Jump to content

ilikenemo

Members
  • Content Count

    255
  • Joined

  • Last visited

About ilikenemo

  • Rank
    Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Luton (about 30 miles from London)

Previous Fields

  • Teams:
    Nothing Selected
  1. I will have a good look over the preventative tips, I have no idea where this thing came from. Thanks again
  2. Heres the log Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013Ran by snowman at 2013-12-02 21:18:21 Run:3Running from C:UserssnowmanDownloadsBoot Mode: Normal==============================================Content of fixlist:*****************startDeleteQuarantine:end*****************C:FRSTQuarantine => Removed successfully.==== End of Fixlog ==== Thankyou so much for your help
  3. Yay I've finally managed to download itunes
  4. Hi, heres the log Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013Ran by snowman at 2013-12-02 20:49:34 Run:2Running from C:UserssnowmanDownloadsBoot Mode: Normal==============================================Content of fixlist:*****************C:#GDATA.Trash.Store#{1C4CECF8-F146-4F9F-B4CD-9B02244D4E1A}C:UserssnowmanAppDataRoamingAVGRescuePC Tuneup 2011111111111706908.rscC:UserssnowmanAppDataRoamingMicrosoftWindowsTemplatesFreeAppsSetup.exeC:UserssnowmanDownloadssd-setup(1).exeC:UserssnowmanDownloadssd-setup.exeC:UserssnowmanDownloadsspeedupmypc.exe*****************C:#GDATA.Trash.Store#{1C4CECF8-F146-4F9F-B4CD-9B02244D4E1A} => Moved successfully.C:UserssnowmanAppDataRoamingAVGRescuePC Tuneup 2011111111111706908.rsc => Moved successfully.C:UserssnowmanAppDataRoamingMicrosoftWindowsTemplatesFreeAppsSetup.exe => Moved successfully.C:UserssnowmanDownloadssd-setup(1).exe => Moved successfully.C:UserssnowmanDownloadssd-setup.exe => Moved successfully.C:UserssnowmanDownloadsspeedupmypc.exe => Moved successfully.==== End of Fixlog ==== Hope Ive done it right I managed to get rid of farbar and had to download it again Comp seems a bit faster. I'll have a go at downloading itunes now. Thanks
  5. Heres the results. C:#GDATA.Trash.Store#{1C4CECF8-F146-4F9F-B4CD-9B02244D4E1A} probably a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesCommon FilesSpigotSearch SettingsSearchSettings.exe.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesCommon FilesSpigotSearch SettingsSearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A applicationC:AdwCleanerQuarantineCProgram FilesCommon FilesSpigotSearch Settingswth160.dll.vir Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.10.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.11.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.12.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.13.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.14.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.15.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.16.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.17.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.18.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.19.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.20.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.21.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.22.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.5.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.6.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.7.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.8.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.9.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgramDataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B applicationC:UserssnowmanAppDataLocalLowSunJavaDeploymentcache6.0294fd1631d-768831a8 multiple threatsC:UserssnowmanAppDataLocalLowSunJavaDeploymentcache6.039114ed67-5e7e54a9 multiple threatsC:UserssnowmanAppDataLocalLowSunJavaDeploymentcache6.041b2867e9-2f851005 Java/Exploit.Agent.OYK trojanC:UserssnowmanAppDataLocalLowSunJavaDeploymentcache6.06044373fc-2ec5a5c2 multiple threatsC:UserssnowmanAppDataRoamingAVGRescuePC Tuneup 2011111111111706908.rsc a variant of Java/JShrink.A applicationC:UserssnowmanAppDataRoamingMicrosoftWindowsTemplatesFreeAppsSetup.exe probably a variant of Win32/FreeNew applicationC:UserssnowmanDownloadsAVG AntiVirus.exe a variant of Win32/AirAdInstaller.A applicationC:UserssnowmanDownloadssd-setup(1).exe a variant of Win32/ELEX applicationC:UserssnowmanDownloadssd-setup.exe a variant of Win32/ELEX applicationC:UserssnowmanDownloadsspeedupmypc.exe Win32/SpeedUpMyPC application
  6. Still having a prob with jrt so I'm doing the eset scan now, results soon
  7. Hi, Haven't been on the laptop since Friday as haven't had a moment. Going to run jrt now. I always disconnect my laptop from the net when I'm not using it. I'm jsut a bit worried about using it now Thanks again, will post results soon.
  8. Hi, I have run ccleaner, will do the rest tomorrow as it's late here. When I've completed all the scans do I need to rerun any scans? Thanks
  9. Hi, I've been able to download the programs you've asked me to so thats good I'm running jrt at the moment but it seems stuck on checking processes, so far it says: creating a registry backup checking start up checking modules Error: server execution failed checking processes It's been here for at least 10 mins, the little underscore is still flashing so I guess it's still running. Thanks again for your help Will pots the other results as soon as there done, it's getting late here now so hopefully they won't take too long. I'm using my sons computer at the moment to let you know how its going so far and to let you know I haven't gone
  10. Hi, heres the adwcleaner log: # AdwCleaner v3.013 - Report created 29/11/2013 at 21:25:06# Updated 24/11/2013 by Xplode# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)# Username : snowman - SNOWMAN-PC# Running from : C:UserssnowmanDownloadsAdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:UserssnowmanAppDataLocalLowAVG Security ToolbarFolder Deleted : C:UserssnowmanAppDataLocalLowSearch SettingsFolder Deleted : C:UserssnowmanAppDataRoamingMicrosoftWindowsStart MenuProgramsBrowser ManagerFolder Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultConduitFolder Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultFCTBFolder Deleted : C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahlaFolder Deleted : C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjpFile Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultBrowserMngr_extensions.sqliteFile Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultbrowsermngr_prefs.jsFile Deleted : C:Program FilesMozilla Firefoxsearchpluginsavg-secure-search.xmlFile Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultsearchpluginsdaemon-search.xml***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLMSOFTWAREClassesAppIDGenericAskToolbar.DLLKey Deleted : HKLMSOFTWAREMicrosoftShared ToolsMSConfigstartupregSearchSettingsKey Deleted : HKLMSOFTWAREClassesAppID{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Deleted : HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLMSOFTWAREClassesCLSID{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLMSOFTWAREClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLMSOFTWAREClassesCLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLMSOFTWAREClassesInterface{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLMSOFTWAREClassesInterface{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLMSOFTWAREClassesInterface{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLMSOFTWAREClassesTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{03EB0E9C-7A91-4381-A220-9B52B641CDB1}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{32099AAC-C132-4136-9E9A-4E364A424E17}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{03EB0E9C-7A91-4381-A220-9B52B641CDB1}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{03EB0E9C-7A91-4381-A220-9B52B641CDB1}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKCUSoftwareAsk.comKey Deleted : HKCUSoftwareMyfree CodecKey Deleted : HKCUSoftwareSearch SettingsKey Deleted : HKCUSoftwareYahooPartnerToolbarKey Deleted : HKCUSoftwareAppDataLowAskToolbarInfoKey Deleted : HKCUSoftwareAppDataLowSoftwareAskToolbarKey Deleted : HKCUSoftwareAppDataLowSoftwareAVG Security ToolbarKey Deleted : HKCUSoftwareAppDataLowSoftwareSearch SettingsKey Deleted : HKLMSoftwareApplication UpdaterKey Deleted : HKLMSoftwareAVG Security ToolbarKey Deleted : HKLMSoftwareBrowserMngrKey Deleted : HKLMSoftwareConduitKey Deleted : HKLMSoftwareDataMngrKey Deleted : HKLMSoftwareDeviceVMKey Deleted : HKLMSoftwareMyfree CodecKey Deleted : HKLMSoftwareSearch SettingsKey Deleted : HKLMSoftwareTarma InstallerKey Deleted : HKLMSoftwareUniblueKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallMyFreeCodecKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheAVG Secure SearchKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheMyFreeCodecKey Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components00E944CB89111313EAF35A0553F547F9Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components53F55AF3F4049ED3FA6EA6F88E414E24Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components68E4BF4B11615E03C97732FD581AB607Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8CE3DDAB2D152683FBCEB4866BCD2B0FKey Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAF6CE16AFEA5C9A39B766468A8B35C21Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsFB1E44269B58F433A8C8E671E37CFDCF***** [ Browsers ] *****- Internet Explorer v8.0.6001.19437- Mozilla Firefox v5.0 (en-US)[ File : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultprefs.js ]Line Deleted : user_pref("CT2384137.CTID", "CT2384137");Line Deleted : user_pref("CT2384137.DialogsAlignMode", "LTR");Line Deleted : user_pref("CT2384137.EMailNotifierPollDate", "Wed Dec 02 2009 17:27:00 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedLastCount129027572955594721", 100);Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531254", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531255", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531256", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531257", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531258", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedTTL129027572956531254", 40);Line Deleted : user_pref("CT2384137.FeedTTL129027572956531255", 40);Line Deleted : user_pref("CT2384137.FeedTTL129027572956531256", 40);Line Deleted : user_pref("CT2384137.FeedTTL129027572956531257", 40);Line Deleted : user_pref("CT2384137.FeedTTL129027572956531258", 40);Line Deleted : user_pref("CT2384137.FirstTime", true);Line Deleted : user_pref("CT2384137.FirstTimeFF3", true);Line Deleted : user_pref("CT2384137.GroupingServerCheckInterval", 1440);Line Deleted : user_pref("CT2384137.Initialize", true);Line Deleted : user_pref("CT2384137.InitializeCommonPrefs", true);Line Deleted : user_pref("CT2384137.InstalledDate", "Wed Dec 02 2009 17:26:42 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.InvalidateCache", false);Line Deleted : user_pref("CT2384137.IsGrouping", false);Line Deleted : user_pref("CT2384137.IsMulticommunity", false);Line Deleted : user_pref("CT2384137.IsOpenThankYouPage", true);Line Deleted : user_pref("CT2384137.IsOpenUninstallPage", true);Line Deleted : user_pref("CT2384137.LanguagePackLastCheckTime", "Wed Dec 02 2009 17:26:42 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.LanguagePackReloadIntervalMM", 1440);Line Deleted : user_pref("CT2384137.LastLogin_2.4.0.4", "Wed Dec 02 2009 17:27:01 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.LatestVersion", "2.1.0.18");Line Deleted : user_pref("CT2384137.Locale", "en");Line Deleted : user_pref("CT2384137.LoginCache", 4);Line Deleted : user_pref("CT2384137.MCDetectTooltipHeight", "83");Line Deleted : user_pref("CT2384137.MCDetectTooltipWidth", "295");Line Deleted : user_pref("CT2384137.RadioIsPodcast", false);Line Deleted : user_pref("CT2384137.RadioLastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.RadioLastUpdateIPServer", "4");Line Deleted : user_pref("CT2384137.RadioLastUpdateServer", "128998424480370000");Line Deleted : user_pref("CT2384137.RadioMediaID", "12743586");Line Deleted : user_pref("CT2384137.RadioMediaType", "Media Player");Line Deleted : user_pref("CT2384137.RadioMenuSelectedID", "EBRadioMenu_CT238413712743586");Line Deleted : user_pref("CT2384137.RadioStationName", "Radio%20IO%20-%2080s%20New%20Wave%20");Line Deleted : user_pref("CT2384137.SHRINK_TOOLBAR", 1);Line Deleted : user_pref("CT2384137.SearchFromAddressBarIsInit", true);Line Deleted : user_pref("CT2384137.SearchInNewTabEnabled", true);Line Deleted : user_pref("CT2384137.SearchInNewTabIntervalMM", 1440);Line Deleted : user_pref("CT2384137.SearchInNewTabLastCheckTime", "Wed Dec 02 2009 17:27:01 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.SettingsCheckIntervalMin", 120);Line Deleted : user_pref("CT2384137.SettingsLastCheckTime", "Wed Dec 02 2009 17:26:38 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.SettingsLastUpdate", "1258978429");Line Deleted : user_pref("CT2384137.ThirdPartyComponentsInterval", 72);Line Deleted : user_pref("CT2384137.ThirdPartyComponentsLastCheck", "Wed Dec 02 2009 17:26:38 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.ThirdPartyComponentsLastUpdate", "1258978429");Line Deleted : user_pref("CT2384137.UserID", "UN25072000087283417");Line Deleted : user_pref("CT2384137.WeatherNetwork", "");Line Deleted : user_pref("CT2384137.WeatherPollDate", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.WeatherUnit", "C");Line Deleted : user_pref("CT2384137.alertChannelId", "778910");Line Deleted : user_pref("CT2384137.clientLogIsEnabled", true);Line Deleted : user_pref("CT2384137.myStuffEnabled", true);Line Deleted : user_pref("CT2384137.myStuffPublihserMinWidth", 400);Line Deleted : user_pref("CT2384137.myStuffServiceIntervalMM", 1440);Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2384137");Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Dec 02 2009 18:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Dec 02 2009 17:26:38 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);Line Deleted : user_pref("CommunityToolbar.alert.userId", "{55274040-4185-4ed4-8ad7-2e51b49eec68}");Line Deleted : user_pref("CommunityToolbar.twitter.user_14372486.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.twitter.user_20278298.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.twitter.user_717313.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.twitter.user_819800.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110823&tt=270912_7a_3912_4");Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "29");Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "GB");Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "7C25829B735E85A647E9A2BD23B8C1D2");Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);Line Deleted : user_pref("extensions.BabylonToolbar.id", "56d8bdb300000000000000224350b6d7");Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15611");Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");Line Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1211:54:21");Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Line Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1211:54:21");Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=270912_7a_3912_4");Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1211:54:21");Line Deleted : user_pref("[email protected]", true);Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url("I[...]Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?://(.+.)?ask.com/.*");Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url("IMAGE") right no-repeat}");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.2803282.KeywordHistory", "homebase%7Csaving%2520emails%2520in%2520thunderbird%7Cremoving%2520rootkit%7Ccan%2527t%2520download%7Cpc%2520pitstop");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.AutoSearchEventData", "auto%20search");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.ClearCacheDate", 29);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DNSCatch", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DisplayEULA", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DnsCatchEventData", "dns%20catch");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.EBOMode", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.EnableDCAData_xx", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.EnableDCA_xx", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.FirstLaunchShown", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.InstallDomain", "freecause.com");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.InstallType", "one_click");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.LoadLayoutDate.61465", 29);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.NewTabSearchEventData", "tab%20search");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.ShowRecommendedOptions", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.StateReportDate", "1385668151657");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.TopRightSearchEventData", "top%20right%20search");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeInstallSaved", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.homepage", "hxxp%3A//isearch.avg.com%3Fcid%3D%257B42627fd8-d1c0-4b92-9f03-7b364cc15f51%257D%26mid%3Dd04c432fad894e52fe8cd5807b24b383-[...]Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.search", "Google");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.affiliate.2803296.disabled", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_img", "aHR0cDovL3MzdG9vbGJhci5mcmVlY2F1c2UuY29tL3lhaG9vX3B1cnBsZV95YmFuZy5wbmc%3D");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_url", "aHR0cDovL3VrLnNlYXJjaC55YWhvby5jb20vc2VhcmNoP291cm1hcms9MSZlaT11dGYtOCZmcj1uZWN0YXItdGItdjImc2x2OC0mdHlwZT0ldG9vb[...]Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.text", "Search%20to%20Collect%20Nectar%20Points");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.customNewTab", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaDefaultMode", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaShowInstallerPage", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaShowSurvey", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.helpUsImprove", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.hideOthers", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.partnerauth", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.processAddrBar", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.restoreSearch", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.", "1385749624");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.123", "61684");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1349964241", "nectar_oct_promo_event_1349964241");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1350495592", "nectar_oct_promo_event_1350495592");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1350844908", "nectar_oct_promo_event_1350844908");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1351625212", "nectar_oct_promo_event_1351625212");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1346593733", "nectar_sept_promo_1346593733");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1347019761", "nectar_sept_promo_1347019761");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1347547149", "nectar_sept_promo_1347547149");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1348224782", "nectar_sept_promo_1348224782");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1348253890", "nectar_sept_promo_1348253890");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1348948781", "nectar_sept_promo_1348948781");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.searchHistory", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.session", "9F24A9E7A4EB6FD6271AE2DE2FABF8F54DC0734E66547268982FACE4FA88DA3AD5D2B92C7A2D90C46F3AA27B92525278866A2621A04FA96A99F8E87CE362528ED01434DF[...]Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.showFirstLaunchOptions", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.tb_lang", "en");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.tool_id", "61465");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_id", "119589599");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_key", "357c13f3d6e795f9c1bf0ca832523bda815d31a3");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_layouts", "61465");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_lnames", "Nectar%20Search%20Toolbar");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.yahooSearch", false);Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");- Google Chrome v[ File : C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultpreferences ]*************************AdwCleaner[R0].txt - [28938 octets] - [28/11/2013 19:11:50]AdwCleaner[R1].txt - [26527 octets] - [29/11/2013 21:18:38]AdwCleaner[R2].txt - [26588 octets] - [29/11/2013 21:21:27]AdwCleaner[s0].txt - [884 octets] - [28/11/2013 19:19:06]AdwCleaner[s1].txt - [27052 octets] - [29/11/2013 21:25:06]########## EOF - C:AdwCleanerAdwCleaner[s1].txt - [27113 octets] ##########
  11. Heres the addition one: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-11-2013Ran by snowman at 2013-11-29 19:22:13Running from C:UserssnowmanDownloadsBoot Mode: Normal============================================================================== Security Center ============================================ Installed Programs ======================2007 Microsoft Office system (Version: 12.0.4518.1014)ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)Activation Assistant for the 2007 Microsoft Office suitesActivation Assistant for the 2007 Microsoft Office suites (Version: 1.0)Adobe AIR (Version: 2.7.0.19530)Adobe Download Assistant (Version: 1.0.2)Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)Adobe Flash Player 11 Plugin (Version: 11.7.700.202)Adobe Reader X (10.1.5) (Version: 10.1.5)Adobe Shockwave Player 11.5 (Version: 11.5.9.615)Advanced SystemCare 6 (Version: 6.3)Agere Systems HDA ModemApple Application Support (Version: 2.1.9)Apple Software Update (Version: 2.1.3.127)ASUS Power4Gear Hybrid (Version: 1.1.02)ASUS Splendid Video Enhancement Technology (Version: 1.02.0021)Atheros Client Installation Program (Version: 7.0)ATK Generic Function Service (Version: 1.00.0008)ATK Hotkey (Version: 1.0.0040)ATKOSD2 (Version: 6.64.1.6)AVG 2014 (Version: 14.0.3629)AVG 2014 (Version: 14.0.4259)AVG 2014 (Version: 2014.0.4259)Bonjour (Version: 3.0.0.10)Boulder Dash-XL (Version: 1.0.0.0)CCleaner (Version: 3.28)Cisco EAP-FAST Module (Version: 2.1.6)Cisco LEAP Module (Version: 1.0.12)Cisco PEAP Module (Version: 1.0.13)Coupon Printer (Version: 2.0)CyberLink Power2Go (Version: 6.0.1924)DHTML Editing Component (Version: 6.02.0001)D-Link VGA WebcamElevated Installer (Version: 2.1.13)Epson Easy Photo Print 2 (Version: 2.2.4.0)Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)Epson Event Manager (Version: 2.40.0009)EPSON ScanEPSON Stylus SX100_TX100 ManualEPSON SX100 Series Printer UninstallExpress Gate (Version: 0.8.7.0)Facebook Video Calling 1.0.0.7428 (Version: 1.0.7428)Facebook Video Calling 1.0.0.8714 (Version: 1.0.8714)Garmin Express (Version: 2.1.13)Garmin Express Tray (Version: 2.1.13)Garmin Update Service (Version: 2.1.13)IntelĀ® Graphics Media Accelerator DriverIObit Apps Toolbar v7.2 (Version: 7.2)IObit Malware Fighter (Version: 1.0)IObit Toolbar v4.4 (Version: 4.4)Java Auto Updater (Version: 2.0.5.1)Java 6 Update 26 (Version: 6.0.260)LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)Microsoft Games for Windows - LIVE Redistributable (Version: 1.2.0241)Microsoft Office Access MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Access MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Excel MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Excel MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Outlook MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Outlook MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office PowerPoint MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Publisher MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Publisher MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Shared MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Shared MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Word MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Word MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office XP Standard (Version: 10.0.2627.01)Microsoft Publisher 2002 (Version: 10.0.2627.01)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)Mozilla Thunderbird (3.1.6) (Version: 3.1.6 (en-US))MSVC80_x86_v2 (Version: 1.0.3.0)MSVC90_x86 (Version: 1.0.1.2)MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)MyFreeCodecQuickTime (Version: 7.72.80.56)RarZilla Free Unrar (Version: 2.55)Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)Realtek High Definition Audio Driver (Version: 6.0.1.5689)RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)RoboForm 7-4-2 (All Users) (Version: 7-4-2)Smart Defrag 2 (Version: 2.7)Turbo Lister 2 (Version: 2.00.0000)Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)WinRAR 4.01 (32-bit) (Version: 4.01.0)WinZip 15.0 (Version: 15.0.9334)Wireless Console 2 (Version: 2.0.10)==================== Restore Points =========================Could not list Restore Points. Check WMI.==================== Hosts content: ==========================2006-11-02 10:23 - 2013-07-05 12:55 - 00000747 ____A C:Windowssystem32Driversetchosts127.0.0.1 localhost::1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {040A68E2-3A69-4E7F-9C85-A6DA5B081CFB} - System32TasksAdobe Flash Player Updater => C:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)Task: {057F8700-2368-4DD3-AA41-099E2FA97FAB} - System32TasksASC6_AutoClean => C:Program FilesIObitAdvanced SystemCare 6AutoSweep.exe [2013-06-18] (IObit)Task: {1175E91D-46D6-4B71-9895-ED763AD916FD} - System32TasksMicrosoftWindows DefenderMP Scheduled Scan => C:Program FilesWindows DefenderMpCmdRun.exe [2008-01-21] ()Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32TasksMicrosoftWindowsMobilePCTMMTask: {1E0D58AB-509B-4BAC-94C0-A0162E2FA5F4} - System32TasksAppleAppleSoftwareUpdate => C:Program FilesApple Software UpdateSoftwareUpdate.exeTask: {40B9FC1C-6E16-4F96-90F2-5ADE19E69266} - System32TasksMicrosoftWindows DefenderMP Scheduled Signature Update => C:Program FilesWindows DefenderMpCmdRun.exe [2008-01-21] ()Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32TasksMicrosoftWindowsWirelessGatherWirelessInfo => C:WindowsSystem32gatherWirelessInfo.vbs [2008-01-21] ()Task: {7185A434-FD66-4DA2-9727-7C68D4D8004C} - System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [2013-02-25] (Piriform Ltd)Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32TasksMicrosoftWindowsNetworkAccessProtectionNAPStatus UITask: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32TasksMicrosoftWindowsShellCrawlStartPagesTask: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32TasksMicrosoftWindowsRACRACAgent => C:WindowsSystem32RacAgent.exe [2008-01-21] (Microsoft Corporation)Task: {CB63F2D5-A19D-41F0-975B-F4EFE8CF16FD} - System32TasksSmartDefragUpdate => C:Program FilesIObitSmart Defrag 2AutoUpdate.exe [2012-09-06] (IObit)Task: C:WindowsTasksAdobe Flash Player Updater.job => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exeTask: C:WindowsTasksUser_Feed_Synchronization-{230F9F45-EA8D-4384-BDBA-0B58DE0BD258}.job => C:Windowssystem32msfeedssync.exe==================== Loaded Modules (whitelisted) ================================= Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:ProgramDataTemp:0B4227B4==================== Safe Mode (whitelisted) ===================HKLMSYSTEMCurrentControlSetControlSafeBootMinimalIMFservice => ""="Service"==================== Faulty Device Manager Devices =============Could not list Devices. Check WMI.==================== Event log errors: =========================Application errors:==================Error: (11/29/2013 06:38:44 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest1".Error in manifest or policy file "C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest2" on line C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.Component 2: C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.Error: (11/29/2013 06:38:34 PM) (Source: System Restore) (User: )Description: The restore point selected was damaged or deleted during the restore (Scheduled Checkpoint).Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE6> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE6> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE5> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE5> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE4> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE4> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE3> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE3> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)System errors:=============Error: (11/29/2013 07:21:39 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/29/2013 06:40:32 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)Description: 0x80070032Error: (11/29/2013 06:38:18 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/29/2013 06:21:15 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)Description: 0x80070032Error: (11/29/2013 06:20:04 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/29/2013 06:19:30 PM) (Source: Dhcp) (User: )Description: The IP address lease 192.168.0.9 for the Network Card with network address 00224350B6D7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).Error: (11/28/2013 07:54:51 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)Description: 0x80070032Error: (11/28/2013 07:53:21 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/28/2013 07:10:28 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/28/2013 07:09:51 PM) (Source: DCOM) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2013-11-29 19:21:50.708 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driversavgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-29 19:21:50.303 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driversavgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-29 19:21:49.881 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driversavgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-29 19:21:49.476 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driversavgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:29:01.136 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:29:00.632 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:29:00.220 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:28:59.808 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:28:59.399 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:28:58.991 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 47%Total physical RAM: 3062.48 MBAvailable physical RAM: 1614.76 MBTotal Pagefile: 6363.23 MBAvailable Pagefile: 5174.45 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1916.95 MB==================== Drives ================================Drive c: (VistaOS) (Fixed) (Total:55.89 GB) (Free:11.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (DATA) (Fixed) (Total:46.13 GB) (Free:45.97 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 112 GB) (Disk ID: 97646C29)Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)Partition 2: (Active) - (Size=56 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=46 GB) - (Type=OF Extended)==================== End Of Log ============================
  12. Hi, heres the results. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-11-2013Ran by snowman at 2013-11-29 21:00:11 Run:1Running from C:UserssnowmanDownloadsBoot Mode: Normal==============================================Content of fixlist:*****************startHKLM...Run: [] - [x]HKLM...D6A79037F57FInprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?HKCU...Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)HKCU...409d6c4515e9InprocServer32: [Default-shell32] C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8n. ATTENTION! ====> ZeroAccess/Alureon?MountPoints2: {ba553e5d-a385-11de-91e2-002354684a8c} - C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sYsTem.exeURLSearchHook: HKCU - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No FileURLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileSearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}SearchScopes: HKCU - Yahoo! URL = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-transSearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=270912_7a_3912_4&babsrc=SP_ss&mntrId=56d8bdb300000000000000224350b6d7SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-se...m/search/web?q={searchTerms}BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileBHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASCPlugin_Protection.dll (IObit)Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileWinsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%system32NLAapi.dll"Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%System32mswsock.dll"cmd: netsh winsock resetFF user.js: detected! => C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultuser.jsFF SearchEngineOrder.1: Search the web (Babylon)FF Extension: Advanced SystemCare Surfing Protection - C:UserssnowmanAppDataRoamingMozil[email protected]iobit.comFF Extension: No Name - C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}.xpiCHR Plugin: (Wajam) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp1.24_0plugins/PriamNPAPI.dll (Wajam)CHR HKLM...ChromeExtension: [hbcennhacfaagdopikcegfcobcadeocj] - C:Program FilesCommon FilesSpigotGCsaebay_1.0.crxCHR HKLM...ChromeExtension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:Program FilesCommon FilesSpigotGCerrorassistant_1.1.crxCHR HKLM...ChromeExtension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:Program FilesAVGAVG2012Chromesafesearch.crxCHR HKLM...ChromeExtension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:UserssnowmanAppDataLocalWajamChromewajam.crxCHR HKLM...ChromeExtension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:Program FilesCommon FilesSpigotGCcoupons_2.4.crxCHR HKLM...ChromeExtension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASC_GhromePluginFor6.crxCHR HKLM...ChromeExtension: [pfndaklgolladniicklehhancnlgocpp] - C:Program FilesCommon FilesSpigotGCsaamazon_1.0.crxS4 AdvancedSystemCareService6; C:Program FilesIObitAdvanced SystemCare 6ASCService.exe [574272 2013-04-18] (IObit)S4 IMFservice; C:Program FilesIObitIObit Malware FighterIMFsrv.exe [821592 2012-01-09] (IObit)U2 *etadpug; "C:Program FilesGoogleDesktopInstall{f5f10a47-5644-684d-29d6-f52fba7563f8} ...???{f5f10a47-5644-684d-29d6-f52fba7563f8}GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)C:$Recycle.BinS-1-5-18$f5f10a475644684d29d6f52fba7563f8C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8ZeroAccess:C:UserssnowmanAppDataLocalGoogleDesktopInstallZeroAccess:C:Program FilesGoogleDesktopInstallC:ProgramData77t7j6ft.bxxC:ProgramData77t7j6ft.fvvC:UserssnowmanAppDataLocalTempQuarantine.exeDeleteJunctionsIndirectory: C:Program FilesWindows Defenderends*****************HKLMSoftwareMicrosoftWindowsCurrentVersionRun => Value deleted successfully.HKLMSoftwareClassesCLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InprocServer32Default => Value was restored successfully.HKCUSoftwareMicrosoftWindowsCurrentVersionRunGoogle Update* => Value deleted successfully.HKCUSoftwareClassesCLSID{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{ba553e5d-a385-11de-91e2-002354684a8c} => Key deleted successfully.HKCRCLSID{ba553e5d-a385-11de-91e2-002354684a8c} => Key not found.HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} => Value deleted successfully.HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value deleted successfully.HKCRCLSID{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key deleted successfully.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope => Value deleted successfully.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopesBrowserMngrDefaultScope => Value deleted successfully.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopesYahoo! => Key deleted successfully.HKCRWow6432NodeCLSIDYahoo! => Key not found.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.HKCRWow6432NodeCLSID{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.HKCRWow6432NodeCLSID{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully.HKCRWow6432NodeCLSID{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key deleted successfully.HKCRCLSID{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key not found.HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key deleted successfully.HKCRCLSID{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key deleted successfully.HKLMSOFTWAREMicrosoftInternet ExplorerToolbar{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCRCLSID{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKLMSOFTWAREMicrosoftInternet ExplorerToolbar{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value deleted successfully.HKCRCLSID{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key not found.HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCRCLSID{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.HKCRCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.Winsock: Catalog5 entry 000000000001LibraryPath was set successfully to %SystemRoot%system32NLAapi.dllWinsock: Catalog5 entry 000000000005LibraryPath was set successfully to %SystemRoot%System32mswsock.dll========= netsh winsock reset =========Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset.========= End of CMD: =========C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultuser.js => Moved successfully.Firefox SearchEngineOrder.1 deleted successfully.C:UserssnowmanAppDataRoamingMozil[email protected]iobit.com => Moved successfully.C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}.xpi => Moved successfully.C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp1.24_0plugins/PriamNPAPI.dll => Moved successfully.HKLMSOFTWAREGoogleChromeExtensionshbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully."C:Program FilesCommon FilesSpigotGCsaebay_1.0.crx" => File/Directory not found.HKLMSOFTWAREGoogleChromeExtensionsicdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully."C:Program FilesCommon FilesSpigotGCerrorassistant_1.1.crx" => File/Directory not found.HKLMSOFTWAREGoogleChromeExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla => Key deleted successfully.C:Program FilesAVGAVG2012Chromesafesearch.crx => Moved successfully.HKLMSOFTWAREGoogleChromeExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp => Key deleted successfully."C:UserssnowmanAppDataLocalWajamChromewajam.crx" => File/Directory not found.HKLMSOFTWAREGoogleChromeExtensionsmhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully."C:Program FilesCommon FilesSpigotGCcoupons_2.4.crx" => File/Directory not found.HKLMSOFTWAREGoogleChromeExtensionsnfengeggddojhakldhlpjdlddgkkjkdd => Key deleted successfully.C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASC_GhromePluginFor6.crx => Moved successfully.HKLMSOFTWAREGoogleChromeExtensionspfndaklgolladniicklehhancnlgocpp => Key deleted successfully."C:Program FilesCommon FilesSpigotGCsaamazon_1.0.crx" => File/Directory not found.AdvancedSystemCareService6 => Service deleted successfully.IMFservice => Service deleted successfully.*etadpug => Service deleted successfully.C:$Recycle.BinS-1-5-18$f5f10a475644684d29d6f52fba7563f8 => Directory moved successfully.C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8 => Directory moved successfully."C:UserssnowmanAppDataLocalGoogleDesktopInstall" directory move:Could not move "C:UserssnowmanAppDataLocalGoogleDesktopInstall" directory. => Scheduled to move on reboot."C:Program FilesGoogleDesktopInstall" directory move:Could not move "C:Program FilesGoogleDesktopInstall" directory. => Scheduled to move on reboot.C:ProgramData77t7j6ft.bxx => Moved successfully.C:ProgramData77t7j6ft.fvv => Moved successfully.C:UserssnowmanAppDataLocalTempQuarantine.exe => Moved successfully."C:Program FilesWindows Defender" => Deleting reparse point and unlocking started."C:Program FilesWindows Defenderen-US" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpAsDesc.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpClient.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpCmdRun.exe" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpEvMsg.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpOAV.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpRtMon.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpRtPlug.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpSigDwn.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpSoftEx.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpSvc.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMSASCui.exe" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMsMpCom.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMsMpLics.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMsMpRes.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows Defender" => Deleting reparse point and unlocking completed.=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-11-29 21:03:47)<=C:UserssnowmanAppDataLocalGoogleDesktopInstall => Is moved successfully.C:Program FilesGoogleDesktopInstall => Is moved successfully.==== End of Fixlog ====
  13. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-11-2013Ran by snowman (administrator) on SNOWMAN-PC on 29-11-2013 19:21:09Running from C:UserssnowmanDownloadsWindows Vista Home Basic Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal==================== Could not list processes =================================== Registry (Whitelisted) ==================HKLM...Run: [] - [x]HKLM...Run: [AVG_UI] - C:Program FilesAVGAVG2014avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)HKLM...Run: [APSDaemon] - C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe [59280 2012-05-30] (Apple Inc.)HKLM...D6A79037F57FInprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?HKCU...Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)HKCU...409d6c4515e9InprocServer32: [Default-shell32] C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8n. ATTENTION! ====> ZeroAccess/Alureon?MountPoints2: {ba553e5d-a385-11de-91e2-002354684a8c} - C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sYsTem.exeMountPoints2: {e4e634e9-730b-11de-b1ce-002354684a8c} - F:LaunchU3.exe -aHKUDefault...Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKUDefault User...Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter==================== Internet (Whitelisted) ====================HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ebay.co.uk/HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUSHKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.com/ieHKCUSoftwareMicrosoftInternet ExplorerMain,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUSHKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUSURLSearchHook: HKCU - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No FileURLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileSearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}SearchScopes: HKCU - Yahoo! URL = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-transSearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=270912_7a_3912_4&babsrc=SP_ss&mntrId=56d8bdb300000000000000224350b6d7SearchScopes: HKCU - {29981AB3-BD1E-468B-9FD8-A84C475536A4} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4af039d0&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=usBHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileBHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASCPlugin_Protection.dll (IObit)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll (Sun Microsystems, Inc.)Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:Program FilesCommon Filesmicrosoft sharedWeb FoldersPKMCDO.DLL (Microsoft Corporation)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%system32NLAapi.dll"Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%System32mswsock.dll"Winsock: Catalog5 07 C:Program FilesBonjourmdnsNSP.dll [121704] (Apple Inc.)Winsock: Catalog9 01 mswsock.dll File Not found ()Winsock: Catalog9 02 mswsock.dll File Not found ()Winsock: Catalog9 03 mswsock.dll File Not found ()Winsock: Catalog9 04 mswsock.dll File Not found ()Winsock: Catalog9 05 mswsock.dll File Not found ()Winsock: Catalog9 06 mswsock.dll File Not found ()Winsock: Catalog9 07 mswsock.dll File Not found ()Winsock: Catalog9 08 mswsock.dll File Not found ()Winsock: Catalog9 09 mswsock.dll File Not found ()Winsock: Catalog9 10 mswsock.dll File Not found ()Winsock: Catalog9 11 mswsock.dll File Not found ()Winsock: Catalog9 12 mswsock.dll File Not found ()Winsock: Catalog9 13 mswsock.dll File Not found ()Winsock: Catalog9 14 mswsock.dll File Not found ()Winsock: Catalog9 15 mswsock.dll File Not found ()Winsock: Catalog9 16 mswsock.dll File Not found ()Winsock: Catalog9 17 mswsock.dll File Not found ()Winsock: Catalog9 18 mswsock.dll File Not found ()Winsock: Catalog9 19 mswsock.dll File Not found ()Winsock: Catalog9 20 mswsock.dll File Not found ()Winsock: Catalog9 21 mswsock.dll File Not found ()Winsock: Catalog9 22 mswsock.dll File Not found ()Winsock: Catalog9 23 mswsock.dll File Not found ()Winsock: Catalog9 24 mswsock.dll File Not found ()Winsock: Catalog9 25 mswsock.dll File Not found ()Winsock: Catalog9 26 mswsock.dll File Not found ()TcpipParameters: [DhcpNameServer] 192.168.0.1FireFox:========FF ProfilePath: C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultFF user.js: detected! => C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultuser.jsFF DefaultSearchEngine: YahooFF SearchEngineOrder.1: Search the web (Babylon)FF SelectedSearchEngine: GoogleFF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF32_11_7_700_202.dll ()FF Plugin: @adobe.com/ShockwavePlayer - C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)FF Plugin: @java.com/JavaPlugin - C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/WPF,version=3.5 - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)FF Plugin: Adobe Reader - C:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultsearchpluginsdaemon-search.xmlFF SearchPlugin: C:Program Filesmozilla firefoxsearchpluginsanswers.xmlFF SearchPlugin: C:Program Filesmozilla firefoxsearchpluginsavg-secure-search.xmlFF SearchPlugin: C:Program Filesmozilla firefoxsearchpluginscreativecommons.xmlFF Extension: Advanced SystemCare Surfing Protection - C:UserssnowmanAppDataRoamingMozil[email protected]iobit.comFF Extension: Microsoft .NET Framework Assistant - C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{20a82645-c095-46ed-80e3-08825760534b}FF Extension: CookieCuller - C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{99B98C2C-7274-45a3-A640-D9DF1A1C8460}FF Extension: No Name - C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}.xpiFF Extension: Java Console - C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF Extension: Java Console - C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}FF HKLM...FirefoxExtensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensionFF HKLM...FirefoxExtensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:Program FilesAVGAVG2012Firefox4FF Extension: AVG Safe Search - C:Program FilesAVGAVG2012Firefox4FF HKLM...ThunderbirdExtensions: [[email protected]] - C:Program FilesAVGAVG2012ThunderbirdFF Extension: AVG E-mail Scanner - C:Program FilesAVGAVG2012ThunderbirdChrome:=======CHR Plugin: (Shockwave Flash) - C:Program FilesGoogleChromeApplication25.0.1364.152PepperFlashpepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:Program FilesGoogleChromeApplication25.0.1364.152ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:Program FilesGoogleChromeApplication25.0.1364.152pdf.dll No FileCHR Plugin: (AVG Internet Security) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.2161_0plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)CHR Plugin: (Wajam) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp1.24_0plugins/PriamNPAPI.dll (Wajam)CHR Plugin: (Adobe Acrobat) - C:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:Program FilesJavajre6binnew_pluginnpdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (Java Platform SE 6 U26) - C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:Program FilesMozilla FirefoxpluginsNPcol400.dll (Catalina Marketing Corporation)CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:Program FilesMozilla FirefoxpluginsNPcol500.dll (Catalina Marketing Corporation)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:Program FilesMozilla FirefoxpluginsnpCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:Program FilesMozilla FirefoxpluginsnpMozCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin7.dll (Apple Inc.)CHR Plugin: (AVG SiteSafety plugin) - C:Program FilesCommon FilesAVG Secure SearchSiteSafetyInstaller11.1.0npsitesafety.dll No FileCHR Plugin: (Google Update) - C:Program FilesGoogleUpdate1.3.21.135npGoogleUpdate3.dll No FileCHR Plugin: (Windows Presentation Foundation) - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:Windowssystem32MacromedFlashNPSWF32_11_5_502_149.dll No FileCHR Extension: (Docs) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake0.0.0.6_0CHR Extension: (Google Drive) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.2_0CHR Extension: (YouTube) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0CHR Extension: (Google Search) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0CHR Extension: (AVG Safe Search) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.2161_0CHR Extension: (Wajam) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp1.24_0CHR Extension: (Advanced SystemCare Surfing Protection) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsnfengeggddojhakldhlpjdlddgkkjkdd1.0.0_0CHR Extension: (Gmail) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0CHR HKLM...ChromeExtension: [hbcennhacfaagdopikcegfcobcadeocj] - C:Program FilesCommon FilesSpigotGCsaebay_1.0.crxCHR HKLM...ChromeExtension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:Program FilesCommon FilesSpigotGCerrorassistant_1.1.crxCHR HKLM...ChromeExtension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:Program FilesAVGAVG2012Chromesafesearch.crxCHR HKLM...ChromeExtension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:UserssnowmanAppDataLocalWajamChromewajam.crxCHR HKLM...ChromeExtension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:Program FilesCommon FilesSpigotGCcoupons_2.4.crxCHR HKLM...ChromeExtension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASC_GhromePluginFor6.crxCHR HKLM...ChromeExtension: [pfndaklgolladniicklehhancnlgocpp] - C:Program FilesCommon FilesSpigotGCsaamazon_1.0.crx========================== Services (Whitelisted) =================S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:Program FilesCommon FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)S4 AdvancedSystemCareService6; C:Program FilesIObitAdvanced SystemCare 6ASCService.exe [574272 2013-04-18] (IObit)S4 ASLDRService; C:Program FilesASUSATK HotkeyASLDRSrv.exe [94208 2007-10-03] ()S4 ATKGFNEXSrv; C:Program FilesATKGFNEXGFNEXSrv.exe [94208 2007-08-08] ()R2 AVGIDSAgent; C:Program FilesAVGAVG2014avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:Program FilesAVGAVG2014avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)S4 Garmin Core Update Service; C:Program FilesGarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)S4 IMFservice; C:Program FilesIObitIObit Malware FighterIMFsrv.exe [821592 2012-01-09] (IObit)R2 MBAMScheduler; C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S4 RichVideo; C:Program FilesCyberLinkShared FilesRichVideo.exe [272024 2007-05-14] ()S4 spmgr; C:Program FilesASUSNB ProbeSPMspmgr.exe [125496 2007-08-03] ()S2 Winmgmt; C:Userssnowman1458616.dll [x]U2 *etadpug; "C:Program FilesGoogleDesktopInstall{f5f10a47-5644-684d-29d6-f52fba7563f8} ...???{f5f10a47-5644-684d-29d6-f52fba7563f8}GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)==================== Drivers (Whitelisted) ====================R2 ASMMAP; C:Program FilesATKGFNEXASMMAP.sys [13880 2007-07-24] ()R1 Avgdiskx; C:WindowsSystem32DRIVERSavgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:WindowsSystem32DRIVERSavgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:WindowsSystem32DRIVERSavgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:WindowsSystem32DRIVERSavgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:WindowsSystem32DRIVERSavgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:WindowsSystem32DRIVERSavglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:WindowsSystem32DRIVERSavgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:WindowsSystem32DRIVERSavgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:WindowsSystem32DRIVERSavgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)S3 FileMonitor; C:Program FilesIObitIObit Malware FighterDriverswlh_x86FileMonitor.sys [20336 2012-01-05] (IObit)S3 FsUsbExDisk; C:Windowssystem32FsUsbExDisk.SYS [36608 2010-06-14] ()R2 ghaio; C:Program FilesASUSNB ProbeSPMghaio.sys [20936 2007-08-03] ()R3 kbfiltr; C:WindowsSystem32DRIVERSkbfiltr.sys [5632 2007-01-24] ( )R0 Lbd; C:WindowsSystem32DRIVERSLbd.sys [64288 2010-02-04] (Lavasoft AB)R3 MBAMProtector; C:Windowssystem32driversmbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R3 MTsensor; C:WindowsSystem32DRIVERSATKACPI.sys [7680 2006-12-14] (ATK0100)S3 RegFilter; C:Program FilesIObitIObit Malware Fighterdriverswlh_x86regfilter.sys [30640 2012-07-05] (IObit.com)R0 SmartDefragDriver; C:WindowsSystem32DriversSmartDefragDriver.sys [15672 2010-11-26] ()S3 UrlFilter; C:Program FilesIObitIObit Malware Fighterdriverswlh_x86UrlFilter.sys [19832 2012-07-05] (IObit.com)S3 IpInIp; system32DRIVERSipinip.sys [x]S3 NwlnkFlt; system32DRIVERSnwlnkflt.sys [x]S3 NwlnkFwd; system32DRIVERSnwlnkfwd.sys [x]S3 pccsmcfd; system32DRIVERSpccsmcfd.sys [x]S3 USBAAPL; System32Driversusbaapl.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-11-29 19:21 - 2013-11-29 19:21 - 00020601 _____ C:UserssnowmanDownloadsFRST.txt2013-11-29 19:21 - 2013-11-29 19:21 - 00000000 ____D C:FRST2013-11-29 19:20 - 2013-11-29 19:20 - 01092049 _____ (Farbar) C:UserssnowmanDownloadsFRST.exe2013-11-28 19:11 - 2013-11-28 19:19 - 00000000 ____D C:AdwCleaner2013-11-28 19:11 - 2013-11-28 19:11 - 01091882 _____ C:UserssnowmanDownloadsAdwCleaner.exe2013-11-28 18:33 - 2013-11-28 16:07 - 98633040 _____ C:UserssnowmanDesktopiTunesSetup.exe2013-11-28 18:32 - 2013-11-28 18:32 - 00000000 __RSH C:MSDOS.SYS2013-11-28 18:32 - 2013-11-28 18:32 - 00000000 __RSH C:IO.SYS2013-11-24 21:12 - 2013-11-26 20:19 - 00001618 _____ C:Windowssetupact.log2013-11-24 21:12 - 2013-11-24 21:12 - 00000000 _____ C:Windowssetuperr.log2013-11-24 19:58 - 2013-11-26 20:26 - 00000000 ____D C:Program FilesCommon FilesApple2013-11-11 20:20 - 2013-11-11 20:20 - 00000000 ____D C:UserssnowmanAppDataRoamingAVG20142013-11-11 20:19 - 2013-11-26 19:58 - 00000849 _____ C:UsersPublicDesktopAVG 2014.lnk2013-11-11 20:19 - 2013-11-11 20:19 - 00000000 ___HD C:$AVG2013-11-11 20:19 - 2013-11-11 20:19 - 00000000 ____D C:ProgramDataAVG20142013-11-11 20:15 - 2013-11-11 20:22 - 00000000 ____D C:UserssnowmanAppDataLocalAvg20142013-11-11 20:06 - 2013-11-11 20:15 - 00000000 ____D C:UserssnowmanAppDataLocalAvg20132013-11-08 13:02 - 2013-11-29 18:42 - 00153954 _____ C:WindowsWindowsUpdate.log2013-11-08 11:31 - 2013-11-10 16:17 - 95025368 ____T C:ProgramData77t7j6ft.bxx2013-11-08 11:31 - 2013-11-10 16:17 - 00000000 _____ C:ProgramData77t7j6ft.fvv2013-11-05 21:50 - 2013-11-05 21:50 - 00120600 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgdiskx.sys2013-11-04 21:57 - 2013-11-04 21:57 - 00209176 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgidsdriverx.sys2013-10-31 23:00 - 2013-10-31 23:00 - 00176952 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgldx86.sys2013-10-31 22:30 - 2013-10-31 22:30 - 00222520 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavglogx.sys==================== One Month Modified Files and Folders =======2013-11-29 19:21 - 2013-11-29 19:21 - 00020601 _____ C:UserssnowmanDownloadsFRST.txt2013-11-29 19:21 - 2013-11-29 19:21 - 00000000 ____D C:FRST2013-11-29 19:20 - 2013-11-29 19:20 - 01092049 _____ (Farbar) C:UserssnowmanDownloadsFRST.exe2013-11-29 18:47 - 2013-02-01 10:48 - 00000830 _____ C:WindowsTasksAdobe Flash Player Updater.job2013-11-29 18:42 - 2013-11-08 13:02 - 00153954 _____ C:WindowsWindowsUpdate.log2013-11-29 18:38 - 2006-11-02 12:45 - 00003616 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-11-29 18:38 - 2006-11-02 12:45 - 00003616 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-11-29 18:37 - 2006-11-02 12:58 - 00000006 ____H C:WindowsTasksSA.DAT2013-11-29 18:31 - 2006-11-02 12:58 - 00032654 _____ C:WindowsTasksSCHEDLGU.TXT2013-11-29 18:24 - 2011-09-23 13:36 - 00000000 ____D C:ProgramDataMFAData2013-11-29 18:23 - 2009-07-12 16:46 - 00000422 ____H C:WindowsTasksUser_Feed_Synchronization-{230F9F45-EA8D-4384-BDBA-0B58DE0BD258}.job2013-11-28 19:42 - 2009-07-12 23:13 - 00000000 ____D C:Program FilesMozilla Thunderbird2013-11-28 19:19 - 2013-11-28 19:11 - 00000000 ____D C:AdwCleaner2013-11-28 19:11 - 2013-11-28 19:11 - 01091882 _____ C:UserssnowmanDownloadsAdwCleaner.exe2013-11-28 18:32 - 2013-11-28 18:32 - 00000000 __RSH C:MSDOS.SYS2013-11-28 18:32 - 2013-11-28 18:32 - 00000000 __RSH C:IO.SYS2013-11-28 16:07 - 2013-11-28 18:33 - 98633040 _____ C:UserssnowmanDesktopiTunesSetup.exe2013-11-27 19:35 - 2009-07-13 04:11 - 00000000 ____D C:Userssnowman2013-11-26 20:26 - 2013-11-24 19:58 - 00000000 ____D C:Program FilesCommon FilesApple2013-11-26 20:24 - 2011-12-25 22:29 - 00000000 ____D C:Program FilesiPod2013-11-26 20:19 - 2013-11-24 21:12 - 00001618 _____ C:Windowssetupact.log2013-11-26 19:58 - 2013-11-11 20:19 - 00000849 _____ C:UsersPublicDesktopAVG 2014.lnk2013-11-26 19:41 - 2009-07-12 18:55 - 00000000 ____D C:Program FilesMozilla Firefox2013-11-26 19:38 - 2011-02-08 13:24 - 00001356 _____ C:UserssnowmanAppDataLocald3d9caps.dat2013-11-24 21:12 - 2013-11-24 21:12 - 00000000 _____ C:Windowssetuperr.log2013-11-16 17:07 - 2011-12-02 14:29 - 00000000 ____D C:UserssnowmanAppDataLocalWinZip2013-11-11 20:22 - 2013-11-11 20:15 - 00000000 ____D C:UserssnowmanAppDataLocalAvg20142013-11-11 20:20 - 2013-11-11 20:20 - 00000000 ____D C:UserssnowmanAppDataRoamingAVG20142013-11-11 20:19 - 2013-11-11 20:19 - 00000000 ___HD C:$AVG2013-11-11 20:19 - 2013-11-11 20:19 - 00000000 ____D C:ProgramDataAVG20142013-11-11 20:18 - 2009-07-12 18:47 - 00000000 ____D C:Program FilesAVG2013-11-11 20:15 - 2013-11-11 20:06 - 00000000 ____D C:UserssnowmanAppDataLocalAvg20132013-11-10 17:44 - 2006-11-02 11:18 - 00000000 ___RD C:WindowsOffline Web Pages2013-11-10 16:42 - 2013-07-05 13:08 - 09452704 _____ (SurfRight B.V.) C:UserssnowmanDownloadshitmanpro(2).exe2013-11-10 16:24 - 2013-07-05 13:02 - 00000000 ____D C:Windowspss2013-11-10 16:17 - 2013-11-08 11:31 - 95025368 ____T C:ProgramData77t7j6ft.bxx2013-11-10 16:17 - 2013-11-08 11:31 - 00000000 _____ C:ProgramData77t7j6ft.fvv2013-11-05 21:50 - 2013-11-05 21:50 - 00120600 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgdiskx.sys2013-11-04 21:57 - 2013-11-04 21:57 - 00209176 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgidsdriverx.sys2013-10-31 23:00 - 2013-10-31 23:00 - 00176952 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgldx86.sys2013-10-31 22:30 - 2013-10-31 22:30 - 00222520 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavglogx.sysZeroAccess:C:$Recycle.BinS-1-5-18$f5f10a475644684d29d6f52fba7563f8ZeroAccess:C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8ZeroAccess:C:UserssnowmanAppDataLocalGoogleDesktopInstallZeroAccess:C:Program FilesGoogleDesktopInstallFiles to move or delete:====================C:ProgramData77t7j6ft.bxxC:ProgramData77t7j6ft.fvvSome content of TEMP:====================C:UserssnowmanAppDataLocalTempQuarantine.exe==================== Bamital & volsnap Check =================C:Windowsexplorer.exe => MD5 is legitC:WindowsSystem32winlogon.exe => MD5 is legitC:WindowsSystem32wininit.exe => MD5 is legitC:WindowsSystem32svchost.exe => MD5 is legitC:WindowsSystem32services.exe => MD5 is legitC:WindowsSystem32User32.dll => MD5 is legitC:WindowsSystem32userinit.exe => MD5 is legitC:WindowsSystem32Driversvolsnap.sys => MD5 is legitATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:Program FilesWindows DefenderLastRegBack: 2013-11-29 18:44==================== End Of Log ============================
  14. Just got the results for my scan but I can't paste it, any ideas? Thanks
  15. Thanks for that, the laptop is only 6 months old so is under warranty, just thought it might be something simple I could have done before it went back. I searched on the net and a few acer laptops seem to have this problem. Guess it's going back, Thanks again
×
×
  • Create New...