|
Post by aninchour on Nov 1, 2014 17:44:49 GMT -8
|
|
|
Post by delphie on Nov 1, 2014 19:46:55 GMT -8
Good job. Logs look good. One of the removers will be along when they can to look at the logs.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 3, 2014 0:38:08 GMT -8
You have more than poweliks and some odd entries to boot
I will script for your system once I have had some sleep.
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 3, 2014 9:59:26 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by aninchour on Nov 3, 2014 16:32:38 GMT -8
Ok done.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014 Ran by Andrew at 2014-11-03 19:20:30 Run:1 Running from C:\Users\Andrew\Desktop Loaded Profile: Andrew (Available profiles: Andrew) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TelevisionFanatic EPM Support] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe [12872 2014-08-04] (Mindspark Interactive Network, Inc.) HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe [55368 2014-08-04] (Mindspark) HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe [61512 2014-08-04] (VER_COMPANY_NAME) HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader 64] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon64.exe [71752 2014-08-04] (VER_COMPANY_NAME) C:\Program Files (x86)\TelevisionFanatic HKLM-x32\...\RunOnce: [Del19114490] => C:\Users\Andrew\AppData\Local\Temp\0.del [108032 2013-04-12] () HKLM-x32\...\RunOnce: [Del19193770] => C:\Users\Andrew\AppData\Local\Temp\0.del [108032 2013-04-12] () HKLM-x32\...\RunOnce: [Del19194955] => C:\Users\Andrew\AppData\Local\Temp\0.del [108032 2013-04-12] () HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1043968 2014-11-01] () C:\Program Files (x86)\WSE_Astromenda HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\...\RunOnce: [Del19114318] => C:\Users\Andrew\AppData\Local\Temp\0.del [108032 2013-04-12] () <===== ATTENTION HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\Andrew\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat" HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\...\RunOnce: [Del19193770] => C:\Users\Andrew\AppData\Local\Temp\0.del [108032 2013-04-12] () <===== ATTENTION HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\...\RunOnce: [Del19194955] => C:\Users\Andrew\AppData\Local\Temp\0.del [108032 2013-04-12] () <===== ATTENTION C:\Users\Andrew\AppData\Roaming\WSE_Astromenda HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = astromenda.com/?f=1&a=ast_dnldstr_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0C0ByE0DtA0CtD0AyBzytN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0B0ByBtAyE0BtGyC0E0FzztGyE0E0AyEtG0ByB0BzytGyEyCzz0CyCzz0Dzyzz0CyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyEtB0Dzy0A0CtAtGtA0AyB0BtGyE0FyCtAtGzz0EtAyBtG0CtAtDtA0C0ByBzzzz0CyC0A2Q&cr=304118418&ir= URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (Mindspark) SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^XP^xdm003^YYA^99&si=CPWvn_P4-b8CFZTm7Aodj1IAAQ&ptb=28BE4716-96D7-4726-AB48-7BAEC5FC7D09&psa=&ind=2014080411&st=sb&n=780c6d9b&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {4E6E655C-15B6-476F-BE78-699421D6D63E} URL = astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0C0ByE0DtA0CtD0AyBzytN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0B0ByBtAyE0BtGyC0E0FzztGyE0E0AyEtG0ByB0BzytGyEyCzz0CyCzz0Dzyzz0CyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyEtB0Dzy0A0CtAtGtA0AyB0BtGyE0FyCtAtGzz0EtAyBtG0CtAtDtA0C0ByBzzzz0CyC0A2Q&cr=304118418&ir= SearchScopes: HKCU - {4E6E655C-15B6-476F-BE78-699421D6D63E} URL = astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0C0ByE0DtA0CtD0AyBzytN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0B0ByBtAyE0BtGyC0E0FzztGyE0E0AyEtG0ByB0BzytGyEyCzz0CyCzz0Dzyzz0CyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyEtB0Dzy0A0CtAtGtA0AyB0BtGyE0FyCtAtGzz0EtAyBtG0CtAtDtA0C0ByBzzzz0CyC0A2Q&cr=304118418&ir= SearchScopes: HKCU - {77B0F640-E20E-4EA3-8672-E783DAAD949F} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3294791&CUI=UN30055205141267775&UM=2 SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = search.tb.ask.com/search/GGmain.jhtml?p2=^XP^xdm003^YYA^99&si=CPWvn_P4-b8CFZTm7Aodj1IAAQ&ptb=28BE4716-96D7-4726-AB48-7BAEC5FC7D09&psa=&ind=2014080411&st=sb&n=780c6d9b&searchfor={searchTerms} SearchScopes: HKCU - {D478C811-638A-47F4-BE5C-4B6E6ED1F0B7} URL = search.conduit.com/Results.aspx?ctid=CT3300024&SearchSource=45&UM=2&q={searchTerms} BHO-x32: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (Mindspark) BHO-x32: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (Mindspark) Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (Mindspark) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF Plugin-x32: @televisionfanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (Mindspark) FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Andrew\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll No File R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [88648 2014-08-04] (COMPANYVERS_NAME) S2 0292491409866734mcinstcleanup; C:\Users\Andrew\AppData\Local\Temp\029249~1.EXE -cleanup -nolog [X] 2014-11-01 21:31 - 2014-11-01 21:31 - 00003240 _____ () C:\Windows\System32\Tasks\WSE_Astromenda 2014-11-01 21:31 - 2014-11-01 21:31 - 00002319 _____ () C:\Users\Public\Desktop\Driver Support.lnk 2014-11-01 21:31 - 2014-11-01 21:31 - 00000296 _____ () C:\Windows\Tasks\WSE_Astromenda.job 2014-11-01 21:31 - 2014-11-01 21:31 - 00000000 ____D () C:\ProgramData\BoostSoftware 2014-11-01 21:30 - 2014-11-01 21:31 - 00003240 _____ () C:\Windows\System32\Tasks\UpdaterEX 2014-11-01 21:30 - 2014-11-01 21:31 - 00000296 _____ () C:\Windows\Tasks\UpdaterEX.job 2014-11-01 21:30 - 2014-11-01 21:31 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\WSE_Astromenda 2014-11-01 21:30 - 2014-11-01 21:31 - 00000000 ____D () C:\Program Files (x86)\WSE_Astromenda 2014-11-01 21:30 - 2014-11-01 21:30 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\UpdaterEX 2014-11-01 21:30 - 2014-11-01 21:30 - 00000000 ____D () C:\Program Files\TermTutor 2014-11-01 21:30 - 2014-11-01 21:30 - 00000000 ____D () C:\Program Files (x86)\TermTutor BHO-x32: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll (Term Tutor) BHO: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files\TermTutor\IE\TermTutorClientIE.dll (Term Tutor) C:\Users\Andrew\AppData\Local\Temp\0.del C:\Users\Andrew\AppData\Local\Temp\100.4172974291363_Update.exe C:\Users\Andrew\AppData\Local\Temp\37.366550711985305_Update.exe C:\Users\Andrew\AppData\Local\Temp\636.8241174412461_Update.exe C:\Users\Andrew\AppData\Local\Temp\ASTStubSetup.exe C:\Users\Andrew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2x_wbm.dll C:\Users\Andrew\AppData\Local\Temp\rootsupd.exe Task: {1D3AD248-2B8D-4770-983A-3A82999CCF4C} - System32\Tasks\WSE_Astromenda => C:\Users\Andrew\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-11-01] () Task: {43FD13FC-5F31-4883-A034-2E0EC424FACC} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {92E37A96-2186-48F9-ABCF-53A4A46A836F} - System32\Tasks\UpdaterEX => C:\Users\Andrew\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {B57A0A31-1CDA-4A18-AD81-1533076EF650} - System32\Tasks\4790 => Wscript.exe C:\Users\Andrew\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Andrew\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Andrew\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! CustomCLSID: HKU\S-1-5-21-1245008364-3988840412-1648836247-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? Reboot: end *****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic EPM Support => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Search Scope Monitor => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Browser Plugin Loader => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Browser Plugin Loader 64 => Value not found. C:\Program Files (x86)\TelevisionFanatic => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Del19114490 => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Del19193770 => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Del19194955 => Value not found. HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully. HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BRS => Value not found. C:\Program Files (x86)\WSE_Astromenda => Moved successfully. HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del19114318 => Value not found. HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WSE_Astromenda => Value not found. HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del19193770 => Value not found. HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del19194955 => Value not found. C:\Users\Andrew\AppData\Roaming\WSE_Astromenda => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E6E655C-15B6-476F-BE78-699421D6D63E}" => Key deleted successfully. "HKCR\CLSID\{4E6E655C-15B6-476F-BE78-699421D6D63E}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77B0F640-E20E-4EA3-8672-E783DAAD949F}" => Key deleted successfully. "HKCR\CLSID\{77B0F640-E20E-4EA3-8672-E783DAAD949F}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key deleted successfully. "HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D478C811-638A-47F4-BE5C-4B6E6ED1F0B7}" => Key deleted successfully. "HKCR\CLSID\{D478C811-638A-47F4-BE5C-4B6E6ED1F0B7}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@televisionfanatic.com/Plugin" => Key deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll not found. "HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3" => Key deleted successfully. C:\Users\Andrew\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll not found. TelevisionFanaticService => Service deleted successfully. 0292491409866734mcinstcleanup => Service deleted successfully. C:\Windows\System32\Tasks\WSE_Astromenda => Moved successfully. "C:\Users\Public\Desktop\Driver Support.lnk" => File/Directory not found. C:\Windows\Tasks\WSE_Astromenda.job => Moved successfully. C:\ProgramData\BoostSoftware => Moved successfully. "C:\Windows\System32\Tasks\UpdaterEX" => File/Directory not found. "C:\Windows\Tasks\UpdaterEX.job" => File/Directory not found. "C:\Users\Andrew\AppData\Roaming\WSE_Astromenda" => File/Directory not found. "C:\Program Files (x86)\WSE_Astromenda" => File/Directory not found. C:\Users\Andrew\AppData\Roaming\UpdaterEX => Moved successfully. C:\Program Files\TermTutor => Moved successfully. C:\Program Files (x86)\TermTutor => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D}" => Key deleted successfully. "HKCR\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}" => Key deleted successfully. "C:\Users\Andrew\AppData\Local\Temp\0.del" => File/Directory not found. "C:\Users\Andrew\AppData\Local\Temp\100.4172974291363_Update.exe" => File/Directory not found. "C:\Users\Andrew\AppData\Local\Temp\37.366550711985305_Update.exe" => File/Directory not found. "C:\Users\Andrew\AppData\Local\Temp\636.8241174412461_Update.exe" => File/Directory not found. C:\Users\Andrew\AppData\Local\Temp\ASTStubSetup.exe => Moved successfully. "C:\Users\Andrew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2x_wbm.dll" => File/Directory not found. C:\Users\Andrew\AppData\Local\Temp\rootsupd.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D3AD248-2B8D-4770-983A-3A82999CCF4C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D3AD248-2B8D-4770-983A-3A82999CCF4C}" => Key deleted successfully. C:\Windows\System32\Tasks\WSE_Astromenda not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43FD13FC-5F31-4883-A034-2E0EC424FACC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43FD13FC-5F31-4883-A034-2E0EC424FACC}" => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92E37A96-2186-48F9-ABCF-53A4A46A836F}" => Key not found. C:\Windows\System32\Tasks\UpdaterEX not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B57A0A31-1CDA-4A18-AD81-1533076EF650}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B57A0A31-1CDA-4A18-AD81-1533076EF650}" => Key deleted successfully. C:\Windows\System32\Tasks\4790 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4790" => Key deleted successfully. C:\Windows\Tasks\UpdaterEX.job not found. C:\Windows\Tasks\WSE_Astromenda.job not found. "HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-1245008364-3988840412-1648836247-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. "HKU\S-1-5-21-1245008364-3988840412-1648836247-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
The system needed a reboot.
==== End of Fixlog ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 3, 2014 16:44:08 GMT -8
Ok, by the log output you have done things to the system in the meantime which means the logs and scripts were null and void.
Quads
|
|