0 Members and 1 Guest are viewing this topic.
CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1434291264-556599604-1530782419-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/SearchScopes: HKU\S-1-5-19 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b8e3a0bb0-6b6b-4ca6-9975-686b573c1289%7d&component=&q={searchTerms}SearchScopes: HKU\S-1-5-20 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b8e3a0bb0-6b6b-4ca6-9975-686b573c1289%7d&component=&q={searchTerms}Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileCHR HKLM\...\Chrome\Extension: [Yontoo Layers] - C:\Users\Susan\AppData\Local\Temp\Yontoo Layers [Not Found]CHR HKU\S-1-5-21-1434291264-556599604-1530782419-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Yontoo Layers] - C:\Users\Susan\AppData\Local\Temp\YontooLayers.crx [Not Found]Task: {1DCC764D-47D1-4D42-B2AF-0B267FEF8A90} - System32\Tasks\0 => Iexplore.exe <==== ATTENTIONTask: {AE6C64EF-5B17-4E55-BEDC-F54F3EAE9A12} - System32\Tasks\4703 => Wscript.exe C:\Users\Susan\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONReg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fReg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fRemoveProxy:EmptyTemp: CMD: bitsadmin /reset /allusers