Trojan horse FakeAV unable to be deleted by AVG 2011 Free Edition

OCD · Jul 25, 2014

Hi Holsten87,

Disable FireFox plug-in

At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance panel.
Select the add-on you wish to disable.
- 2YourFace
Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:

HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Run: [uTorrent] => C:\Users\Holly Chapman\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-21] (BitTorrent Inc.)
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Run: [SearchProtection] => C:\Users\Holly Chapman\AppData\Roaming\Search Protection\SearchProtection.EXE [873832 2014-07-17] (Spigot, Inc.)
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - {C0197584-7E91-4454-8177-07E01E8098A6} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4d4acdad&v=6.11.25.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKCU - {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL}
SearchScopes: HKCU - {E72EEF90-4393-4B8E-9DCF-9FDFDB659A30} URL = http://internetsearchservice.com/search?q={searchTerms}
BHO: No Name -> {A3BC75A2-1F87-4686-AA43-5347D756017C} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: No Name -> {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} -> No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MBAEA6744-D857-4CE3-8A2A-712EF60CAE3F&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP7D9A60B4-EE90-48AB-ABC1-F7FAB62519F6
FF Extension: 2YourFace - C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\profiles\extensions\support@2yourface.com [2011-08-15]
CHR Extension: (AVG Safe Search) - C:\Users\Holly Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-07-10]

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Reboot

=========================

AdwCleaner v3: Scan & Clean

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

Fixlog.txt

AdwCleaner[S0].txt

JRT.txt

New FRST.txt

Holsten87 · Jul 26, 2014

Hi OCD,

I couldn't find 2yourface on the addons list, I did a search for it as well but no luck. Shall I continue with the other steps in your previous post?

OCD · Jul 26, 2014

Hi Holsten87,

Yes, please do. :bigthumb:

Holsten87 · Jul 27, 2014

Hi OCD,

I've run the scans and have noticed an increase in speed on Mozilla which is nice. Here are the logs:

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by Holly Chapman at 2014-07-27 11:40:26 Run:1
Running from C:\Users\Holly Chapman\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************

HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Run: [uTorrent] => C:\Users\Holly Chapman\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-21] (BitTorrent Inc.)
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Run: [SearchProtection] => C:\Users\Holly Chapman\AppData\Roaming\Search Protection\SearchProtection.EXE [873832 2014-07-17] (Spigot, Inc.)
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - {C0197584-7E91-4454-8177-07E01E8098A6} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4d4acdad&v=6.11.25.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKCU - {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL}
SearchScopes: HKCU - {E72EEF90-4393-4B8E-9DCF-9FDFDB659A30} URL = http://internetsearchservice.com/search?q={searchTerms}
BHO: No Name -> {A3BC75A2-1F87-4686-AA43-5347D756017C} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: No Name -> {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} -> No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MBAEA6744-D857-4CE3-8A2A-712EF60CAE3F&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP7D9A60B4-EE90-48AB-ABC1-F7FAB62519F6
FF Extension: 2YourFace - C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\profiles\extensions\support@2yourface.com [2011-08-15]
CHR Extension: (AVG Safe Search) - C:\Users\Holly Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-07-10]
*****************

HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key deleted successfully.
"HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0197584-7E91-4454-8177-07E01E8098A6}" => Key deleted successfully.
"HKCR\CLSID\{C0197584-7E91-4454-8177-07E01E8098A6}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key deleted successfully.
"HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}" => Key deleted successfully.
"HKCR\CLSID\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E72EEF90-4393-4B8E-9DCF-9FDFDB659A30}" => Key deleted successfully.
"HKCR\CLSID\{E72EEF90-4393-4B8E-9DCF-9FDFDB659A30}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}" => Key deleted successfully.
"HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}" => Key deleted successfully.
"HKCR\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
"HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
"HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
"HKCR\PROTOCOLS\Handler\avgsecuritytoolbar" => Key deleted successfully.
"HKCR\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}" => Key not found.
Firefox newtab deleted successfully.
C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\profiles\extensions\support@2yourface.com => Moved successfully.
C:\Users\Holly Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla => Moved successfully.

==== End of Fixlog ====

ADW Cleaner:

# AdwCleaner v3.216 - Report created 27/07/2014 at 11:53:12
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Holly Chapman - THE-BEAST
# Running from : C:\Users\Holly Chapman\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Widestream6
Folder Deleted : C:\Program Files\002
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Softonic
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Program Files\widestream
Folder Deleted : C:\Program Files\Widestream6
Folder Deleted : C:\Program Files\uTorrentBar
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
[x] Not Deleted : C:\Users\Holly Chapman\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Holly Chapman\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Holly Chapman\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Holly Chapman\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Holly Chapman\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Holly Chapman\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\OfferBox
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\widestream
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Windows Net Data
Folder Deleted : C:\Users\Holly Chapman\Documents\Mobogenie
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\Conduit
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\ConduitCommon
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\WinampToolbarData
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\staged\EFGLQA@78ETGYN-0W7FN789T87.COM
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\vniiz455.default-1362613817493\Extensions\staged\EFGLQA@78ETGYN-0W7FN789T87.COM
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\support@2yourface.com
Folder Deleted : C:\Users\Holly Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Folder Deleted : C:\Users\Holly Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
File Deleted : C:\Users\Holly Chapman\daemonprocess.txt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\searchplugins\softonic.xml
File Deleted : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\user.js
File Deleted : C:\Windows\Tasks\driverscanner.job
File Deleted : C:\Windows\System32\Tasks\driverscanner

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lmblfngognklgemafekefcdjcnkdhmdm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9A5EA02-0D05-4380-B418-912FAF380D8E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9A5EA02-0D05-4380-B418-912FAF380D8E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DriverScanner]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp435@crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423E-A425-0370799166FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90B1E92A-ED89-4748-930C-CDF66EA0238A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Offerbox
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\WideStream
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\WideStream
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835525BE-63BD-4EC4-9425-00CEAD4849C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossrider
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{835525BE-63BD-4EC4-9425-00CEAD4849C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Crossrider
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VIS
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48A0552292E14244E8F3980FD3D01541
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\503398D5204CBDD48A5EE476D0CFCFEC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BDF578D2C71DDC4997692F83B0A5C75
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67909B00FA069BE4E80548738FE558FB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\698B1BCDAEA97B945AE4001A96F1E755
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E6611210321F8640B41F98B10A8BD0A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ADFBDCA3E069A47B07ECC2CED1E2B2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9ED6CAB2F119182EB7D8CE7156DC0915
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3D6A80A87E22324A91C14AEBDF78525
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B2F30BE10C5A9DD43A593262265CA298
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB525538DB364CE4495200ECDA84942C
Key Deleted : HKLM\Software\Classes\Installer\Features\EB525538DB364CE4495200ECDA84942C
Key Deleted : HKLM\Software\Classes\Installer\Products\EB525538DB364CE4495200ECDA84942C

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18470

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v18.0 (en-US)

[ File : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\prefs.js ]

Line Deleted : user_pref("extensions.Softonic.admin", false);
Line Deleted : user_pref("extensions.Softonic.aflt", "SD");
Line Deleted : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Line Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Line Deleted : user_pref("extensions.Softonic.dfltLng", "");
Line Deleted : user_pref("extensions.Softonic.dfltSrch", true);
Line Deleted : user_pref("extensions.Softonic.dnsErr", true);
Line Deleted : user_pref("extensions.Softonic.excTlbr", false);
Line Deleted : user_pref("extensions.Softonic.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.Softonic.hmpg", true);
Line Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00002/tb_v1?SearchSource=13&cc=&mi=74965616000000000000001cbf915686&toi=16085");
Line Deleted : user_pref("extensions.Softonic.hpOld0", "hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB

fficial");
Line Deleted : user_pref("extensions.Softonic.id", "74965616000000000000001cbf915686");
Line Deleted : user_pref("extensions.Softonic.instlDay", "16085");
Line Deleted : user_pref("extensions.Softonic.instlRef", "MOY00002");
Line Deleted : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00002/tb_v1?SearchSource=2&cc=&mi=74965616000000000000001cbf915686&toi=16085&q=");
Line Deleted : user_pref("extensions.Softonic.newTab", true);
Line Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00002/tb_v1/?SearchSource=15&cc=&mi=74965616000000000000001cbf915686&toi=16085");
Line Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Line Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Line Deleted : user_pref("extensions.Softonic.rvrt", "false");
Line Deleted : user_pref("extensions.Softonic.smplGrp", "none");
Line Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Line Deleted : user_pref("extensions.Softonic.tlbrId", "2013desingbrand");
Line Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00002/tb_v1?SearchSource=1&cc=&mi=74965616000000000000001cbf915686&toi=16085&q=");
Line Deleted : user_pref("extensions.Softonic.vrsn", "1.8.29.3");
Line Deleted : user_pref("extensions.Softonic.vrsnTs", "1.8.29.320:41:43");
Line Deleted : user_pref("extensions.Softonic.vrsni", "1.8.29.3");

[ File : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

[ File : C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\vniiz455.default-1362613817493\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Holly Chapman\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.softonic.com/MOY00002/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=74965616000000000000001cbf915686&toi=16085
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [19368 octets] - [27/07/2014 11:51:03]
AdwCleaner[S0].txt - [19199 octets] - [27/07/2014 11:53:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19260 octets] ##########

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Holly Chapman on 27/07/2014 at 12:01:07.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\veohplugin

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\codeccheck"
Successfully deleted: [Folder] "C:\Users\Holly Chapman\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files\crossriderwebapps"

~~~ FireFox

Emptied folder: C:\Users\Holly Chapman\AppData\Roaming\mozilla\firefox\profiles\7lqvfta1.default\minidumps [213 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/07/2014 at 12:03:41.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Holly Chapman (administrator) on THE-BEAST on 27-07-2014 12:05:26
Running from C:\Users\Holly Chapman\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgscanx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Policies\system: [HideLogoffScripts] 0
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Policies\system: [RunStartupScriptSync] 0
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\Policies\system: [HideStartupScripts] 0
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\MountPoints2: {1e30d2f0-96c3-11dd-83db-001e4cdc4ef0} - F:\setupSNK.exe
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\MountPoints2: {bea08218-13f7-11df-a7dd-001e4cdc4ef0} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\MountPoints2: {c03f2a25-14b1-11df-bab4-001e4cdc4ef0} - wd_windows_tools\setup.exe
HKU\S-1-5-21-1025113376-2626304966-3518894149-1000\...\MountPoints2: {cbf9d7f6-b1bb-11dd-9902-001e4cdc4ef0} - F:\setupSNK.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\Holly Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.search.yahoo.com/?type=282369&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2080117
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2080117
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {FD36FFE4-BFE5-485E-8954-BF293DDC790E} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default
FF Keyword.URL: https://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @veoh.com/VeohTVPlugin - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF Plugin: @veoh.com/VeohWebPlayer - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\searchplugins\yahoo_ff.xml
FF Extension: No Name - C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2011-08-15]
FF Extension: No Name - C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-07-21]
FF Extension: Zotero Word for Windows Integration - C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\Extensions\zoteroWinWordIntegration@zotero.org [2014-04-30]
FF Extension: Ghostery - C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: MEGA - C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\Extensions\firefox@mega.co.nz.xpi [2013-12-29]
FF Extension: Zotero - C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\Extensions\zotero@chnm.gmu.edu.xpi [2013-08-12]
FF Extension: Adblock Plus - C:\Users\Holly Chapman\AppData\Roaming\Mozilla\Firefox\Profiles\7lqvfta1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-06]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru [2013-11-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-07]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-04]
FF HKCU\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008-11-26]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: http://search.softonic.com/MOY00002/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=74965616000000000000001cbf915686&toi=16085
CHR Extension: (Codec-V) - C:\Users\Holly Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2012-03-24]
CHR Extension: (DivX Plus Web Player HTML5 video) - C:\Users\Holly Chapman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-01-24]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395200 2012-10-19] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [779200 2012-10-15] (Eastman Kodak Company)
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [28624 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-03-18] (EldoS Corporation)
R3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [52656 2009-09-28] ()
S3 OXUDIDRV; C:\Windows\system32\Drivers\OXUDIDRV_X32.sys [24880 2010-05-25] ()
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-03-18] (Raxco Software, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 uafilter; System32\DRIVERS\uafilter.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 12:03 - 2014-07-27 12:03 - 00001125 _____ () C:\Users\Holly Chapman\Desktop\JRT.txt
2014-07-27 12:01 - 2014-07-27 12:01 - 00000000 ____D () C:\Windows\ERUNT
2014-07-27 11:58 - 2014-07-27 11:59 - 01016261 _____ (Thisisu) C:\Users\Holly Chapman\Downloads\JRT.exe
2014-07-27 11:56 - 2014-07-27 11:56 - 00019341 _____ () C:\Users\Holly Chapman\Desktop\AdwCleaner[S0].txt
2014-07-27 11:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-27 11:50 - 2014-07-27 11:53 - 00000000 ____D () C:\AdwCleaner
2014-07-27 11:50 - 2014-07-27 11:50 - 01354223 _____ () C:\Users\Holly Chapman\Downloads\AdwCleaner.exe
2014-07-27 11:39 - 2014-07-27 11:39 - 00000000 ____D () C:\Users\Holly Chapman\Desktop\FRST-OlderVersion
2014-07-24 19:01 - 2014-07-24 19:01 - 04161313 _____ () C:\Users\Holly Chapman\Downloads\tdsskiller.zip
2014-07-24 19:01 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Holly Chapman\Desktop\TDSSKiller.exe
2014-07-23 22:16 - 2014-07-27 12:05 - 00018642 _____ () C:\Users\Holly Chapman\Desktop\FRST.txt
2014-07-23 22:14 - 2014-07-27 11:39 - 01084416 _____ (Farbar) C:\Users\Holly Chapman\Desktop\FRST.exe
2014-07-22 21:17 - 2014-07-22 21:17 - 00854390 _____ () C:\Users\Holly Chapman\Downloads\SecurityCheck.exe
2014-07-22 17:39 - 2014-07-22 18:00 - 00000000 ____D () C:\Windows\pss
2014-07-20 16:32 - 2014-07-20 16:38 - 365230920 _____ (Microsoft Corporation) C:\Users\Holly Chapman\Downloads\Windows6.0-KB948465-X86.exe
2014-07-15 17:21 - 2014-07-15 17:21 - 00000000 ____D () C:\ProgramData\Auslogics
2014-07-15 17:20 - 2014-07-15 17:20 - 00000924 _____ () C:\Users\Holly Chapman\Desktop\Auslogics DiskDefrag.lnk
2014-07-15 17:20 - 2014-07-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-07-15 17:20 - 2014-07-15 17:20 - 00000000 ____D () C:\Program Files\Auslogics
2014-07-06 10:38 - 2014-07-06 10:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THE-BEAST--(32-bit).dat
2014-07-06 10:36 - 2014-07-06 10:36 - 00000000 ____D () C:\RegBackup
2014-07-06 10:34 - 2014-07-12 13:15 - 00001914 _____ () C:\Users\Holly Chapman\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-06 10:34 - 2014-07-06 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-06 10:33 - 2014-07-06 10:33 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-06-28 20:39 - 2014-06-28 20:43 - 00000000 ____D () C:\b8b2c6ec9b2f9a90d7
2014-06-27 19:50 - 2014-07-27 12:05 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 12:06 - 2014-07-23 22:16 - 00018642 _____ () C:\Users\Holly Chapman\Desktop\FRST.txt
2014-07-27 12:05 - 2014-06-27 19:50 - 00000000 ____D () C:\FRST
2014-07-27 12:03 - 2014-07-27 12:03 - 00001125 _____ () C:\Users\Holly Chapman\Desktop\JRT.txt
2014-07-27 12:02 - 2008-01-16 23:18 - 01851550 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 12:01 - 2014-07-27 12:01 - 00000000 ____D () C:\Windows\ERUNT
2014-07-27 11:59 - 2014-07-27 11:58 - 01016261 _____ (Thisisu) C:\Users\Holly Chapman\Downloads\JRT.exe
2014-07-27 11:56 - 2014-07-27 11:56 - 00019341 _____ () C:\Users\Holly Chapman\Desktop\AdwCleaner[S0].txt
2014-07-27 11:55 - 2013-01-16 18:12 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-27 11:55 - 2008-01-16 23:54 - 00144048 _____ () C:\Windows\PFRO.log
2014-07-27 11:55 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 11:55 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 11:55 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 11:55 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-27 11:54 - 2008-01-16 23:19 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-27 11:54 - 2006-11-02 14:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-27 11:53 - 2014-07-27 11:50 - 00000000 ____D () C:\AdwCleaner
2014-07-27 11:53 - 2008-01-21 12:31 - 00000000 ____D () C:\Users\Holly Chapman
2014-07-27 11:50 - 2014-07-27 11:50 - 01354223 _____ () C:\Users\Holly Chapman\Downloads\AdwCleaner.exe
2014-07-27 11:39 - 2014-07-27 11:39 - 00000000 ____D () C:\Users\Holly Chapman\Desktop\FRST-OlderVersion
2014-07-27 11:39 - 2014-07-23 22:14 - 01084416 _____ (Farbar) C:\Users\Holly Chapman\Desktop\FRST.exe
2014-07-27 11:34 - 2013-08-04 19:42 - 00000000 ____D () C:\Users\Holly Chapman\AppData\Roaming\uTorrent
2014-07-27 11:32 - 2012-04-30 19:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-27 11:32 - 2011-02-03 16:40 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-07-24 22:35 - 2009-03-16 21:42 - 00000000 ____D () C:\Users\Holly Chapman\AppData\Roaming\vlc
2014-07-24 19:01 - 2014-07-24 19:01 - 04161313 _____ () C:\Users\Holly Chapman\Downloads\tdsskiller.zip
2014-07-23 16:58 - 2012-04-26 19:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-22 22:36 - 2013-11-07 11:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-22 21:17 - 2014-07-22 21:17 - 00854390 _____ () C:\Users\Holly Chapman\Downloads\SecurityCheck.exe
2014-07-22 18:00 - 2014-07-22 17:39 - 00000000 ____D () C:\Windows\pss
2014-07-21 18:13 - 2013-09-05 14:21 - 00000788 _____ () C:\Users\Holly Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-20 17:53 - 2010-12-04 12:27 - 00000490 ____H () C:\Windows\Tasks\Norton Security Scan for Holly Chapman.job
2014-07-20 16:38 - 2014-07-20 16:32 - 365230920 _____ (Microsoft Corporation) C:\Users\Holly Chapman\Downloads\Windows6.0-KB948465-X86.exe
2014-07-20 16:33 - 2013-10-26 18:06 - 00000000 ____D () C:\Users\Holly Chapman\Desktop\Philosophy
2014-07-15 17:21 - 2014-07-15 17:21 - 00000000 ____D () C:\ProgramData\Auslogics
2014-07-15 17:20 - 2014-07-15 17:20 - 00000924 _____ () C:\Users\Holly Chapman\Desktop\Auslogics DiskDefrag.lnk
2014-07-15 17:20 - 2014-07-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-07-15 17:20 - 2014-07-15 17:20 - 00000000 ____D () C:\Program Files\Auslogics
2014-07-12 14:09 - 2011-01-07 14:02 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-12 13:15 - 2014-07-06 10:34 - 00001914 _____ () C:\Users\Holly Chapman\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-10 16:31 - 2012-04-30 19:04 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-10 16:31 - 2011-12-13 19:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-10 16:05 - 2008-01-21 12:40 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-10 12:38 - 2014-07-24 19:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Holly Chapman\Desktop\TDSSKiller.exe
2014-07-07 19:31 - 2006-11-02 11:23 - 00000240 _____ () C:\Windows\win.ini
2014-07-07 19:28 - 2013-02-18 21:07 - 00000000 ___RD () C:\Program Files\Skype
2014-07-07 19:28 - 2013-02-18 21:07 - 00000000 ____D () C:\ProgramData\Skype
2014-07-07 19:23 - 2006-11-02 13:42 - 00000000 ____D () C:\Windows\WindowsMobile
2014-07-06 18:59 - 2011-06-29 19:30 - 00000000 ____D () C:\a29765fcbd92a1918a2ed2
2014-07-06 12:44 - 2008-01-21 12:32 - 00085416 _____ () C:\Users\Holly Chapman\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-06 11:17 - 2006-11-02 13:47 - 00332584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-06 11:08 - 2006-11-02 11:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-06 10:38 - 2014-07-06 10:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THE-BEAST--(32-bit).dat
2014-07-06 10:36 - 2014-07-06 10:36 - 00000000 ____D () C:\RegBackup
2014-07-06 10:34 - 2014-07-06 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-06 10:33 - 2014-07-06 10:33 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-06-28 20:43 - 2014-06-28 20:39 - 00000000 ____D () C:\b8b2c6ec9b2f9a90d7

Some content of TEMP:
====================
C:\Users\Holly Chapman\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-27 12:03

==================== End Of Log ============================

OCD · Jul 27, 2014

Hi Holsten87,

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:

CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: http://search.softonic.com/MOY00002/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=74965616000000000000001cbf915686&toi=16085
2014-07-27 11:34 - 2013-08-04 19:42 - 00000000 ____D () C:\Users\Holly Chapman\AppData\Roaming\uTorrent
2014-07-21 18:13 - 2013-09-05 14:21 - 00000788 _____ () C:\Users\Holly Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

Fixlog.txt

How is the computer running, any remaining issues?

Holsten87 · Jul 28, 2014

Hi OCD,

Here's the FRST log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by Holly Chapman at 2014-07-28 18:41:37 Run:2
Running from C:\Users\Holly Chapman\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: http://search.softonic.com/MOY00002/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=74965616000000000000001cbf915686&toi=16085
2014-07-27 11:34 - 2013-08-04 19:42 - 00000000 ____D () C:\Users\Holly Chapman\AppData\Roaming\uTorrent
2014-07-21 18:13 - 2013-09-05 14:21 - 00000788 _____ () C:\Users\Holly Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
*****************

CHR DefaultSearchProvider: Search the web (Softonic) ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.softonic.com/MOY00002/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=74965616000000000000001cbf915686&toi=16085 ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Holly Chapman\AppData\Roaming\uTorrent => Moved successfully.
C:\Users\Holly Chapman\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk => Moved successfully.

==== End of Fixlog ====

My laptop is functioning fine, AVG hasn't found any viruses since the 14th, so I'm hoping its sorted, but not sure, just as this virus popped up on one scan, wasn't fixed and then didn't appear on the next one which is odd. But if you are confident that the steps I've done now would have solved the issue then I'm happy.

OCD · Jul 28, 2014

Hi Holsten87,

After you complete this next step, if you are satisfied with the way your computer is performing we will do a little housekeeping and send you on your way.

Set your default search engine in Chrome

Click the Chrome menu

on the browser toolbar.
Select Settings
In the "Search" section, select the search engine you want to use from the menu. If the search engine you want to use doesn't appear in the menu, click Manage search engines.
In the Search Engines dialog that appears, select the search engine that you'd like to use from the list.
Click the Make Default button that appears in the row.

If the search engine you want to use isn't on this list, you can first add it as a new search engine option.

If the "Make Default" button doesn't appear for the search engine you've selected, you may need to edit its URL.

Holsten87 · Jul 31, 2014

Hi OCD,

I don't use Chrome, just Mozilla. My default is google and I'm happy with that.

OCD · Jul 31, 2014

Hi Holsten87,

I don't use Chrome, just Mozilla. My default is google and I'm happy with that.

Even though you don't use Google Chrome those entries are still there and should be changed.

Google Chrome is a browser
Mozilla Firefox is also a browser
Google is a search engine

It is your option to make the outlined changes (or not), I just thought I would clarify the point.

Let me know when you are ready to proceed.

Holsten87 · Aug 1, 2014

Hi OCD,

I'm happy to make any changes you suggest but I don't have Chrome installed, so I'm unsure as to where these entries are coming from. I've searched through add/remove programs to be sure and it doesn't appear on my list.

I have opened 'Manage Search Engines' on Mozilla (from the drop down list to the left of the search field) and have selected Google and deleted all other search engine options. I could not find a 'set default' option here and also looked for it in tools->options and I have not found it.

Please let me know if there is anything else I should try.

OCD · Aug 2, 2014

Hi Holsten87,

I don't have Chrome installed

OK. If it's not installed then we can't make changes to it's setting, so we can continue. :bigthumb:
And your Mozilla sounds like it's set properly.

=========================

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select Scan tab.
Select type of scan to perform:
- Threat Scan < --- Select this type of scan
- Custom Scan
- Hyper Scan
Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

In your next post please provide the following:

MBAM log

ESET's log.txt

How's the computer running, any symptoms?

OCD · Aug 4, 2014

Hi Holsten87,

Just checking in to see if you still need help?

OCD · Aug 8, 2014

This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.

If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.
------------------------------------------------

Admin Edit
Page six. Thank you OCD.

Trojan horse FakeAV unable to be deleted by AVG 2011 Free Edition

OCD

Malware Team-Emeritus

Holsten87

New member

OCD

Malware Team-Emeritus

Holsten87

New member

OCD

Malware Team-Emeritus

Holsten87

New member

OCD

Malware Team-Emeritus

Holsten87

New member

OCD

Malware Team-Emeritus

Holsten87

New member

OCD

Malware Team-Emeritus

OCD

Malware Team-Emeritus

OCD

Malware Team-Emeritus