Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Refused access to unknown map after virus/trojan attack, am I safe?


  • Please log in to reply
40 replies to this topic

#31 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 14 November 2018 - 12:29 PM

Greetings Jonatan.

Sorry, I was not notified of your reply.

Please do these things.

===================================================

Farbar's Recovery Scan Tool Fix

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
2018-11-08 10:24 - 2018-11-08 15:18 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
cmd: sc config WinDefend start= auto
emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Copy and paste the report in your reply.
  • Please allow your computer to reboot
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

BC AdBot (Login to Remove)

 


#32 JollyJonatan

JollyJonatan
  • Topic Starter

  • Members
  • 23 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:12:59 PM

Posted 15 November 2018 - 11:48 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.11.2018
Ran by datorn (15-11-2018 14:42:44) Run:7
Running from C:\Users\datorn\Desktop
Loaded Profiles: datorn (Available Profiles: datorn)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2018-11-08 10:24 - 2018-11-08 15:18 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
cmd: sc config WinDefend start= auto
emptytemp:
 
*****************
 
C:\windows\System32\Tasks\AVAST Software => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => not found
 
========= sc config WinDefend start= auto =========
 
[SC] OpenService FAILED 5:
 
tkomst nekad.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10670140 B
Java, Flash, Steam htmlcache => 90396820 B
Windows/system/drivers => 4066299 B
Edge => 0 B
Chrome => 743652404 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 10704 B
NetworkService => 0 B
datorn => 90477334 B
 
RecycleBin => 0 B
EmptyTemp: => 903.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:42:45 ====
 
ESET
C:\AdwCleaner\Quarantine\v1\20181108.094820\20\DriverToolkitInstaller.exe#347543E8D241A00A a variant of Win32/UwS.DriverToolkit.A application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20181108.094820\3\TOTALAV.EXE#A2BC7DBF0EBFA85C a variant of MSIL/UwS.TotalAV.A application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\IObit\ASCDownloader\ASC11\Driver Booster.exe a variant of Win32/IObit.D potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\plexog.dll.xBAD a variant of Win32/TrojanProxy.Agent.OBU trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\Temp\1532.tmp.exe.xBAD a variant of Win32/Kryptik.GMKB trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\Temp\CodecFixIt.exe.xBAD a variant of Win32/Kryptik.GLSL trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\Temp\gutbook.exe.xBAD a variant of Win32/Indiloadz.AU trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\Temp\taw.exe.xBAD Win32/Indiloadz.AQ trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\William\App.exe a variant of Win32/Spy.Socelars.K trojan cleaned by deleting
C:\FRST\Quarantine\C\Users\datorn\AppData\Local\William\trzBB16.tmp a variant of Win32/Spy.Socelars.K trojan cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe a variant of MSIL/WebCompanion.C potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe.old.131764093029365221 a variant of MSIL/WebCompanion.C potentially unwanted application cleaned by deleting
C:\Users\datorn\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\cc84333c138e11ac\120712-0049\Att\20001ad5\Order-Q48210467 (1).pdf PDF/Phishing.A.Gen trojan cleaned by deleting
C:\Users\datorn\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\cc84333c138e11ac\120712-0049\Att\20001ad5\Order-Q48210467 (2).pdf PDF/Phishing.A.Gen trojan cleaned by deleting
C:\Users\datorn\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\cc84333c138e11ac\120712-0049\Att\20001ad5\Order-Q48210467.pdf PDF/Phishing.A.Gen trojan cleaned by deleting
C:\Users\datorn\Downloads\advanced-systemcare-setup.exe a variant of Win32/IObit.G potentially unwanted application cleaned by deleting
C:\Users\datorn\Downloads\ccsetup545.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\datorn\Downloads\PCProtect.exe a variant of MSIL/UwS.TotalAV.A application cleaned by deleting
C:\Users\datorn\Downloads\uTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application cleaned by deleting
D:\Games\Assassin's Creed IV Black Flag\Assassins Creed IV Black Flag\steam_api.dll a variant of Win32/HackTool.Crack.BL potentially unsafe application cleaned by deleting
D:\Games\Assassin's Creed IV Black Flag\Assassins Creed IV Black Flag\uplay_r1.dll Win32/HackTool.Crack.BT potentially unsafe application cleaned by deleting
D:\Games\Game Archives\Middle Earth - Shadow of Mordor\x64\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting
G:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
G:\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.68.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\Program Files (x86)\NCH Software\PhotoStage\photostage.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
G:\Program Files (x86)\NCH Software\PhotoStage\photostagesetup_v2.24.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\Program Files (x86)\NCH Software\Prism\prism.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting
G:\Program Files (x86)\NCH Software\Prism\prismpsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
G:\Program Files (x86)\NCH Software\Prism\prismsetup_v1.95.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
G:\Program Files (x86)\NCH Software\VideoPad\videopad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
G:\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.14.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.24.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\Program Files (x86)\NCH Software\WavePad\wavepad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
G:\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.55.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
G:\ProgramData\InstallMate\OptimizerPro\Custom.dll Win32/InstalleRex.T potentially unwanted application cleaned by deleting
G:\ProgramData\InstallMate\{9EBDAB81-3698-433A-A1D1-7EBA455E8977}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application cleaned by deleting
G:\Users\Tommy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx Win32/Bundled.Toolbar.Ask.P potentially unsafe application deleted
G:\Users\Tommy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.5.0.crx Win32/Bundled.Toolbar.Ask.P potentially unsafe application deleted
G:\Users\Tommy\AppData\Local\CRE\keedmbnfhefdkcccingfebdakloejejo.crx a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashReport.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashRpt.dll a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x86.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MgAssist.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk a variant of Android/Mobserv.A potentially unwanted application deleted
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
G:\Users\Tommy\AppData\Roaming\satoolbar.exe Win32/Toolbar.SearchAmong.A potentially unwanted application cleaned by deleting
G:\Users\Tommy\Documents\avi.codec.pack.pro.v2.4.0.setup.exe Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
G:\Users\Tommy\Documents\media.player.codec.pack.v3.9.6.setup.exe Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
G:\Users\Tommy\Documents\windows.7.codec.pack.v2.6.1.setup.exe Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting


#33 JollyJonatan

JollyJonatan
  • Topic Starter

  • Members
  • 23 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:12:59 PM

Posted 15 November 2018 - 11:55 AM

My computer still seems to run well!

I managed to get windows defender running by doing the regedit fix changing the 1 to a 0, however although it says my computer is protected it also says that my real-time protection is inactivated.

 

Edit: I tried restarting my computer although it still says inactivated although I checked the box to activate it.
However the windows defender service is running seemingly on start-up when I looked in task-manager!
The map that I was originally concerned about when I opened this thread, "gmhowlka" I could see had been listed as an exception (well not anymore) in the windows defender. I've also updated the virus definitions in the Windows defender and did a quick scan that didn't detect anything.

To my relief my windows programs thus seems to now work again.


Edited by JollyJonatan, 15 November 2018 - 12:09 PM.


#34 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 15 November 2018 - 02:22 PM

Great.

Are there any remaining issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#35 JollyJonatan

JollyJonatan
  • Topic Starter

  • Members
  • 23 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:12:59 PM

Posted 15 November 2018 - 03:19 PM

I kinda wonder why my windows defender won't let me activate real-time protection, or if it is on why it is telling me that it isn't.
Other than that I havn't encountered any other issues.



#36 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 15 November 2018 - 04:16 PM

Let's do this.

===================================================

Farbar's Recovery Scan Tool SearchAll

--------------------
  • Right click on FRST and select Run as administrator
  • Copy/paste the following in the Search: box
SearchAll: avg;avast
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#37 JollyJonatan

JollyJonatan
  • Topic Starter

  • Members
  • 23 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:12:59 PM

Posted 15 November 2018 - 04:46 PM

Ahem, the site crashed as I tried to paste the contents of the report. I hope the file as an attachment might suffice? .txt files usually don't show as MB do they? ^^'

Attached Files



#38 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 15 November 2018 - 08:31 PM

Thanks for your patience while I reviewed the file. No, that was unusually large.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------
  • Please download Attached File  Fixlist.txt   22.53KB   3 downloads and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
  • Right click on FRST and select Run as administrator
  • Click Fix and once completed your computer will reboot
  • Allow your computer to reboot
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Check Windows Defender after reboot.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Windows Defender?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#39 JollyJonatan

JollyJonatan
  • Topic Starter

  • Members
  • 23 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:12:59 PM

Posted 16 November 2018 - 07:08 AM

Still the windows defender is not running properly I think.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.11.2018
Ran by datorn (16-11-2018 12:57:17) Run:8
Running from C:\Users\datorn\Desktop
Loaded Profiles: datorn (Available Profiles: datorn)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
C:\Windows\WinSxS\Manifests\*avast*.*
C:\Windows\WinSxS\Manifests\*avg*.*
C:\Windows\Prefetch\*AVAST*.*
C:\Windows\Prefetch\*AVG*.*
C:\Users\datorn\Downloads\avg_antivirus_free_setup.exe
C:\Users\datorn\Downloads\avg_antivirus_free_setup_a2k.exe
C:\Users\datorn\Desktop\AVG_Remover.exe
C:\Users\datorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
C:\Users\datorn\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki\18.3.56_0\common\ui\icons\icon-avast.png
C:\Users\datorn\AppData\Local\Avg\
C:\ProgramData\Avg
C:\FRST\Quarantine
C:\AVG_Remover
2018-11-14 15:47 - 2018-11-14 15:58 _____ C:\AVG_Remover
2018-11-06 14:34 - 2018-11-06 14:34 _____ C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_586e9d411a1940c6
2017-11-28 12:09 - 2017-11-28 12:09 _____ C:\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_6bbcfeb7d72790b2
2017-11-28 12:09 - 2017-11-28 12:09 _____ C:\Windows\WinSxS\amd64_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_643e18eddbf60d95
2018-11-06 14:34 - 2018-11-06 14:34 _____ C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_a01bd4182e9569cc
2018-11-06 14:34 - 2018-11-06 14:34 _____ C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.25325.0_none_a4fbd60a2b6998ff
2017-11-28 12:09 - 2017-11-28 12:09 _____ C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8
2017-11-28 12:09 - 2017-11-28 12:09 _____ C:\Windows\WinSxS\x86_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_abeb4fc4f072369b
2017-11-28 12:24 - 2017-11-28 12:24 _____ C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg
2018-11-06 14:25 - 2018-11-06 14:25 _____ C:\Windows\System32\Tasks\AVG
2017-11-28 12:10 - 2017-12-19 16:16 _____ C:\Windows\System32\config\systemprofile\AppData\Local\Avg
2017-11-28 12:08 - 2018-11-14 15:57 _____ C:\Users\datorn\AppData\Local\Avg
2017-11-28 12:09 - 2018-11-14 15:50 _____ C:\Program Files (x86)\AVG
 
StartRegedit:
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Persistent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AVGBrowserUpdate.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{30612A81-C10F-498E-9163-C2B2A3F81A14}]
"LocalService"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{82C85EAA-7C94-4702-AA75-DF39403AE358}]
"LocalService"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.OneClickCtrl.9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgPersistentStorage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgPersistentStorage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGUpdate.CoreClass]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGUpdate.CoreClass.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassSvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassSvc.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGUpdate.Update3COMClassService]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGUpdate.Update3COMClassService.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebSvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebSvc.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57176671-2DCA-4D06-A004-8DE638713186}\InProcServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7E6B353-129C-43BE-86A5-1041305A828C}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF069D44-71C2-4469-902D-5387F1985BBD}\InprocHandler32]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.update.avgbrowser.com.oneclickctrl.9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.update.avgbrowser.com.update3webcontrol.3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\ProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14}\ProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14}\VersionIndependentProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{384098DD-AB6D-412E-B819-2F10032D9767}\ProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{384098DD-AB6D-412E-B819-2F10032D9767}\VersionIndependentProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\InprocServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\ProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57176671-2DCA-4D06-A004-8DE638713186}\InProcServer32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\ProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\VersionIndependentProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82C85EAA-7C94-4702-AA75-DF39403AE358}\ProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82C85EAA-7C94-4702-AA75-DF39403AE358}\VersionIndependentProgID]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF069D44-71C2-4469-902D-5387F1985BBD}\InprocHandler32]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{08bc6d55-d2c3-11e7-8255-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{08bc6d55-d2c3-11e7-8255-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{08bc6d56-d2c3-11e7-8255-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{08bc6d56-d2c3-11e7-8255-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{08bc6d57-d2c3-11e7-8255-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{08bc6d57-d2c3-11e7-8255-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{5757f4df-d3ab-11e7-825c-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{5757f4df-d3ab-11e7-825c-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{5757f4e0-d3ab-11e7-825c-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{5757f4e0-d3ab-11e7-825c-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{5757f4e1-d3ab-11e7-825c-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{5757f4e1-d3ab-11e7-825c-806e6f6e6963}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{d5c3fd33-c790-444d-a191-fe895c5a0893}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\Statistics\Volume{d5c3fd33-c790-444d-a191-fe895c5a0893}]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avg.vc140.crt_f92d94485545da78_none_fce6f287894868aa]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avg.vc140.mfc_f92d94485545da78_none_fd9dc69b88bfb01f]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_none_a9ad3a99a4bbc1ec]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_none_aa640eada4330961]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avg.vc140.crt_f92d94485545da78_none_4494295e9dc491b0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avg.vc140.mfc_f92d94485545da78_none_454afd729d3bd925]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avg.vc140.crt_f92d94485545da78_none_f15a7170b937eaf2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_none_f2114584b8af3267]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\win32k\1706]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\win32k\1706]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe]
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7E6B353-129C-43BE-86A5-1041305A828C}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVAST Software]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Browser\aswSP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe]
[-HKEY_USERS\.DEFAULT\Software\AVAST Software]
[-HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\AVAST Software]
[-HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\AvastAdSDK]
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\93a6bfaf_0]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b014c315_0]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_nntp"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_sms"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_smsto"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_tel"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_urn"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_webcal"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
""=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.htm\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.html\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.shtml\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.svg\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.webp\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.xht\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.xhtml\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\ftp\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\irc\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\mailto\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\mms\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\news\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\nntp\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\sms\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\smsto\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\tel\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\urn\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\webcal\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\irc\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mailto\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mms\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\news\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\nntp\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\sms\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\smsto\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\tel\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\urn\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\webcal\UserChoice]
"ProgId"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\datorn\Downloads\avast_free_antivirus_setup_online_u2k.exe"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\AVAST Software\Avast\setup\instup.exe"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\datorn\Downloads\avast_free_antivirus_setup_online_u2k.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-4235558843-6001546-1967893253-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\datorn\Downloads\avast_free_antivirus_setup_online_u2k.exe.ApplicationCompany"=-
 
EndRegedit:
 
 
*****************
 
Processes closed successfully.
 
=========== "C:\Windows\WinSxS\Manifests\*avast*.*" ==========
 
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_586e9d411a1940c6.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_586e9d411a1940c6.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_4b5d1834d3072800.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_4b5d1834d3072800.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_a01bd4182e9569cc.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_a01bd4182e9569cc.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.25325.0_none_a4fbd60a2b6998ff.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.25325.0_none_a4fbd60a2b6998ff.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_930a4f0be7835106.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_930a4f0be7835106.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.25325.0_none_97ea50fde4578039.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.25325.0_none_97ea50fde4578039.manifest => moved successfully
 
========= End -> "C:\Windows\WinSxS\Manifests\*avast*.*" ========
 
 
=========== "C:\Windows\WinSxS\Manifests\*avg*.*" ==========
 
C:\Windows\WinSxS\Manifests\amd64_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_6bbcfeb7d72790b2.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_6bbcfeb7d72790b2.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_643e18eddbf60d95.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_643e18eddbf60d95.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_8fab2898e0196d60.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_8fab2898e0196d60.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_882c42cee4e7ea43.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_882c42cee4e7ea43.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_abeb4fc4f072369b.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_abeb4fc4f072369b.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_d7585f6ff4959666.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_d7585f6ff4959666.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_cfd979a5f9641349.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_cfd979a5f9641349.manifest => moved successfully
 
========= End -> "C:\Windows\WinSxS\Manifests\*avg*.*" ========
 
 
=========== "C:\Windows\Prefetch\*AVAST*.*" ==========
 
C:\Windows\Prefetch\AVASTBROWSER.EXE-53BD567A.pf => moved successfully
C:\Windows\Prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-5608A381.pf => moved successfully
 
========= End -> "C:\Windows\Prefetch\*AVAST*.*" ========
 
 
=========== "C:\Windows\Prefetch\*AVG*.*" ==========
 
C:\Windows\Prefetch\AVGBROWSER.EXE-7B5E47B1.pf => moved successfully
C:\Windows\Prefetch\AVGUI.EXE-DAF2E04D.pf => moved successfully
C:\Windows\Prefetch\AVG_ANTIVIRUS_FREE_SETUP.EXE-41955AF3.pf => moved successfully
C:\Windows\Prefetch\AVG_ANTIVIRUS_FREE_SETUP.EXE-BAF43A75.pf => moved successfully
C:\Windows\Prefetch\AVG_REMOVER.EXE-5181B3D8.pf => moved successfully
C:\Windows\Prefetch\AVG_REMOVER.EXE-9A1F65C6.pf => moved successfully
 
========= End -> "C:\Windows\Prefetch\*AVG*.*" ========
 
C:\Users\datorn\Downloads\avg_antivirus_free_setup.exe => moved successfully
C:\Users\datorn\Downloads\avg_antivirus_free_setup_a2k.exe => moved successfully
C:\Users\datorn\Desktop\AVG_Remover.exe => moved successfully
C:\Users\datorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk => moved successfully
C:\Users\datorn\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki\18.3.56_0\common\ui\icons\icon-avast.png => moved successfully
C:\Users\datorn\AppData\Local\Avg => moved successfully
C:\ProgramData\Avg => moved successfully
 
"C:\FRST\Quarantine" folder move:
 
Could not move "C:\FRST\Quarantine" => Scheduled to move on reboot.
 
C:\AVG_Remover => moved successfully
"C:\AVG_Remover" => not found
C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_586e9d411a1940c6 => moved successfully
C:\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_6bbcfeb7d72790b2 => moved successfully
C:\Windows\WinSxS\amd64_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_643e18eddbf60d95 => moved successfully
C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.25325.0_none_a01bd4182e9569cc => moved successfully
C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.25325.0_none_a4fbd60a2b6998ff => moved successfully
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8 => moved successfully
C:\Windows\WinSxS\x86_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_abeb4fc4f072369b => moved successfully
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg => moved successfully
C:\Windows\System32\Tasks\AVG => moved successfully
C:\Windows\System32\config\systemprofile\AppData\Local\Avg => moved successfully
"C:\Users\datorn\AppData\Local\Avg" => not found
C:\Program Files (x86)\AVG => moved successfully
 
====> Registry
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-11-2018 12:58:21)
 
C:\FRST\Quarantine => Could not move
 
==== End of Fixlog 12:58:22 ====

Attached Files


Edited by JollyJonatan, 16 November 2018 - 07:09 AM.


#40 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:59 AM

Posted 16 November 2018 - 05:56 PM

Hi Jonatan.

Please check for and install any available Windows Updates.

Have you ever used or had Norton or McAfee products on your computer?

Make sure your date and time are correct on the computer.

Click Start, type virus and select Virus & threat protection
Under Virus & threat protection updates make sure they are up to date and show a green check mark. If not, update it.
Under Virus & threat protection settings click Manage settings and see if Real-time protection is on

Let me know the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#41 JollyJonatan

JollyJonatan
  • Topic Starter

  • Members
  • 23 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sweden
  • Local time:12:59 PM

Posted Today, 06:22 AM

Checked for Windows updates, and there were no new available updates.
I have not used Norton or McAfee products.

Time and date were correct. I reset the timezone to be certain.

Realtime protection status is still inactive.

Now, I couldn't find Virus & threat protection. I did find two other settings when I searched for virus, translated "Control Security Status" and "Control computer status and fix problems". When clicking on these an error window popped up without error code. It stated the search path for the setting and said "undefined error".






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users