« previous next »
Pages: [1]   Go Down

Author Topic: Logs I was told to post.  (Read 2252 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Logs I was told to post.
« on: June 05, 2015, 04:08:46 PM »
Logs I was told to post after scanning. Thanks!!!
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Logs I was told to post.
« Reply #1 on: June 05, 2015, 04:49:28 PM »
Let me know if this stops the alerts

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1434291264-556599604-1530782419-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKU\S-1-5-19 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b8e3a0bb0-6b6b-4ca6-9975-686b573c1289%7d&component=&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b8e3a0bb0-6b6b-4ca6-9975-686b573c1289%7d&component=&q={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR HKLM\...\Chrome\Extension: [Yontoo Layers] - C:\Users\Susan\AppData\Local\Temp\Yontoo Layers [Not Found]
CHR HKU\S-1-5-21-1434291264-556599604-1530782419-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Yontoo Layers] - C:\Users\Susan\AppData\Local\Temp\YontooLayers.crx [Not Found]
Task: {1DCC764D-47D1-4D42-B2AF-0B267FEF8A90} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {AE6C64EF-5B17-4E55-BEDC-F54F3EAE9A12} - System32\Tasks\4703 => Wscript.exe C:\Users\Susan\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that
Logged

REDACTED

  • Guest
Re: Logs I was told to post.
« Reply #2 on: June 05, 2015, 05:04:49 PM »
Here is the Fix Log. The Avast block didnt not pop up when rebooted like it normally does. It was popping up when PC is started and just randomly while the machine is running even if its just sitting on desktop not being used. Thanks again.
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Logs I was told to post.
« Reply #3 on: June 05, 2015, 07:25:15 PM »
Let me know when you are happy and I will tidy up :)
Logged

REDACTED

  • Guest
Re: Logs I was told to post.
« Reply #4 on: June 05, 2015, 10:14:58 PM »
Everything is so far so good. Used the PC for a couple hrs so far and no issues at all. It wont be used again till tomorrow were going out of town till late tonight. Thank you for all your help. If I have anymore problems I will post back here.
Logged
Pages: [1]   Go Up
« previous next »