Yup. And logs looks much better too.
Download the ESET services repair tool, extract the file to your desktop.
[*]Double-click ServicesRepair.exe.
[*]If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
[*]Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
[*]A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.
- Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
FF Extension: XUL Cache - C:\Users\Jeff O\AppData\Roaming\Mozilla\Firefox\Profiles\ktwk1gpn.default\Extensions\{a335954b-a0f3-48e4-8124-c4101e1a4620}
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
FF HKCU\...\Firefox\Extensions: [lrcspal@xinghao.net] C:\Program Files (x86)\XingHaoLyrics\FF\
CHR HomePage: hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={BD7A7CB7-DDFB-11E2-BC3A-00269E4F2605}
CHR RestoreOnStartup: "hxxp://start.sweetpacks.com/?barid={BD7A7CB7-DDFB-11E2-BC3A-00269E4F2605}&src=10&crg=3.5000006.10043&st=23", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Bing) - http://start.sweetpacks.com?src=6&q={searchTerms}&barid={BD7A7CB7-DDFB-11E2-BC3A-00269E4F2605}&crg=3.5000006.10043&st=23
CMD: netsh winsock reset
CMD: ipconfig /flush dns
File: C:\Users\Jeff O\Downloads\setup.exe
Folder: C:\Windows\SysWOW64\jmdp
C:\Users\Jeff O\AppData\Roaming\Mozilla\Firefox\Profiles\ktwk1gpn.default\Extensions\{a335954b-a0f3-48e4-8124-c4101e1a4620}
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\XingHaoLyrics
End
-
Save notepad as fixlist.txt
NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
-
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Re-run FRST;
[*]Type Services.exe into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt
[*]Exit FRST and attach here Search.txt logreport please.
- System re-check:
Please download zoek.exe and save it to your desktop.
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
firefoxlook;
chromelook;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
- AntiRootkit tool:
Download TDSSKiller and save it to your desktop
Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]
Please post the contents of that log in your next reply.