DPCTAgentZ
Posts: 21 +0
I see the problem, its an older log, its the additional one right? Yeah that scan was like 6 hours ago when I still had the AVs, do I perform a new scan of that?
Inactive-A Iexplore.exe Virus Help
- Thread starter DPCTAgentZ
- Start date
- Status
Broni
Posts: 56,041 +516
Registry cleaners/optimizers are not recommended for several reasons:
- Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
- Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
- Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
- Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
- The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
DPCTAgentZ
Posts: 21 +0
Done, here it is, the Fixlog.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by CASZ at 2015-01-03 22:41:41 Run:1
Running from C:\Users\CASZ\Downloads
Loaded Profile: CASZ (Available profiles: CASZ & fbwuser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1331771087-30956632-3492572574-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1331771087-30956632-3492572574-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1331771087-30956632-3492572574-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx64.sys
2015-01-02 20:00 - 2015-01-02 20:00 - 00000000 ____D () C:\Users\CASZ\AppData\Roaming\AVG2015
2015-01-02 19:54 - 2015-01-03 16:01 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-02 19:54 - 2015-01-03 15:53 - 00000000 ____D () C:\$AVG
2015-01-02 19:49 - 2015-01-02 20:30 - 00000000 ____D () C:\Users\CASZ\AppData\Local\Avg2015
2015-01-03 16:14 - 2011-06-12 23:37 - 00000000 ____D () C:\ProgramData\Norton
2015-01-02 21:20 - 2013-12-29 20:58 - 00000000 ____D () C:\ProgramData\jnefdonjenhpjkagfnkkeohklbcalcjm
C:\Users\CASZ\AppData\Local\Temp\Quarantine.exe
C:\Users\CASZ\AppData\Local\Temp\sqlite3.dll
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG"
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NIS"
Hosts:
Task: {02FAB4B2-6973-4503-A8E6-0890FD3EC531} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
C:\Program Files (x86)\Norton Internet Security
Task: {5B48B9F8-7FA7-4543-8532-7C0587FE42FB} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {11AACBCA-4C29-4824-B28C-F3B29E58DCF4} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {82DDA65D-19B4-47A7-ADF1-D4B0008BA3B8} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {A6E8FFE2-A1C0-4481-BCE7-5D913FCF04F3} - System32\Tasks\4486 => Wscript.exe C:\Users\CASZ\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\CASZ\AppData\Local\Temp\launchie.vbs
Task: {E00B665A-9B43-4CC2-B9D1-C0F6D96A498E} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E7AC64EB-B3B4-4DA3-8BBA-002A7D0AB8F5}.exe
C:\Windows\TEMP\{E7AC64EB-B3B4-4DA3-8BBA-002A7D0AB8F5}.exe
Task: {FF2D0F32-6D7A-437B-8911-96E4B40B7537} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E7AC64EB-B3B4-4DA3-8BBA-002A7D0AB8F5}.exe
AlternateDataStreams: C:\Users\CASZ\Local Settings:jbgNjI2dNUkAJcElkxdrFHH
AlternateDataStreams: C:\Users\CASZ\AppData\Local:jbgNjI2dNUkAJcElkxdrFHH
AlternateDataStreams: C:\Users\CASZ\AppData\Local\Application Data:jbgNjI2dNUkAJcElkxdrFHH
*****************
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1331771087-30956632-3492572574-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1331771087-30956632-3492572574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1331771087-30956632-3492572574-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
GamesAppService => Service deleted successfully.
catchme => Service deleted successfully.
HssDRV6 => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\Windows\system32\drivers\avgtpx64.sys => Moved successfully.
C:\Users\CASZ\AppData\Roaming\AVG2015 => Moved successfully.
C:\ProgramData\AVG2015 => Moved successfully.
C:\$AVG => Moved successfully.
C:\Users\CASZ\AppData\Local\Avg2015 => Moved successfully.
C:\ProgramData\Norton => Moved successfully.
C:\ProgramData\jnefdonjenhpjkagfnkkeohklbcalcjm => Moved successfully.
C:\Users\CASZ\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\CASZ\AppData\Local\Temp\sqlite3.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG" =========
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NIS" =========
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NIS (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02FAB4B2-6973-4503-A8E6-0890FD3EC531} => Key not found.
C:\Windows\System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Processor 18.7.2.3 => Key not found.
"C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B48B9F8-7FA7-4543-8532-7C0587FE42FB} => Key not found.
C:\Windows\System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Analyzer 18.7.2.3 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11AACBCA-4C29-4824-B28C-F3B29E58DCF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11AACBCA-4C29-4824-B28C-F3B29E58DCF4}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{82DDA65D-19B4-47A7-ADF1-D4B0008BA3B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82DDA65D-19B4-47A7-ADF1-D4B0008BA3B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6E8FFE2-A1C0-4481-BCE7-5D913FCF04F3} => Key not found.
C:\Windows\System32\Tasks\4486 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4486 => Key not found.
"C:\Users\CASZ\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E00B665A-9B43-4CC2-B9D1-C0F6D96A498E} => Key not found.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Key not found.
"C:\Windows\TEMP\{E7AC64EB-B3B4-4DA3-8BBA-002A7D0AB8F5}.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF2D0F32-6D7A-437B-8911-96E4B40B7537}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF2D0F32-6D7A-437B-8911-96E4B40B7537}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job not found.
"C:\Users\CASZ\Local Settings" => ":jbgNjI2dNUkAJcElkxdrFHH" ADS not found.
C:\Users\CASZ\AppData\Local => ":jbgNjI2dNUkAJcElkxdrFHH" ADS removed successfully.
"C:\Users\CASZ\AppData\Local\Application Data" => ":jbgNjI2dNUkAJcElkxdrFHH" ADS not found.
The system needed a reboot.
==== End of Fixlog 22:41:44 ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by CASZ at 2015-01-03 22:41:41 Run:1
Running from C:\Users\CASZ\Downloads
Loaded Profile: CASZ (Available profiles: CASZ & fbwuser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1331771087-30956632-3492572574-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1331771087-30956632-3492572574-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1331771087-30956632-3492572574-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx64.sys
2015-01-02 20:00 - 2015-01-02 20:00 - 00000000 ____D () C:\Users\CASZ\AppData\Roaming\AVG2015
2015-01-02 19:54 - 2015-01-03 16:01 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-02 19:54 - 2015-01-03 15:53 - 00000000 ____D () C:\$AVG
2015-01-02 19:49 - 2015-01-02 20:30 - 00000000 ____D () C:\Users\CASZ\AppData\Local\Avg2015
2015-01-03 16:14 - 2011-06-12 23:37 - 00000000 ____D () C:\ProgramData\Norton
2015-01-02 21:20 - 2013-12-29 20:58 - 00000000 ____D () C:\ProgramData\jnefdonjenhpjkagfnkkeohklbcalcjm
C:\Users\CASZ\AppData\Local\Temp\Quarantine.exe
C:\Users\CASZ\AppData\Local\Temp\sqlite3.dll
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG"
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NIS"
Hosts:
Task: {02FAB4B2-6973-4503-A8E6-0890FD3EC531} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
C:\Program Files (x86)\Norton Internet Security
Task: {5B48B9F8-7FA7-4543-8532-7C0587FE42FB} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {11AACBCA-4C29-4824-B28C-F3B29E58DCF4} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {82DDA65D-19B4-47A7-ADF1-D4B0008BA3B8} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {A6E8FFE2-A1C0-4481-BCE7-5D913FCF04F3} - System32\Tasks\4486 => Wscript.exe C:\Users\CASZ\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\CASZ\AppData\Local\Temp\launchie.vbs
Task: {E00B665A-9B43-4CC2-B9D1-C0F6D96A498E} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E7AC64EB-B3B4-4DA3-8BBA-002A7D0AB8F5}.exe
C:\Windows\TEMP\{E7AC64EB-B3B4-4DA3-8BBA-002A7D0AB8F5}.exe
Task: {FF2D0F32-6D7A-437B-8911-96E4B40B7537} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E7AC64EB-B3B4-4DA3-8BBA-002A7D0AB8F5}.exe
AlternateDataStreams: C:\Users\CASZ\Local Settings:jbgNjI2dNUkAJcElkxdrFHH
AlternateDataStreams: C:\Users\CASZ\AppData\Local:jbgNjI2dNUkAJcElkxdrFHH
AlternateDataStreams: C:\Users\CASZ\AppData\Local\Application Data:jbgNjI2dNUkAJcElkxdrFHH
*****************
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1331771087-30956632-3492572574-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1331771087-30956632-3492572574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1331771087-30956632-3492572574-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
GamesAppService => Service deleted successfully.
catchme => Service deleted successfully.
HssDRV6 => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\Windows\system32\drivers\avgtpx64.sys => Moved successfully.
C:\Users\CASZ\AppData\Roaming\AVG2015 => Moved successfully.
C:\ProgramData\AVG2015 => Moved successfully.
C:\$AVG => Moved successfully.
C:\Users\CASZ\AppData\Local\Avg2015 => Moved successfully.
C:\ProgramData\Norton => Moved successfully.
C:\ProgramData\jnefdonjenhpjkagfnkkeohklbcalcjm => Moved successfully.
C:\Users\CASZ\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\CASZ\AppData\Local\Temp\sqlite3.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG" =========
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NIS" =========
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NIS (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02FAB4B2-6973-4503-A8E6-0890FD3EC531} => Key not found.
C:\Windows\System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Processor 18.7.2.3 => Key not found.
"C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B48B9F8-7FA7-4543-8532-7C0587FE42FB} => Key not found.
C:\Windows\System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Analyzer 18.7.2.3 => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11AACBCA-4C29-4824-B28C-F3B29E58DCF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11AACBCA-4C29-4824-B28C-F3B29E58DCF4}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{82DDA65D-19B4-47A7-ADF1-D4B0008BA3B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82DDA65D-19B4-47A7-ADF1-D4B0008BA3B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6E8FFE2-A1C0-4481-BCE7-5D913FCF04F3} => Key not found.
C:\Windows\System32\Tasks\4486 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4486 => Key not found.
"C:\Users\CASZ\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E00B665A-9B43-4CC2-B9D1-C0F6D96A498E} => Key not found.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Key not found.
"C:\Windows\TEMP\{E7AC64EB-B3B4-4DA3-8BBA-002A7D0AB8F5}.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF2D0F32-6D7A-437B-8911-96E4B40B7537}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF2D0F32-6D7A-437B-8911-96E4B40B7537}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job not found.
"C:\Users\CASZ\Local Settings" => ":jbgNjI2dNUkAJcElkxdrFHH" ADS not found.
C:\Users\CASZ\AppData\Local => ":jbgNjI2dNUkAJcElkxdrFHH" ADS removed successfully.
"C:\Users\CASZ\AppData\Local\Application Data" => ":jbgNjI2dNUkAJcElkxdrFHH" ADS not found.
The system needed a reboot.
==== End of Fixlog 22:41:44 ====
Broni
Posts: 56,041 +516
Last scans...
Download Security Check from here or here and save it to your Desktop.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Download Sophos Free Virus Removal Tool and save it to your desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
- Double click the icon and select Run
- Click Next
- Select I accept the terms in this license agreement, then click Next twice
- Click Install
- Click Finish to launch the program
- Once the virus database has been updated click Start Scanning
- If any threats are found click Details, then View log file... (bottom left hand corner)
- Copy and paste the results in your reply
- Close the Notepad document, close the Threat Details screen, then click Start cleanup
- Click Exit to close the program
DPCTAgentZ
Posts: 21 +0
Sorry, I've been busy lately (actually I'm using another PC right now :s) but yea, as soon as I get in my other PC I'll do the last scans, although it seems its all cured but I'll just do those last steps as you suggested c:
- Status
Latest posts
-
How to play PS1 Doom on PC (and why you might want to)- amghwk replied
-
Modder builds a Nintendo Wii the size of a deck of cards- WhiteLeaff replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU- Squid Surprise replied
-
Apple is rolling out AirPlay support for TVs in hotel rooms- RudyBob replied
-
The Best Phones: Top Picks for Every Price Range- DanteSmith replied
