Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blocked user account by threat


  • This topic is locked This topic is locked
10 replies to this topic

#1 goved

goved

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 04 June 2015 - 01:44 PM

Hi,I have a problem-one of my user accounts is blocked-I can't sign in when windows starts.The blocked account is weakest one,without any admin privileges.I use it only for surfing and working.The admin account is reary used mostly to install software.I noticed that there are many password protected files in AVG folder.Can.t do anything.can't delete them or modifying.Found them when scanning was performed with Live CD,these are files-AVG2012/config/internalList/zip.bak-Password protected and AVG2012/config/quarantinedList/zip.bak-Password protected .

There are scans by FRST,but i attached them becouse of this messege:

"Your post was too long. Please go back and shorten it a little."

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 PM

Posted 07 June 2015 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

() C:\Program Files\AVG Secure Search\vprot.exe
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2571288 2014-07-04] ()
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: MMC.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: DISKPART.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: NET.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: REG.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: REGINI.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: GPEDIT.MSC <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: XCOPY.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: RENAME.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: REN.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: CONTROL.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: diskmgmt.msc <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: nusrmgr.cpl <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: ETPREP.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: EWFMGR.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: ConfigWizards.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: DDEShare.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: RegSvcs.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: regsvr32.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: shrpubw.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: spuninst.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: fsquirt.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: dxdiag.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: SRVANY.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: NETDOM.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: UPHCLEAN.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: XPEPM.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: SCHTASKS.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: DenyAccess.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: WindowsUpdates.vbs <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: Banner.wsf <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: DiskProtect.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: GetStarted.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: CheckWDP.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: ProfileMgr.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: Restrict.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: ntbackup.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: cleanmgr.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: migwiz.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: msinfo32.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: rstrui.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: CACLS.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: HelpCtr.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: HelpPane.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: Reg.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: C:\Program Files\Windows SteadyState\SCTUI.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com?cid={7FA26134-E4B8-45CC-AEDF-D2320A3E99C3}&mid=896c054a09254ab4ec93813674d76442-0&lang=en&ds=AVG&coid=&cmpid=&pr=fr&d=2012-03-23 16:27:42&v=18.5.0.909&pid=avg&sg=0&sap=hp
URLSearchHook: [S-1-5-21-2025429265-651377827-839522115-1009] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-2025429265-651377827-839522115-1011] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-2025429265-651377827-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7FA26134-E4B8-45CC-AEDF-D2320A3E99C3}&mid=896c054a09254ab4ec93813674d76442-0&lang=en&ds=AVG&pr=fr&d=2012-03-23 16:27:42&v=13.2.0.5&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2025429265-651377827-839522115-1010 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2025429265-651377827-839522115-1010 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7FA26134-E4B8-45CC-AEDF-D2320A3E99C3}&mid=896c054a09254ab4ec93813674d76442-0&lang=en&ds=AVG&pr=fr&d=2012-03-23 16:27:42&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll No File
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2014-09-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-09-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-03-13]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.5.0.909
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.5.0.909 [2014-09-21]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - D:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - D:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
S2 vToolbarUpdater18.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [X]
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
U2 CertPropSvc; No ImagePath
S3 cpuz135; \??\D:\DOCUME~1\RVS\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [X]
S4 IntelIde; No ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 yukonwxp; system32\DRIVERS\yk51x86.sys [X]

Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\WINDOWS\TEMP\{5DD8E2A0-1294-4111-A688-E5B3E4DFAC0A}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{51CD7222-DEF0-419D-BA18-090FA6D256BE}.exe <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 goved

goved
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 07 June 2015 - 10:06 AM

Hello  Nasdaq,thanks for  your help.I ran both instruments and there are logs: 

from FRST:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015
Ran by HQ at 2001-01-01 19:42:06 Run:1
Running from D:\Documents and Settings\RVS\Desktop
Loaded Profiles: HQ & RVS & User & Administrator (Available Profiles: HQ & RVS & User & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
() C:\Program Files\AVG Secure Search\vprot.exe
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2571288 2014-07-04] ()
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: MMC.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: DISKPART.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: NET.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: REG.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: REGINI.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: GPEDIT.MSC <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: XCOPY.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: RENAME.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: REN.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: CONTROL.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: diskmgmt.msc <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: nusrmgr.cpl <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: ETPREP.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: EWFMGR.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: ConfigWizards.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: DDEShare.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: RegSvcs.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: regsvr32.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: shrpubw.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: spuninst.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: fsquirt.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: dxdiag.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: SRVANY.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: NETDOM.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: UPHCLEAN.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: XPEPM.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: SCHTASKS.EXE <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: DenyAccess.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: WindowsUpdates.vbs <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: Banner.wsf <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: DiskProtect.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: GetStarted.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: CheckWDP.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: ProfileMgr.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: Restrict.hta <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: ntbackup.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: cleanmgr.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: migwiz.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: msinfo32.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: rstrui.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: CACLS.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: HelpCtr.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: HelpPane.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: Reg.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010 Group Policy restriction on software: C:\Program Files\Windows SteadyState\SCTUI.exe <====== ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2025429265-651377827-839522115-1010\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com?cid={7FA26134-E4B8-45CC-AEDF-D2320A3E99C3}&mid=896c054a09254ab4ec93813674d76442-0&lang=en&ds=AVG&coid=&cmpid=&pr=fr&d=2012-03-23 16:27:42&v=18.5.0.909&pid=avg&sg=0&sap=hp
URLSearchHook: [S-1-5-21-2025429265-651377827-839522115-1009] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-2025429265-651377827-839522115-1011] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-2025429265-651377827-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7FA26134-E4B8-45CC-AEDF-D2320A3E99C3}&mid=896c054a09254ab4ec93813674d76442-0&lang=en&ds=AVG&pr=fr&d=2012-03-23 16:27:42&v=13.2.0.5&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2025429265-651377827-839522115-1010 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2025429265-651377827-839522115-1010 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7FA26134-E4B8-45CC-AEDF-D2320A3E99C3}&mid=896c054a09254ab4ec93813674d76442-0&lang=en&ds=AVG&pr=fr&d=2012-03-23 16:27:42&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll No File
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2014-09-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-09-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-03-13]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.5.0.909
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.5.0.909 [2014-09-21]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - D:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - D:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
S2 vToolbarUpdater18.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [X]
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
U2 CertPropSvc; No ImagePath
S3 cpuz135; \??\D:\DOCUME~1\RVS\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [X]
S4 IntelIde; No ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 yukonwxp; system32\DRIVERS\yk51x86.sys [X]
 
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\WINDOWS\TEMP\{5DD8E2A0-1294-4111-A688-E5B3E4DFAC0A}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{51CD7222-DEF0-419D-BA18-090FA6D256BE}.exe <==== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\AVG Secure Search\vprot.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully.
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-2025429265-651377827-839522115-1010 => Group Policy Restriction on software restored successfully
"HKU\S-1-5-21-2025429265-651377827-839522115-1010\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-2025429265-651377827-839522115-1010\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
"HKU\S-1-5-21-2025429265-651377827-839522115-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKU\S-1-5-21-2025429265-651377827-839522115-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0022-ABCDEFABCDEF}" => key removed successfully.
"HKCR\CLSID\{CAFECAFE-0013-0001-0022-ABCDEFABCDEF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\viprotocol" => key removed successfully.
"HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => key removed successfully.
"HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully.
C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml => moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml => moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} => moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\avg@toolbar => value removed successfully.
C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.5.0.909 => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla" => key removed successfully.
D:\Program Files\AVG\AVG2012\Chrome\safesearch.crx => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => key removed successfully.
D:\Program Files\AVG\AVG2012\Chrome\donottrack.crx => moved successfully.
vToolbarUpdater18.5.0 => Service removed successfully.
AgereSoftModem => Service removed successfully.
CertPropSvc => Service removed successfully.
cpuz135 => Service removed successfully.
IntelIde => Service removed successfully.
Partizan => Service removed successfully.
yukonwxp => Service removed successfully.
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => moved successfully.
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:42:20 ====
 
There is log by AdwCleaner: It is only scanning log ,didn't ran the Clean button ,because there are many registry entries and i'm not sure must i delete them all.Tell me please is it safe to clean those registry entries.
   # AdwCleaner v4.206 - Logfile created 01/01/2001 at 19:55:40
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : HQ - LAPTOP
# Running from : D:\Documents and Settings\RVS\Desktop\adwcleaner_4.206.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\User.LAPTOP.000\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\IGearSettings
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
*************************
 
AdwCleaner[R0].txt - [4132 bytes] - [01/01/2001 19:55:40]
 
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [4191 bytes] ##########
 Computer now is running better ,I still haven't tried to sign in with my blocked account,will try after performing cleaning process with AdwCleaner.Wait for your advise


#4 goved

goved
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 07 June 2015 - 10:47 AM

well,i've done cleaning process with AdwCleaner and there is a log:

 

# AdwCleaner v4.206 - Logfile created 01/01/2001 at 20:35:26
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : HQ - LAPTOP
# Running from : D:\Documents and Settings\RVS\Desktop\adwcleaner_4.206.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User.LAPTOP.000\Local Settings\Application Data\AVG Secure Search
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\IGearSettings
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
*************************
 
AdwCleaner[R0].txt - [4268 bytes] - [01/01/2001 19:55:40]
AdwCleaner[S0].txt - [4291 bytes] - [01/01/2001 20:35:26]
 
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4350  bytes] ##########
 
I tried to sign in with my blocked account-was succesful but took 15 minutes.Can we do some steps to improve time for signinig in?
And one more question-must i uninstal AVG antivirus?Is it still compromised?

Edited by goved, 07 June 2015 - 11:12 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 PM

Posted 08 June 2015 - 06:32 AM

AVG could be compromised.

Download their uninstaller from this site.

http://www.avg.com/us-en/utilities

Restart the computer normally when executed and reinstall it.

If still a problem with signing to this forum remove the cookies from this site.

How is it now?

#6 goved

goved
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 08 June 2015 - 07:27 AM

Hello Nasdaq,

I have no problem  signing to this site after the script was executed.PC works properly now.I'll uninstall the AVG.Thanks for the help Nasdaq.Appreciate all of your attention.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 PM

Posted 08 June 2015 - 07:52 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 goved

goved
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 08 June 2015 - 07:54 AM

Thanks again,must i delete all of the instruments wich  have been  used?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 PM

Posted 09 June 2015 - 08:32 AM

You can keep the AdwCleaner and the Farbar tool.

You can delete the files created cleaning this computer.

#10 goved

goved
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 June 2015 - 08:41 AM

Ok,thanks again

 Best regards



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:34 PM

Posted 15 June 2015 - 08:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users