Try this.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users