Jump to content

Change Mode

farbar scan results, rootkit


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-11-2013Ran by snowman (administrator) on SNOWMAN-PC on 29-11-2013 19:21:09Running from C:UserssnowmanDownloadsWindows Vista Home Basic Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal==================== Could not list processes =================================== Registry (Whitelisted) ==================HKLM...Run: [] - [x]HKLM...Run: [AVG_UI] - C:Program FilesAVGAVG2014avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)HKLM...Run: [APSDaemon] - C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe [59280 2012-05-30] (Apple Inc.)HKLM...D6A79037F57FInprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?HKCU...Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)HKCU...409d6c4515e9InprocServer32: [Default-shell32] C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8n. ATTENTION! ====> ZeroAccess/Alureon?MountPoints2: {ba553e5d-a385-11de-91e2-002354684a8c} - C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sYsTem.exeMountPoints2: {e4e634e9-730b-11de-b1ce-002354684a8c} - F:LaunchU3.exe -aHKUDefault...Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKUDefault User...Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter==================== Internet (Whitelisted) ====================HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ebay.co.uk/HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUSHKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.com/ieHKCUSoftwareMicrosoftInternet ExplorerMain,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUSHKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUSURLSearchHook: HKCU - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No FileURLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileSearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}SearchScopes: HKCU - Yahoo! URL = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-transSearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=270912_7a_3912_4&babsrc=SP_ss&mntrId=56d8bdb300000000000000224350b6d7SearchScopes: HKCU - {29981AB3-BD1E-468B-9FD8-A84C475536A4} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4af039d0&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=usBHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileBHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASCPlugin_Protection.dll (IObit)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll (Sun Microsystems, Inc.)Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:Program FilesCommon Filesmicrosoft sharedWeb FoldersPKMCDO.DLL (Microsoft Corporation)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%system32NLAapi.dll"Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%System32mswsock.dll"Winsock: Catalog5 07 C:Program FilesBonjourmdnsNSP.dll [121704] (Apple Inc.)Winsock: Catalog9 01 mswsock.dll File Not found ()Winsock: Catalog9 02 mswsock.dll File Not found ()Winsock: Catalog9 03 mswsock.dll File Not found ()Winsock: Catalog9 04 mswsock.dll File Not found ()Winsock: Catalog9 05 mswsock.dll File Not found ()Winsock: Catalog9 06 mswsock.dll File Not found ()Winsock: Catalog9 07 mswsock.dll File Not found ()Winsock: Catalog9 08 mswsock.dll File Not found ()Winsock: Catalog9 09 mswsock.dll File Not found ()Winsock: Catalog9 10 mswsock.dll File Not found ()Winsock: Catalog9 11 mswsock.dll File Not found ()Winsock: Catalog9 12 mswsock.dll File Not found ()Winsock: Catalog9 13 mswsock.dll File Not found ()Winsock: Catalog9 14 mswsock.dll File Not found ()Winsock: Catalog9 15 mswsock.dll File Not found ()Winsock: Catalog9 16 mswsock.dll File Not found ()Winsock: Catalog9 17 mswsock.dll File Not found ()Winsock: Catalog9 18 mswsock.dll File Not found ()Winsock: Catalog9 19 mswsock.dll File Not found ()Winsock: Catalog9 20 mswsock.dll File Not found ()Winsock: Catalog9 21 mswsock.dll File Not found ()Winsock: Catalog9 22 mswsock.dll File Not found ()Winsock: Catalog9 23 mswsock.dll File Not found ()Winsock: Catalog9 24 mswsock.dll File Not found ()Winsock: Catalog9 25 mswsock.dll File Not found ()Winsock: Catalog9 26 mswsock.dll File Not found ()TcpipParameters: [DhcpNameServer] 192.168.0.1FireFox:========FF ProfilePath: C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultFF user.js: detected! => C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultuser.jsFF DefaultSearchEngine: YahooFF SearchEngineOrder.1: Search the web (Babylon)FF SelectedSearchEngine: GoogleFF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF32_11_7_700_202.dll ()FF Plugin: @adobe.com/ShockwavePlayer - C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)FF Plugin: @java.com/JavaPlugin - C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/WPF,version=3.5 - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)FF Plugin: Adobe Reader - C:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultsearchpluginsdaemon-search.xmlFF SearchPlugin: C:Program Filesmozilla firefoxsearchpluginsanswers.xmlFF SearchPlugin: C:Program Filesmozilla firefoxsearchpluginsavg-secure-search.xmlFF SearchPlugin: C:Program Filesmozilla firefoxsearchpluginscreativecommons.xmlFF Extension: Advanced SystemCare Surfing Protection - C:UserssnowmanAppDataRoamingMozil[email protected]iobit.comFF Extension: Microsoft .NET Framework Assistant - C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{20a82645-c095-46ed-80e3-08825760534b}FF Extension: CookieCuller - C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{99B98C2C-7274-45a3-A640-D9DF1A1C8460}FF Extension: No Name - C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}.xpiFF Extension: Java Console - C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF Extension: Java Console - C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}FF HKLM...FirefoxExtensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensionFF HKLM...FirefoxExtensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:Program FilesAVGAVG2012Firefox4FF Extension: AVG Safe Search - C:Program FilesAVGAVG2012Firefox4FF HKLM...ThunderbirdExtensions: [[email protected]] - C:Program FilesAVGAVG2012ThunderbirdFF Extension: AVG E-mail Scanner - C:Program FilesAVGAVG2012ThunderbirdChrome:=======CHR Plugin: (Shockwave Flash) - C:Program FilesGoogleChromeApplication25.0.1364.152PepperFlashpepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:Program FilesGoogleChromeApplication25.0.1364.152ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:Program FilesGoogleChromeApplication25.0.1364.152pdf.dll No FileCHR Plugin: (AVG Internet Security) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.2161_0plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)CHR Plugin: (Wajam) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp1.24_0plugins/PriamNPAPI.dll (Wajam)CHR Plugin: (Adobe Acrobat) - C:Program FilesAdobeReader 10.0ReaderBrowsernppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:Program FilesJavajre6binnew_pluginnpdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (Java Platform SE 6 U26) - C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:Program FilesMozilla FirefoxpluginsNPcol400.dll (Catalina Marketing Corporation)CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:Program FilesMozilla FirefoxpluginsNPcol500.dll (Catalina Marketing Corporation)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:Program FilesMozilla FirefoxpluginsnpCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:Program FilesMozilla FirefoxpluginsnpMozCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.2) - C:Program FilesMozilla Firefoxpluginsnpqtplugin7.dll (Apple Inc.)CHR Plugin: (AVG SiteSafety plugin) - C:Program FilesCommon FilesAVG Secure SearchSiteSafetyInstaller11.1.0npsitesafety.dll No FileCHR Plugin: (Google Update) - C:Program FilesGoogleUpdate1.3.21.135npGoogleUpdate3.dll No FileCHR Plugin: (Windows Presentation Foundation) - C:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:Windowssystem32MacromedFlashNPSWF32_11_5_502_149.dll No FileCHR Extension: (Docs) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake0.0.0.6_0CHR Extension: (Google Drive) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.2_0CHR Extension: (YouTube) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0CHR Extension: (Google Search) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0CHR Extension: (AVG Safe Search) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.2161_0CHR Extension: (Wajam) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp1.24_0CHR Extension: (Advanced SystemCare Surfing Protection) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsnfengeggddojhakldhlpjdlddgkkjkdd1.0.0_0CHR Extension: (Gmail) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0CHR HKLM...ChromeExtension: [hbcennhacfaagdopikcegfcobcadeocj] - C:Program FilesCommon FilesSpigotGCsaebay_1.0.crxCHR HKLM...ChromeExtension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:Program FilesCommon FilesSpigotGCerrorassistant_1.1.crxCHR HKLM...ChromeExtension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:Program FilesAVGAVG2012Chromesafesearch.crxCHR HKLM...ChromeExtension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:UserssnowmanAppDataLocalWajamChromewajam.crxCHR HKLM...ChromeExtension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:Program FilesCommon FilesSpigotGCcoupons_2.4.crxCHR HKLM...ChromeExtension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASC_GhromePluginFor6.crxCHR HKLM...ChromeExtension: [pfndaklgolladniicklehhancnlgocpp] - C:Program FilesCommon FilesSpigotGCsaamazon_1.0.crx========================== Services (Whitelisted) =================S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:Program FilesCommon FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)S4 AdvancedSystemCareService6; C:Program FilesIObitAdvanced SystemCare 6ASCService.exe [574272 2013-04-18] (IObit)S4 ASLDRService; C:Program FilesASUSATK HotkeyASLDRSrv.exe [94208 2007-10-03] ()S4 ATKGFNEXSrv; C:Program FilesATKGFNEXGFNEXSrv.exe [94208 2007-08-08] ()R2 AVGIDSAgent; C:Program FilesAVGAVG2014avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:Program FilesAVGAVG2014avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)S4 Garmin Core Update Service; C:Program FilesGarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)S4 IMFservice; C:Program FilesIObitIObit Malware FighterIMFsrv.exe [821592 2012-01-09] (IObit)R2 MBAMScheduler; C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S4 RichVideo; C:Program FilesCyberLinkShared FilesRichVideo.exe [272024 2007-05-14] ()S4 spmgr; C:Program FilesASUSNB ProbeSPMspmgr.exe [125496 2007-08-03] ()S2 Winmgmt; C:Userssnowman1458616.dll [x]U2 *etadpug; "C:Program FilesGoogleDesktopInstall{f5f10a47-5644-684d-29d6-f52fba7563f8} ...???{f5f10a47-5644-684d-29d6-f52fba7563f8}GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)==================== Drivers (Whitelisted) ====================R2 ASMMAP; C:Program FilesATKGFNEXASMMAP.sys [13880 2007-07-24] ()R1 Avgdiskx; C:WindowsSystem32DRIVERSavgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:WindowsSystem32DRIVERSavgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:WindowsSystem32DRIVERSavgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:WindowsSystem32DRIVERSavgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:WindowsSystem32DRIVERSavgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:WindowsSystem32DRIVERSavglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:WindowsSystem32DRIVERSavgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:WindowsSystem32DRIVERSavgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:WindowsSystem32DRIVERSavgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)S3 FileMonitor; C:Program FilesIObitIObit Malware FighterDriverswlh_x86FileMonitor.sys [20336 2012-01-05] (IObit)S3 FsUsbExDisk; C:Windowssystem32FsUsbExDisk.SYS [36608 2010-06-14] ()R2 ghaio; C:Program FilesASUSNB ProbeSPMghaio.sys [20936 2007-08-03] ()R3 kbfiltr; C:WindowsSystem32DRIVERSkbfiltr.sys [5632 2007-01-24] ( )R0 Lbd; C:WindowsSystem32DRIVERSLbd.sys [64288 2010-02-04] (Lavasoft AB)R3 MBAMProtector; C:Windowssystem32driversmbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R3 MTsensor; C:WindowsSystem32DRIVERSATKACPI.sys [7680 2006-12-14] (ATK0100)S3 RegFilter; C:Program FilesIObitIObit Malware Fighterdriverswlh_x86regfilter.sys [30640 2012-07-05] (IObit.com)R0 SmartDefragDriver; C:WindowsSystem32DriversSmartDefragDriver.sys [15672 2010-11-26] ()S3 UrlFilter; C:Program FilesIObitIObit Malware Fighterdriverswlh_x86UrlFilter.sys [19832 2012-07-05] (IObit.com)S3 IpInIp; system32DRIVERSipinip.sys [x]S3 NwlnkFlt; system32DRIVERSnwlnkflt.sys [x]S3 NwlnkFwd; system32DRIVERSnwlnkfwd.sys [x]S3 pccsmcfd; system32DRIVERSpccsmcfd.sys [x]S3 USBAAPL; System32Driversusbaapl.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-11-29 19:21 - 2013-11-29 19:21 - 00020601 _____ C:UserssnowmanDownloadsFRST.txt2013-11-29 19:21 - 2013-11-29 19:21 - 00000000 ____D C:FRST2013-11-29 19:20 - 2013-11-29 19:20 - 01092049 _____ (Farbar) C:UserssnowmanDownloadsFRST.exe2013-11-28 19:11 - 2013-11-28 19:19 - 00000000 ____D C:AdwCleaner2013-11-28 19:11 - 2013-11-28 19:11 - 01091882 _____ C:UserssnowmanDownloadsAdwCleaner.exe2013-11-28 18:33 - 2013-11-28 16:07 - 98633040 _____ C:UserssnowmanDesktopiTunesSetup.exe2013-11-28 18:32 - 2013-11-28 18:32 - 00000000 __RSH C:MSDOS.SYS2013-11-28 18:32 - 2013-11-28 18:32 - 00000000 __RSH C:IO.SYS2013-11-24 21:12 - 2013-11-26 20:19 - 00001618 _____ C:Windowssetupact.log2013-11-24 21:12 - 2013-11-24 21:12 - 00000000 _____ C:Windowssetuperr.log2013-11-24 19:58 - 2013-11-26 20:26 - 00000000 ____D C:Program FilesCommon FilesApple2013-11-11 20:20 - 2013-11-11 20:20 - 00000000 ____D C:UserssnowmanAppDataRoamingAVG20142013-11-11 20:19 - 2013-11-26 19:58 - 00000849 _____ C:UsersPublicDesktopAVG 2014.lnk2013-11-11 20:19 - 2013-11-11 20:19 - 00000000 ___HD C:$AVG2013-11-11 20:19 - 2013-11-11 20:19 - 00000000 ____D C:ProgramDataAVG20142013-11-11 20:15 - 2013-11-11 20:22 - 00000000 ____D C:UserssnowmanAppDataLocalAvg20142013-11-11 20:06 - 2013-11-11 20:15 - 00000000 ____D C:UserssnowmanAppDataLocalAvg20132013-11-08 13:02 - 2013-11-29 18:42 - 00153954 _____ C:WindowsWindowsUpdate.log2013-11-08 11:31 - 2013-11-10 16:17 - 95025368 ____T C:ProgramData77t7j6ft.bxx2013-11-08 11:31 - 2013-11-10 16:17 - 00000000 _____ C:ProgramData77t7j6ft.fvv2013-11-05 21:50 - 2013-11-05 21:50 - 00120600 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgdiskx.sys2013-11-04 21:57 - 2013-11-04 21:57 - 00209176 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgidsdriverx.sys2013-10-31 23:00 - 2013-10-31 23:00 - 00176952 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgldx86.sys2013-10-31 22:30 - 2013-10-31 22:30 - 00222520 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavglogx.sys==================== One Month Modified Files and Folders =======2013-11-29 19:21 - 2013-11-29 19:21 - 00020601 _____ C:UserssnowmanDownloadsFRST.txt2013-11-29 19:21 - 2013-11-29 19:21 - 00000000 ____D C:FRST2013-11-29 19:20 - 2013-11-29 19:20 - 01092049 _____ (Farbar) C:UserssnowmanDownloadsFRST.exe2013-11-29 18:47 - 2013-02-01 10:48 - 00000830 _____ C:WindowsTasksAdobe Flash Player Updater.job2013-11-29 18:42 - 2013-11-08 13:02 - 00153954 _____ C:WindowsWindowsUpdate.log2013-11-29 18:38 - 2006-11-02 12:45 - 00003616 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-11-29 18:38 - 2006-11-02 12:45 - 00003616 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-11-29 18:37 - 2006-11-02 12:58 - 00000006 ____H C:WindowsTasksSA.DAT2013-11-29 18:31 - 2006-11-02 12:58 - 00032654 _____ C:WindowsTasksSCHEDLGU.TXT2013-11-29 18:24 - 2011-09-23 13:36 - 00000000 ____D C:ProgramDataMFAData2013-11-29 18:23 - 2009-07-12 16:46 - 00000422 ____H C:WindowsTasksUser_Feed_Synchronization-{230F9F45-EA8D-4384-BDBA-0B58DE0BD258}.job2013-11-28 19:42 - 2009-07-12 23:13 - 00000000 ____D C:Program FilesMozilla Thunderbird2013-11-28 19:19 - 2013-11-28 19:11 - 00000000 ____D C:AdwCleaner2013-11-28 19:11 - 2013-11-28 19:11 - 01091882 _____ C:UserssnowmanDownloadsAdwCleaner.exe2013-11-28 18:32 - 2013-11-28 18:32 - 00000000 __RSH C:MSDOS.SYS2013-11-28 18:32 - 2013-11-28 18:32 - 00000000 __RSH C:IO.SYS2013-11-28 16:07 - 2013-11-28 18:33 - 98633040 _____ C:UserssnowmanDesktopiTunesSetup.exe2013-11-27 19:35 - 2009-07-13 04:11 - 00000000 ____D C:Userssnowman2013-11-26 20:26 - 2013-11-24 19:58 - 00000000 ____D C:Program FilesCommon FilesApple2013-11-26 20:24 - 2011-12-25 22:29 - 00000000 ____D C:Program FilesiPod2013-11-26 20:19 - 2013-11-24 21:12 - 00001618 _____ C:Windowssetupact.log2013-11-26 19:58 - 2013-11-11 20:19 - 00000849 _____ C:UsersPublicDesktopAVG 2014.lnk2013-11-26 19:41 - 2009-07-12 18:55 - 00000000 ____D C:Program FilesMozilla Firefox2013-11-26 19:38 - 2011-02-08 13:24 - 00001356 _____ C:UserssnowmanAppDataLocald3d9caps.dat2013-11-24 21:12 - 2013-11-24 21:12 - 00000000 _____ C:Windowssetuperr.log2013-11-16 17:07 - 2011-12-02 14:29 - 00000000 ____D C:UserssnowmanAppDataLocalWinZip2013-11-11 20:22 - 2013-11-11 20:15 - 00000000 ____D C:UserssnowmanAppDataLocalAvg20142013-11-11 20:20 - 2013-11-11 20:20 - 00000000 ____D C:UserssnowmanAppDataRoamingAVG20142013-11-11 20:19 - 2013-11-11 20:19 - 00000000 ___HD C:$AVG2013-11-11 20:19 - 2013-11-11 20:19 - 00000000 ____D C:ProgramDataAVG20142013-11-11 20:18 - 2009-07-12 18:47 - 00000000 ____D C:Program FilesAVG2013-11-11 20:15 - 2013-11-11 20:06 - 00000000 ____D C:UserssnowmanAppDataLocalAvg20132013-11-10 17:44 - 2006-11-02 11:18 - 00000000 ___RD C:WindowsOffline Web Pages2013-11-10 16:42 - 2013-07-05 13:08 - 09452704 _____ (SurfRight B.V.) C:UserssnowmanDownloadshitmanpro(2).exe2013-11-10 16:24 - 2013-07-05 13:02 - 00000000 ____D C:Windowspss2013-11-10 16:17 - 2013-11-08 11:31 - 95025368 ____T C:ProgramData77t7j6ft.bxx2013-11-10 16:17 - 2013-11-08 11:31 - 00000000 _____ C:ProgramData77t7j6ft.fvv2013-11-05 21:50 - 2013-11-05 21:50 - 00120600 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgdiskx.sys2013-11-04 21:57 - 2013-11-04 21:57 - 00209176 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgidsdriverx.sys2013-10-31 23:00 - 2013-10-31 23:00 - 00176952 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavgldx86.sys2013-10-31 22:30 - 2013-10-31 22:30 - 00222520 _____ (AVG Technologies CZ, s.r.o.) C:Windowssystem32Driversavglogx.sysZeroAccess:C:$Recycle.BinS-1-5-18$f5f10a475644684d29d6f52fba7563f8ZeroAccess:C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8ZeroAccess:C:UserssnowmanAppDataLocalGoogleDesktopInstallZeroAccess:C:Program FilesGoogleDesktopInstallFiles to move or delete:====================C:ProgramData77t7j6ft.bxxC:ProgramData77t7j6ft.fvvSome content of TEMP:====================C:UserssnowmanAppDataLocalTempQuarantine.exe==================== Bamital & volsnap Check =================C:Windowsexplorer.exe => MD5 is legitC:WindowsSystem32winlogon.exe => MD5 is legitC:WindowsSystem32wininit.exe => MD5 is legitC:WindowsSystem32svchost.exe => MD5 is legitC:WindowsSystem32services.exe => MD5 is legitC:WindowsSystem32User32.dll => MD5 is legitC:WindowsSystem32userinit.exe => MD5 is legitC:WindowsSystem32Driversvolsnap.sys => MD5 is legitATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:Program FilesWindows DefenderLastRegBack: 2013-11-29 18:44==================== End Of Log ============================

Link to post
Share on other sites

Running from C:UserssnowmanDownloads

 

Need to change this location to desktop.

Find FRST right click send to desktop to follow through with instructions.

 

Simply download and copy fixlist.txt and FRST.exe to a folder of your choice and then start FRST and click on the Fix button, post the fixlog.txt to your next reply.

 

 

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

start

HKLM...Run: [] - [x]

HKLM...D6A79037F57FInprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?

HKCU...Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

HKCU...409d6c4515e9InprocServer32: [Default-shell32] C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8n. ATTENTION! ====> ZeroAccess/Alureon?

MountPoints2: {ba553e5d-a385-11de-91e2-002354684a8c} - C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sYsTem.exe

URLSearchHook: HKCU - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File

URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No File

SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}

SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - Yahoo! URL = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=270912_7a_3912_4&babsrc=SP_ss&mntrId=56d8bdb300000000000000224350b6d7

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-se...m/search/web?q={searchTerms}

BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No File

BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASCPlugin_Protection.dll (IObit)

Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%system32NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%System32mswsock.dll"

cmd: netsh winsock reset

FF user.js: detected! => C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultuser.js

FF SearchEngineOrder.1: Search the web (Babylon)

FF Extension: Advanced SystemCare Surfing Protection - C:UserssnowmanAppDataRoamingMozil[email protected]iobit.com

FF Extension: No Name - C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}.xpi

CHR Plugin: (Wajam) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp1.24_0plugins/PriamNPAPI.dll (Wajam)

CHR HKLM...ChromeExtension: [hbcennhacfaagdopikcegfcobcadeocj] - C:Program FilesCommon FilesSpigotGCsaebay_1.0.crx

CHR HKLM...ChromeExtension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:Program FilesCommon FilesSpigotGCerrorassistant_1.1.crx

CHR HKLM...ChromeExtension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:Program FilesAVGAVG2012Chromesafesearch.crx

CHR HKLM...ChromeExtension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:UserssnowmanAppDataLocalWajamChromewajam.crx

CHR HKLM...ChromeExtension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:Program FilesCommon FilesSpigotGCcoupons_2.4.crx

CHR HKLM...ChromeExtension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASC_GhromePluginFor6.crx

CHR HKLM...ChromeExtension: [pfndaklgolladniicklehhancnlgocpp] - C:Program FilesCommon FilesSpigotGCsaamazon_1.0.crx

S4 AdvancedSystemCareService6; C:Program FilesIObitAdvanced SystemCare 6ASCService.exe [574272 2013-04-18] (IObit)

S4 IMFservice; C:Program FilesIObitIObit Malware FighterIMFsrv.exe [821592 2012-01-09] (IObit)

U2 *etadpug; "C:Program FilesGoogleDesktopInstall{f5f10a47-5644-684d-29d6-f52fba7563f8} ...???{f5f10a47-5644-684d-29d6-f52fba7563f8}GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

C:$Recycle.BinS-1-5-18$f5f10a475644684d29d6f52fba7563f8

C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8

ZeroAccess:

C:UserssnowmanAppDataLocalGoogleDesktopInstall

ZeroAccess:

C:Program FilesGoogleDesktopInstall

C:ProgramData77t7j6ft.bxx

C:ProgramData77t7j6ft.fvv

C:UserssnowmanAppDataLocalTempQuarantine.exe

DeleteJunctionsIndirectory: C:Program FilesWindows Defender

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

-AdwCleaner-

 

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.

[*]Double click on AdwCleaner.exe to run the tool.

[*]Click on Scan.

[*]After the scan is complete click on "Clean"

[*]Confirm each time with Ok.

[*]Your computer will be rebooted automatically. A text file will open after the restart.

[*]Please post the content of that logfile with your next answer.

[*]You can find the logfile at C:AdwCleaner[s1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

-Junkware-Removal-Tool-

 

Please download Junkware Removal Tool to your desktop.

 

Vista / 7 / 8 users:

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

[*]Shut down your protection software now to avoid potential conflicts.

[*]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete depending on your system's specifications.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message.

in your next reply post:

FRST fixlog

AdwCleaner[s1].txt

JRT.txt

 

 

IObit software products are installed on your system.

 

The company behind this product was found to be stealing our database. Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

 

Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

[*]IOBit Steals Malwarebytes' Intellectual Property

[*]IOBit's Denial of Theft Unconvincing

[*]IOBit Theft Conclusion

[*]IObit: Trusting Your Antivirus Vendor

[*]Malwarebytes: IObit Stole Our Signatures Database

[*]IObit accused of stealing from Malwarebytes

Edited by Juliet
added info
Link to post
Share on other sites

Hi, heres the results.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-11-2013Ran by snowman at 2013-11-29 21:00:11 Run:1Running from C:UserssnowmanDownloadsBoot Mode: Normal==============================================Content of fixlist:*****************startHKLM...Run: [] - [x]HKLM...D6A79037F57FInprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?HKCU...Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)HKCU...409d6c4515e9InprocServer32: [Default-shell32] C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8n. ATTENTION! ====> ZeroAccess/Alureon?MountPoints2: {ba553e5d-a385-11de-91e2-002354684a8c} - C:Windowssystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sYsTem.exeURLSearchHook: HKCU - (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No FileURLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileSearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}SearchScopes: HKCU - Yahoo! URL = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-transSearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=270912_7a_3912_4&babsrc=SP_ss&mntrId=56d8bdb300000000000000224350b6d7SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D74C322C-9A52-47B2-B08F-150894CB0BFD}&mid=d04c432fad894e52fe8cd5807b24b383-33fae9f892c29b78eb99303b06340ab17a9bcbbf&lang=en&ds=AVG&pr=fr&d=2011-09-23 14:53:08&v=10.0.0.7&sap=dsp&q={searchTerms}SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-se...m/search/web?q={searchTerms}BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileBHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASCPlugin_Protection.dll (IObit)Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:Program FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileWinsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%system32NLAapi.dll"Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%System32mswsock.dll"cmd: netsh winsock resetFF user.js: detected! => C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultuser.jsFF SearchEngineOrder.1: Search the web (Babylon)FF Extension: Advanced SystemCare Surfing Protection - C:UserssnowmanAppDataRoamingMozil[email protected]iobit.comFF Extension: No Name - C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}.xpiCHR Plugin: (Wajam) - C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp1.24_0plugins/PriamNPAPI.dll (Wajam)CHR HKLM...ChromeExtension: [hbcennhacfaagdopikcegfcobcadeocj] - C:Program FilesCommon FilesSpigotGCsaebay_1.0.crxCHR HKLM...ChromeExtension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:Program FilesCommon FilesSpigotGCerrorassistant_1.1.crxCHR HKLM...ChromeExtension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:Program FilesAVGAVG2012Chromesafesearch.crxCHR HKLM...ChromeExtension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:UserssnowmanAppDataLocalWajamChromewajam.crxCHR HKLM...ChromeExtension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:Program FilesCommon FilesSpigotGCcoupons_2.4.crxCHR HKLM...ChromeExtension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASC_GhromePluginFor6.crxCHR HKLM...ChromeExtension: [pfndaklgolladniicklehhancnlgocpp] - C:Program FilesCommon FilesSpigotGCsaamazon_1.0.crxS4 AdvancedSystemCareService6; C:Program FilesIObitAdvanced SystemCare 6ASCService.exe [574272 2013-04-18] (IObit)S4 IMFservice; C:Program FilesIObitIObit Malware FighterIMFsrv.exe [821592 2012-01-09] (IObit)U2 *etadpug; "C:Program FilesGoogleDesktopInstall{f5f10a47-5644-684d-29d6-f52fba7563f8} ...???{f5f10a47-5644-684d-29d6-f52fba7563f8}GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)C:$Recycle.BinS-1-5-18$f5f10a475644684d29d6f52fba7563f8C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8ZeroAccess:C:UserssnowmanAppDataLocalGoogleDesktopInstallZeroAccess:C:Program FilesGoogleDesktopInstallC:ProgramData77t7j6ft.bxxC:ProgramData77t7j6ft.fvvC:UserssnowmanAppDataLocalTempQuarantine.exeDeleteJunctionsIndirectory: C:Program FilesWindows Defenderends*****************HKLMSoftwareMicrosoftWindowsCurrentVersionRun => Value deleted successfully.HKLMSoftwareClassesCLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InprocServer32Default => Value was restored successfully.HKCUSoftwareMicrosoftWindowsCurrentVersionRunGoogle Update* => Value deleted successfully.HKCUSoftwareClassesCLSID{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{ba553e5d-a385-11de-91e2-002354684a8c} => Key deleted successfully.HKCRCLSID{ba553e5d-a385-11de-91e2-002354684a8c} => Key not found.HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} => Value deleted successfully.HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value deleted successfully.HKCRCLSID{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key deleted successfully.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope => Value deleted successfully.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopesBrowserMngrDefaultScope => Value deleted successfully.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopesYahoo! => Key deleted successfully.HKCRWow6432NodeCLSIDYahoo! => Key not found.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.HKCRWow6432NodeCLSID{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.HKCRWow6432NodeCLSID{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully.HKCRWow6432NodeCLSID{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key deleted successfully.HKCRCLSID{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key not found.HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key deleted successfully.HKCRCLSID{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key deleted successfully.HKLMSOFTWAREMicrosoftInternet ExplorerToolbar{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCRCLSID{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKLMSOFTWAREMicrosoftInternet ExplorerToolbar{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value deleted successfully.HKCRCLSID{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key not found.HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCRCLSID{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.HKCRCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.Winsock: Catalog5 entry 000000000001LibraryPath was set successfully to %SystemRoot%system32NLAapi.dllWinsock: Catalog5 entry 000000000005LibraryPath was set successfully to %SystemRoot%System32mswsock.dll========= netsh winsock reset =========Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset.========= End of CMD: =========C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultuser.js => Moved successfully.Firefox SearchEngineOrder.1 deleted successfully.C:UserssnowmanAppDataRoamingMozil[email protected]iobit.com => Moved successfully.C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultExtensions{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}.xpi => Moved successfully.C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp1.24_0plugins/PriamNPAPI.dll => Moved successfully.HKLMSOFTWAREGoogleChromeExtensionshbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully."C:Program FilesCommon FilesSpigotGCsaebay_1.0.crx" => File/Directory not found.HKLMSOFTWAREGoogleChromeExtensionsicdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully."C:Program FilesCommon FilesSpigotGCerrorassistant_1.1.crx" => File/Directory not found.HKLMSOFTWAREGoogleChromeExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla => Key deleted successfully.C:Program FilesAVGAVG2012Chromesafesearch.crx => Moved successfully.HKLMSOFTWAREGoogleChromeExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp => Key deleted successfully."C:UserssnowmanAppDataLocalWajamChromewajam.crx" => File/Directory not found.HKLMSOFTWAREGoogleChromeExtensionsmhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully."C:Program FilesCommon FilesSpigotGCcoupons_2.4.crx" => File/Directory not found.HKLMSOFTWAREGoogleChromeExtensionsnfengeggddojhakldhlpjdlddgkkjkdd => Key deleted successfully.C:Program FilesIObitAdvanced SystemCare 6BrowerProtectASC_GhromePluginFor6.crx => Moved successfully.HKLMSOFTWAREGoogleChromeExtensionspfndaklgolladniicklehhancnlgocpp => Key deleted successfully."C:Program FilesCommon FilesSpigotGCsaamazon_1.0.crx" => File/Directory not found.AdvancedSystemCareService6 => Service deleted successfully.IMFservice => Service deleted successfully.*etadpug => Service deleted successfully.C:$Recycle.BinS-1-5-18$f5f10a475644684d29d6f52fba7563f8 => Directory moved successfully.C:$Recycle.BinS-1-5-21-3096348332-898261059-2611295188-1000$f5f10a475644684d29d6f52fba7563f8 => Directory moved successfully."C:UserssnowmanAppDataLocalGoogleDesktopInstall" directory move:Could not move "C:UserssnowmanAppDataLocalGoogleDesktopInstall" directory. => Scheduled to move on reboot."C:Program FilesGoogleDesktopInstall" directory move:Could not move "C:Program FilesGoogleDesktopInstall" directory. => Scheduled to move on reboot.C:ProgramData77t7j6ft.bxx => Moved successfully.C:ProgramData77t7j6ft.fvv => Moved successfully.C:UserssnowmanAppDataLocalTempQuarantine.exe => Moved successfully."C:Program FilesWindows Defender" => Deleting reparse point and unlocking started."C:Program FilesWindows Defenderen-US" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpAsDesc.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpClient.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpCmdRun.exe" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpEvMsg.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpOAV.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpRtMon.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpRtPlug.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpSigDwn.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpSoftEx.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMpSvc.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMSASCui.exe" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMsMpCom.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMsMpLics.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows DefenderMsMpRes.dll" => Deleting reparse point and unlocking done."C:Program FilesWindows Defender" => Deleting reparse point and unlocking completed.=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-11-29 21:03:47)<=C:UserssnowmanAppDataLocalGoogleDesktopInstall => Is moved successfully.C:Program FilesGoogleDesktopInstall => Is moved successfully.==== End of Fixlog ====

Link to post
Share on other sites

Heres the addition one:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-11-2013Ran by snowman at 2013-11-29 19:22:13Running from C:UserssnowmanDownloadsBoot Mode: Normal============================================================================== Security Center ============================================ Installed Programs ======================2007 Microsoft Office system (Version: 12.0.4518.1014)ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)Activation Assistant for the 2007 Microsoft Office suitesActivation Assistant for the 2007 Microsoft Office suites (Version: 1.0)Adobe AIR (Version: 2.7.0.19530)Adobe Download Assistant (Version: 1.0.2)Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)Adobe Flash Player 11 Plugin (Version: 11.7.700.202)Adobe Reader X (10.1.5) (Version: 10.1.5)Adobe Shockwave Player 11.5 (Version: 11.5.9.615)Advanced SystemCare 6 (Version: 6.3)Agere Systems HDA ModemApple Application Support (Version: 2.1.9)Apple Software Update (Version: 2.1.3.127)ASUS Power4Gear Hybrid (Version: 1.1.02)ASUS Splendid Video Enhancement Technology (Version: 1.02.0021)Atheros Client Installation Program (Version: 7.0)ATK Generic Function Service (Version: 1.00.0008)ATK Hotkey (Version: 1.0.0040)ATKOSD2 (Version: 6.64.1.6)AVG 2014 (Version: 14.0.3629)AVG 2014 (Version: 14.0.4259)AVG 2014 (Version: 2014.0.4259)Bonjour (Version: 3.0.0.10)Boulder Dash-XL (Version: 1.0.0.0)CCleaner (Version: 3.28)Cisco EAP-FAST Module (Version: 2.1.6)Cisco LEAP Module (Version: 1.0.12)Cisco PEAP Module (Version: 1.0.13)Coupon Printer (Version: 2.0)CyberLink Power2Go (Version: 6.0.1924)DHTML Editing Component (Version: 6.02.0001)D-Link VGA WebcamElevated Installer (Version: 2.1.13)Epson Easy Photo Print 2 (Version: 2.2.4.0)Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)Epson Event Manager (Version: 2.40.0009)EPSON ScanEPSON Stylus SX100_TX100 ManualEPSON SX100 Series Printer UninstallExpress Gate (Version: 0.8.7.0)Facebook Video Calling 1.0.0.7428 (Version: 1.0.7428)Facebook Video Calling 1.0.0.8714 (Version: 1.0.8714)Garmin Express (Version: 2.1.13)Garmin Express Tray (Version: 2.1.13)Garmin Update Service (Version: 2.1.13)Intel® Graphics Media Accelerator DriverIObit Apps Toolbar v7.2 (Version: 7.2)IObit Malware Fighter (Version: 1.0)IObit Toolbar v4.4 (Version: 4.4)Java Auto Updater (Version: 2.0.5.1)Java 6 Update 26 (Version: 6.0.260)LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)Microsoft Games for Windows - LIVE Redistributable (Version: 1.2.0241)Microsoft Office Access MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Access MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Excel MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Excel MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Outlook MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Outlook MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office PowerPoint MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Publisher MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Publisher MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Shared MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Shared MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Word MUI (Dutch) 2007 (Version: 12.0.4518.1017)Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Word MUI (French) 2007 (Version: 12.0.4518.1014)Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.4518.1018)Microsoft Office XP Standard (Version: 10.0.2627.01)Microsoft Publisher 2002 (Version: 10.0.2627.01)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)Mozilla Thunderbird (3.1.6) (Version: 3.1.6 (en-US))MSVC80_x86_v2 (Version: 1.0.3.0)MSVC90_x86 (Version: 1.0.1.2)MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)MyFreeCodecQuickTime (Version: 7.72.80.56)RarZilla Free Unrar (Version: 2.55)Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)Realtek High Definition Audio Driver (Version: 6.0.1.5689)RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)RoboForm 7-4-2 (All Users) (Version: 7-4-2)Smart Defrag 2 (Version: 2.7)Turbo Lister 2 (Version: 2.00.0000)Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)WinRAR 4.01 (32-bit) (Version: 4.01.0)WinZip 15.0 (Version: 15.0.9334)Wireless Console 2 (Version: 2.0.10)==================== Restore Points =========================Could not list Restore Points. Check WMI.==================== Hosts content: ==========================2006-11-02 10:23 - 2013-07-05 12:55 - 00000747 ____A C:Windowssystem32Driversetchosts127.0.0.1 localhost::1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {040A68E2-3A69-4E7F-9C85-A6DA5B081CFB} - System32TasksAdobe Flash Player Updater => C:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)Task: {057F8700-2368-4DD3-AA41-099E2FA97FAB} - System32TasksASC6_AutoClean => C:Program FilesIObitAdvanced SystemCare 6AutoSweep.exe [2013-06-18] (IObit)Task: {1175E91D-46D6-4B71-9895-ED763AD916FD} - System32TasksMicrosoftWindows DefenderMP Scheduled Scan => C:Program FilesWindows DefenderMpCmdRun.exe [2008-01-21] ()Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32TasksMicrosoftWindowsMobilePCTMMTask: {1E0D58AB-509B-4BAC-94C0-A0162E2FA5F4} - System32TasksAppleAppleSoftwareUpdate => C:Program FilesApple Software UpdateSoftwareUpdate.exeTask: {40B9FC1C-6E16-4F96-90F2-5ADE19E69266} - System32TasksMicrosoftWindows DefenderMP Scheduled Signature Update => C:Program FilesWindows DefenderMpCmdRun.exe [2008-01-21] ()Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32TasksMicrosoftWindowsWirelessGatherWirelessInfo => C:WindowsSystem32gatherWirelessInfo.vbs [2008-01-21] ()Task: {7185A434-FD66-4DA2-9727-7C68D4D8004C} - System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [2013-02-25] (Piriform Ltd)Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32TasksMicrosoftWindowsNetworkAccessProtectionNAPStatus UITask: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32TasksMicrosoftWindowsShellCrawlStartPagesTask: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32TasksMicrosoftWindowsRACRACAgent => C:WindowsSystem32RacAgent.exe [2008-01-21] (Microsoft Corporation)Task: {CB63F2D5-A19D-41F0-975B-F4EFE8CF16FD} - System32TasksSmartDefragUpdate => C:Program FilesIObitSmart Defrag 2AutoUpdate.exe [2012-09-06] (IObit)Task: C:WindowsTasksAdobe Flash Player Updater.job => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exeTask: C:WindowsTasksUser_Feed_Synchronization-{230F9F45-EA8D-4384-BDBA-0B58DE0BD258}.job => C:Windowssystem32msfeedssync.exe==================== Loaded Modules (whitelisted) ================================= Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:ProgramDataTemp:0B4227B4==================== Safe Mode (whitelisted) ===================HKLMSYSTEMCurrentControlSetControlSafeBootMinimalIMFservice => ""="Service"==================== Faulty Device Manager Devices =============Could not list Devices. Check WMI.==================== Event log errors: =========================Application errors:==================Error: (11/29/2013 06:38:44 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest1".Error in manifest or policy file "C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest2" on line C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.Component 2: C:WindowsWinSxSmanifestsx86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.Error: (11/29/2013 06:38:34 PM) (Source: System Restore) (User: )Description: The restore point selected was damaged or deleted during the restore (Scheduled Checkpoint).Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE6> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE6> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE5> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE5> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE4> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE4> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE3> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Error: (11/29/2013 06:21:16 PM) (Source: Windows Search Service) (User: )Description: The entry <C:USERSSNOWMANAPPDATALOCALMOZILLAFIREFOXPROFILES1BBPBV7G.DEFAULTCACHE3> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)System errors:=============Error: (11/29/2013 07:21:39 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/29/2013 06:40:32 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)Description: 0x80070032Error: (11/29/2013 06:38:18 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/29/2013 06:21:15 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)Description: 0x80070032Error: (11/29/2013 06:20:04 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/29/2013 06:19:30 PM) (Source: Dhcp) (User: )Description: The IP address lease 192.168.0.9 for the Network Card with network address 00224350B6D7 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).Error: (11/28/2013 07:54:51 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)Description: 0x80070032Error: (11/28/2013 07:53:21 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/28/2013 07:10:28 PM) (Source: DCOM) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}Error: (11/28/2013 07:09:51 PM) (Source: DCOM) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2013-11-29 19:21:50.708 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driversavgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-29 19:21:50.303 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driversavgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-29 19:21:49.881 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driversavgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-29 19:21:49.476 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driversavgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:29:01.136 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:29:00.632 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:29:00.220 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:28:59.808 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:28:59.399 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-11-27 21:28:58.991 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Windowswinsxsx86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0tcpip.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 47%Total physical RAM: 3062.48 MBAvailable physical RAM: 1614.76 MBTotal Pagefile: 6363.23 MBAvailable Pagefile: 5174.45 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1916.95 MB==================== Drives ================================Drive c: (VistaOS) (Fixed) (Total:55.89 GB) (Free:11.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (DATA) (Fixed) (Total:46.13 GB) (Free:45.97 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 112 GB) (Disk ID: 97646C29)Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)Partition 2: (Active) - (Size=56 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=46 GB) - (Type=OF Extended)==================== End Of Log ============================

Link to post
Share on other sites

Hi, heres the adwcleaner log:

 

# AdwCleaner v3.013 - Report created 29/11/2013 at 21:25:06# Updated 24/11/2013 by Xplode# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)# Username : snowman - SNOWMAN-PC# Running from : C:UserssnowmanDownloadsAdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:UserssnowmanAppDataLocalLowAVG Security ToolbarFolder Deleted : C:UserssnowmanAppDataLocalLowSearch SettingsFolder Deleted : C:UserssnowmanAppDataRoamingMicrosoftWindowsStart MenuProgramsBrowser ManagerFolder Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultConduitFolder Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultFCTBFolder Deleted : C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahlaFolder Deleted : C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjpFile Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultBrowserMngr_extensions.sqliteFile Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultbrowsermngr_prefs.jsFile Deleted : C:Program FilesMozilla Firefoxsearchpluginsavg-secure-search.xmlFile Deleted : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultsearchpluginsdaemon-search.xml***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLMSOFTWAREClassesAppIDGenericAskToolbar.DLLKey Deleted : HKLMSOFTWAREMicrosoftShared ToolsMSConfigstartupregSearchSettingsKey Deleted : HKLMSOFTWAREClassesAppID{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Deleted : HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLMSOFTWAREClassesCLSID{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLMSOFTWAREClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLMSOFTWAREClassesCLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLMSOFTWAREClassesInterface{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLMSOFTWAREClassesInterface{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLMSOFTWAREClassesInterface{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLMSOFTWAREClassesTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{03EB0E9C-7A91-4381-A220-9B52B641CDB1}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{32099AAC-C132-4136-9E9A-4E364A424E17}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{03EB0E9C-7A91-4381-A220-9B52B641CDB1}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{03EB0E9C-7A91-4381-A220-9B52B641CDB1}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKCUSoftwareAsk.comKey Deleted : HKCUSoftwareMyfree CodecKey Deleted : HKCUSoftwareSearch SettingsKey Deleted : HKCUSoftwareYahooPartnerToolbarKey Deleted : HKCUSoftwareAppDataLowAskToolbarInfoKey Deleted : HKCUSoftwareAppDataLowSoftwareAskToolbarKey Deleted : HKCUSoftwareAppDataLowSoftwareAVG Security ToolbarKey Deleted : HKCUSoftwareAppDataLowSoftwareSearch SettingsKey Deleted : HKLMSoftwareApplication UpdaterKey Deleted : HKLMSoftwareAVG Security ToolbarKey Deleted : HKLMSoftwareBrowserMngrKey Deleted : HKLMSoftwareConduitKey Deleted : HKLMSoftwareDataMngrKey Deleted : HKLMSoftwareDeviceVMKey Deleted : HKLMSoftwareMyfree CodecKey Deleted : HKLMSoftwareSearch SettingsKey Deleted : HKLMSoftwareTarma InstallerKey Deleted : HKLMSoftwareUniblueKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallMyFreeCodecKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheAVG Secure SearchKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheMyFreeCodecKey Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components00E944CB89111313EAF35A0553F547F9Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components53F55AF3F4049ED3FA6EA6F88E414E24Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components68E4BF4B11615E03C97732FD581AB607Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8CE3DDAB2D152683FBCEB4866BCD2B0FKey Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAF6CE16AFEA5C9A39B766468A8B35C21Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsFB1E44269B58F433A8C8E671E37CFDCF***** [ Browsers ] *****- Internet Explorer v8.0.6001.19437- Mozilla Firefox v5.0 (en-US)[ File : C:UserssnowmanAppDataRoamingMozillaFirefoxProfiles1bbpbv7g.defaultprefs.js ]Line Deleted : user_pref("CT2384137.CTID", "CT2384137");Line Deleted : user_pref("CT2384137.DialogsAlignMode", "LTR");Line Deleted : user_pref("CT2384137.EMailNotifierPollDate", "Wed Dec 02 2009 17:27:00 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedLastCount129027572955594721", 100);Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531254", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531255", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531256", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531257", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedPollDate129027572956531258", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.FeedTTL129027572956531254", 40);Line Deleted : user_pref("CT2384137.FeedTTL129027572956531255", 40);Line Deleted : user_pref("CT2384137.FeedTTL129027572956531256", 40);Line Deleted : user_pref("CT2384137.FeedTTL129027572956531257", 40);Line Deleted : user_pref("CT2384137.FeedTTL129027572956531258", 40);Line Deleted : user_pref("CT2384137.FirstTime", true);Line Deleted : user_pref("CT2384137.FirstTimeFF3", true);Line Deleted : user_pref("CT2384137.GroupingServerCheckInterval", 1440);Line Deleted : user_pref("CT2384137.Initialize", true);Line Deleted : user_pref("CT2384137.InitializeCommonPrefs", true);Line Deleted : user_pref("CT2384137.InstalledDate", "Wed Dec 02 2009 17:26:42 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.InvalidateCache", false);Line Deleted : user_pref("CT2384137.IsGrouping", false);Line Deleted : user_pref("CT2384137.IsMulticommunity", false);Line Deleted : user_pref("CT2384137.IsOpenThankYouPage", true);Line Deleted : user_pref("CT2384137.IsOpenUninstallPage", true);Line Deleted : user_pref("CT2384137.LanguagePackLastCheckTime", "Wed Dec 02 2009 17:26:42 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.LanguagePackReloadIntervalMM", 1440);Line Deleted : user_pref("CT2384137.LastLogin_2.4.0.4", "Wed Dec 02 2009 17:27:01 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.LatestVersion", "2.1.0.18");Line Deleted : user_pref("CT2384137.Locale", "en");Line Deleted : user_pref("CT2384137.LoginCache", 4);Line Deleted : user_pref("CT2384137.MCDetectTooltipHeight", "83");Line Deleted : user_pref("CT2384137.MCDetectTooltipWidth", "295");Line Deleted : user_pref("CT2384137.RadioIsPodcast", false);Line Deleted : user_pref("CT2384137.RadioLastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.RadioLastUpdateIPServer", "4");Line Deleted : user_pref("CT2384137.RadioLastUpdateServer", "128998424480370000");Line Deleted : user_pref("CT2384137.RadioMediaID", "12743586");Line Deleted : user_pref("CT2384137.RadioMediaType", "Media Player");Line Deleted : user_pref("CT2384137.RadioMenuSelectedID", "EBRadioMenu_CT238413712743586");Line Deleted : user_pref("CT2384137.RadioStationName", "Radio%20IO%20-%2080s%20New%20Wave%20");Line Deleted : user_pref("CT2384137.SHRINK_TOOLBAR", 1);Line Deleted : user_pref("CT2384137.SearchFromAddressBarIsInit", true);Line Deleted : user_pref("CT2384137.SearchInNewTabEnabled", true);Line Deleted : user_pref("CT2384137.SearchInNewTabIntervalMM", 1440);Line Deleted : user_pref("CT2384137.SearchInNewTabLastCheckTime", "Wed Dec 02 2009 17:27:01 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.SettingsCheckIntervalMin", 120);Line Deleted : user_pref("CT2384137.SettingsLastCheckTime", "Wed Dec 02 2009 17:26:38 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.SettingsLastUpdate", "1258978429");Line Deleted : user_pref("CT2384137.ThirdPartyComponentsInterval", 72);Line Deleted : user_pref("CT2384137.ThirdPartyComponentsLastCheck", "Wed Dec 02 2009 17:26:38 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.ThirdPartyComponentsLastUpdate", "1258978429");Line Deleted : user_pref("CT2384137.UserID", "UN25072000087283417");Line Deleted : user_pref("CT2384137.WeatherNetwork", "");Line Deleted : user_pref("CT2384137.WeatherPollDate", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CT2384137.WeatherUnit", "C");Line Deleted : user_pref("CT2384137.alertChannelId", "778910");Line Deleted : user_pref("CT2384137.clientLogIsEnabled", true);Line Deleted : user_pref("CT2384137.myStuffEnabled", true);Line Deleted : user_pref("CT2384137.myStuffPublihserMinWidth", 400);Line Deleted : user_pref("CT2384137.myStuffServiceIntervalMM", 1440);Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2384137");Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Dec 02 2009 18:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Dec 02 2009 17:26:38 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);Line Deleted : user_pref("CommunityToolbar.alert.userId", "{55274040-4185-4ed4-8ad7-2e51b49eec68}");Line Deleted : user_pref("CommunityToolbar.twitter.user_14372486.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.twitter.user_20278298.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.twitter.user_717313.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("CommunityToolbar.twitter.user_819800.LastCheckTime", "Wed Dec 02 2009 17:26:41 GMT+0000 (GMT Standard Time)");Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110823&tt=270912_7a_3912_4");Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "29");Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "GB");Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "7C25829B735E85A647E9A2BD23B8C1D2");Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);Line Deleted : user_pref("extensions.BabylonToolbar.id", "56d8bdb300000000000000224350b6d7");Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15611");Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");Line Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1211:54:21");Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Line Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1211:54:21");Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=270912_7a_3912_4");Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1211:54:21");Line Deleted : user_pref("[email protected]", true);Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url("I[...]Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?://(.+.)?ask.com/.*");Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url("IMAGE") right no-repeat}");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.2803282.KeywordHistory", "homebase%7Csaving%2520emails%2520in%2520thunderbird%7Cremoving%2520rootkit%7Ccan%2527t%2520download%7Cpc%2520pitstop");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.AutoSearchEventData", "auto%20search");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.ClearCacheDate", 29);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DNSCatch", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DisplayEULA", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DnsCatchEventData", "dns%20catch");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.EBOMode", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.EnableDCAData_xx", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.EnableDCA_xx", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.FirstLaunchShown", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.InstallDomain", "freecause.com");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.InstallType", "one_click");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.LoadLayoutDate.61465", 29);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.NewTabSearchEventData", "tab%20search");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.ShowRecommendedOptions", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.StateReportDate", "1385668151657");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.TopRightSearchEventData", "top%20right%20search");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeInstallSaved", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.homepage", "hxxp%3A//isearch.avg.com%3Fcid%3D%257B42627fd8-d1c0-4b92-9f03-7b364cc15f51%257D%26mid%3Dd04c432fad894e52fe8cd5807b24b383-[...]Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.search", "Google");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.affiliate.2803296.disabled", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_img", "aHR0cDovL3MzdG9vbGJhci5mcmVlY2F1c2UuY29tL3lhaG9vX3B1cnBsZV95YmFuZy5wbmc%3D");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_url", "aHR0cDovL3VrLnNlYXJjaC55YWhvby5jb20vc2VhcmNoP291cm1hcms9MSZlaT11dGYtOCZmcj1uZWN0YXItdGItdjImc2x2OC0mdHlwZT0ldG9vb[...]Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.text", "Search%20to%20Collect%20Nectar%20Points");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.customNewTab", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaDefaultMode", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaShowInstallerPage", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaShowSurvey", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.helpUsImprove", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.hideOthers", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.partnerauth", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.processAddrBar", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.restoreSearch", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.", "1385749624");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.123", "61684");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1349964241", "nectar_oct_promo_event_1349964241");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1350495592", "nectar_oct_promo_event_1350495592");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1350844908", "nectar_oct_promo_event_1350844908");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1351625212", "nectar_oct_promo_event_1351625212");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1346593733", "nectar_sept_promo_1346593733");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1347019761", "nectar_sept_promo_1347019761");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1347547149", "nectar_sept_promo_1347547149");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1348224782", "nectar_sept_promo_1348224782");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1348253890", "nectar_sept_promo_1348253890");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1348948781", "nectar_sept_promo_1348948781");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.searchHistory", true);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.session", "9F24A9E7A4EB6FD6271AE2DE2FABF8F54DC0734E66547268982FACE4FA88DA3AD5D2B92C7A2D90C46F3AA27B92525278866A2621A04FA96A99F8E87CE362528ED01434DF[...]Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.showFirstLaunchOptions", false);Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.tb_lang", "en");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.tool_id", "61465");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_id", "119589599");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_key", "357c13f3d6e795f9c1bf0ca832523bda815d31a3");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_layouts", "61465");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_lnames", "Nectar%20Search%20Toolbar");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");Line Deleted : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.yahooSearch", false);Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");- Google Chrome v[ File : C:UserssnowmanAppDataLocalGoogleChromeUser DataDefaultpreferences ]*************************AdwCleaner[R0].txt - [28938 octets] - [28/11/2013 19:11:50]AdwCleaner[R1].txt - [26527 octets] - [29/11/2013 21:18:38]AdwCleaner[R2].txt - [26588 octets] - [29/11/2013 21:21:27]AdwCleaner[s0].txt - [884 octets] - [28/11/2013 19:19:06]AdwCleaner[s1].txt - [27052 octets] - [29/11/2013 21:25:06]########## EOF - C:AdwCleanerAdwCleaner[s1].txt - [27113 octets] ##########

Link to post
Share on other sites

How's the computer now?

 

Below are items I suggest you uninstall. Use Revo Uninstaller for the items that don't want to go nicely.

If some of the items don't appear in the list go to the next one.

 

Advanced SystemCare 6 (Version: 6.3)

IObit Apps Toolbar v7.2 (Version: 7.2)

IObit Malware Fighter (Version: 1.0)

IObit Toolbar v4.4 (Version: 4.4)

Java 6 Update 26 (Version: 6.0.260)

 

 

 

 

Please download and install Revo Uninstaller Free

[*]Double click Revo Uninstaller to run it.

[*]From the list of programs double click on The Program to remove

[*]When prompted if you want to uninstall click Yes.

[*]Be sure the Moderate option is selected then click Next.

[*]The program will run, If prompted again click Yes

[*]when the built-in uninstaller is finished click on Next.

[*]Once the program has searched for leftovers click Next.

[*]Check/tick the bolded items only on the list then click Delete

[*]when prompted click on Yes and then on next.

[*]put a check on any folders that are found and select delete

[*]when prompted select yes then on next

[*]Once done click Finish.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Run Cleaner, if it's not operable, delete your version and download again.

[*]Download CCleaner from here

[*]Run the installer to install the application.

[*]When it gives you the option to install Yahoo toolbar uncheck the box next to it.

[*](make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).

[*]Click Run Cleaner.

[*]Close CCleaner.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Go here to run an online scanner from ESET.

[*]Turn off the real time scanner of any existing antivirus program while performing the online scan

[*]Tick the box next to YES, I accept the Terms of Use.

[*]Click Start

[*]When asked, allow the activeX control to install

[*]Click Start

[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

[*]Click Scan

[*]Wait for the scan to finish

[*]When the scan completes, press the LIST OF THREATS FOUND button

[*]Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop

[*]Include the contents of this report in your next reply.

[*]Press the BACK button.

[*]Press Finish

Link to post
Share on other sites

Hi, I've been able to download the programs you've asked me to so thats good :)

I'm running jrt at the moment but it seems stuck on checking processes, so far it says:

creating a registry backup

checking start up

checking modules

Error: server execution failed

checking processes

 

It's been here for at least 10 mins, the little underscore is still flashing so I guess it's still running.

 

Thanks again for your help :clap:

 

Will pots the other results as soon as there done, it's getting late here now so hopefully they won't take too long. I'm using my sons computer at the moment to let you know how its going so far and to let you know I haven't gone :)

Link to post
Share on other sites

how's your computer behaving now?

 

Kinda to early to say if we're finished scanning, depends on your computer. So it is possible.

When finished for the night, leave the computer disconnected from the internet.

 

Rest, and see you tomorrow.

Link to post
Share on other sites

Hi, Haven't been on the laptop since Friday as haven't had a moment. Going to run jrt now. I always disconnect my laptop from the net when I'm not using it. I'm jsut a bit worried about using it now :unsure:

Thanks again, will post results soon.

Link to post
Share on other sites

Heres the results.

C:#GDATA.Trash.Store#{1C4CECF8-F146-4F9F-B4CD-9B02244D4E1A} probably a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesCommon FilesSpigotSearch SettingsSearchSettings.exe.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesCommon FilesSpigotSearch SettingsSearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A applicationC:AdwCleanerQuarantineCProgram FilesCommon FilesSpigotSearch Settingswth160.dll.vir Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.10.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.11.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.12.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.13.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.14.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.15.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.16.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.17.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.18.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.19.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.20.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.21.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.22.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.5.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.6.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.7.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.8.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.9.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarFFcomponentsiobitappsFF.dll.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgram FilesIObit Apps ToolbarIE7.2iobitappsToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi applicationC:AdwCleanerQuarantineCProgramDataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B applicationC:UserssnowmanAppDataLocalLowSunJavaDeploymentcache6.0294fd1631d-768831a8 multiple threatsC:UserssnowmanAppDataLocalLowSunJavaDeploymentcache6.039114ed67-5e7e54a9 multiple threatsC:UserssnowmanAppDataLocalLowSunJavaDeploymentcache6.041b2867e9-2f851005 Java/Exploit.Agent.OYK trojanC:UserssnowmanAppDataLocalLowSunJavaDeploymentcache6.06044373fc-2ec5a5c2 multiple threatsC:UserssnowmanAppDataRoamingAVGRescuePC Tuneup 2011111111111706908.rsc a variant of Java/JShrink.A applicationC:UserssnowmanAppDataRoamingMicrosoftWindowsTemplatesFreeAppsSetup.exe probably a variant of Win32/FreeNew applicationC:UserssnowmanDownloadsAVG AntiVirus.exe a variant of Win32/AirAdInstaller.A applicationC:UserssnowmanDownloadssd-setup(1).exe a variant of Win32/ELEX applicationC:UserssnowmanDownloadssd-setup.exe a variant of Win32/ELEX applicationC:UserssnowmanDownloadsspeedupmypc.exe Win32/SpeedUpMyPC application

Link to post
Share on other sites

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

This should take care of the Java cache.

 

Then restart the computer and then run the following and post back the log please.

 

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

C:#GDATA.Trash.Store#{1C4CECF8-F146-4F9F-B4CD-9B02244D4E1A}

C:UserssnowmanAppDataRoamingAVGRescuePC Tuneup 2011111111111706908.rsc

C:UserssnowmanAppDataRoamingMicrosoftWindowsTemplatesFreeAppsSetup.exe

C:UserssnowmanDownloadssd-setup(1).exe

C:UserssnowmanDownloadssd-setup.exe

C:UserssnowmanDownloadsspeedupmypc.exe

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

Please post the log when finished.

 

How's your computer today?

Link to post
Share on other sites

Hi, heres the log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013Ran by snowman at 2013-12-02 20:49:34 Run:2Running from C:UserssnowmanDownloadsBoot Mode: Normal==============================================Content of fixlist:*****************C:#GDATA.Trash.Store#{1C4CECF8-F146-4F9F-B4CD-9B02244D4E1A}C:UserssnowmanAppDataRoamingAVGRescuePC Tuneup 2011111111111706908.rscC:UserssnowmanAppDataRoamingMicrosoftWindowsTemplatesFreeAppsSetup.exeC:UserssnowmanDownloadssd-setup(1).exeC:UserssnowmanDownloadssd-setup.exeC:UserssnowmanDownloadsspeedupmypc.exe*****************C:#GDATA.Trash.Store#{1C4CECF8-F146-4F9F-B4CD-9B02244D4E1A} => Moved successfully.C:UserssnowmanAppDataRoamingAVGRescuePC Tuneup 2011111111111706908.rsc => Moved successfully.C:UserssnowmanAppDataRoamingMicrosoftWindowsTemplatesFreeAppsSetup.exe => Moved successfully.C:UserssnowmanDownloadssd-setup(1).exe => Moved successfully.C:UserssnowmanDownloadssd-setup.exe => Moved successfully.C:UserssnowmanDownloadsspeedupmypc.exe => Moved successfully.==== End of Fixlog ====

 

Hope Ive done it right I managed to get rid of farbar and had to download it again :yikes:

 

Comp seems a bit faster. I'll have a go at downloading itunes now.

Thanks

Link to post
Share on other sites

If there are no other issues, your good to go.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

no needed to post the log this time.

 

 

start

DeleteQuarantine:

end

You can delete or uninstall any other tools we used.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Please take the time to read over a few of my preventive tips.

 

 

Computer Security

http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960

 

 

Be prepared for CryptoLocker:

 

Cryptolocker Ransomware: What You Need To Know

 

CryptoLocker Ransomware Information Guide and FAQ

 

Download CryptoPrevent free for home use

Here

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

[*]Green should be good to go

[*]Yellow for caution

[*]Red to stop

How to prevent Malware: Created by Miekiemoes

 

 

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/

and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

.

I would recommend that you completely uninstall Java unless you need it to run an important software.

In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))

 

 

Scan your computer regularly for malware

Scan on a regular basis to keep your computer clean, free software such as Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware-

Please note that these products can also be run as free without a licience as a scan on demand scanner.

 

Backup regularly

 

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

 

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

 

Avoid P2P

 

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

 

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

[*]FBI Cyber Education Letter

File sharing infects 500,000 computers

USAToday

infoworld

*********************************************

Please read the following safe computing articles..

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

Then consider a password keeper, to keep all your passwords safe.

 

Free Antivirus-AntiSpyware-Firewall Software

 

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

Slow Computer May Not Be Malware Related, Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html

http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html

 

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

This site offers people who have been (or are) victims of malware the opportunity to document their story.

 

How did I get infected in the first place? by TonyKlein

http://www.geekstogo.com/how-did-i-get-infected-in-the-first-place/

 

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Edited by Juliet
typo
Link to post
Share on other sites

Heres the log

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013Ran by snowman at 2013-12-02 21:18:21 Run:3Running from C:UserssnowmanDownloadsBoot Mode: Normal==============================================Content of fixlist:*****************startDeleteQuarantine:end*****************C:FRSTQuarantine => Removed successfully.==== End of Fixlog ====

 

Thankyou so much for your help :clap:

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...