Yup. And logs looks much better too.

Download the ESET services repair tool, extract the file to your desktop.

[*]Double-click ServicesRepair.exe.
[*]If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
[*]Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
[*]A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.

  • THEN
  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Start
FF Extension: XUL Cache - C:\Users\Jeff O\AppData\Roaming\Mozilla\Firefox\Profiles\ktwk1gpn.default\Extensions\{a335954b-a0f3-48e4-8124-c4101e1a4620}
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
FF HKCU\...\Firefox\Extensions: [lrcspal@xinghao.net] C:\Program Files (x86)\XingHaoLyrics\FF\
CHR HomePage: hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={BD7A7CB7-DDFB-11E2-BC3A-00269E4F2605}
CHR RestoreOnStartup: "hxxp://start.sweetpacks.com/?barid={BD7A7CB7-DDFB-11E2-BC3A-00269E4F2605}&src=10&crg=3.5000006.10043&st=23", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Bing) - http://start.sweetpacks.com?src=6&q={searchTerms}&barid={BD7A7CB7-DDFB-11E2-BC3A-00269E4F2605}&crg=3.5000006.10043&st=23
CMD: netsh winsock reset
CMD: ipconfig /flush dns
File: C:\Users\Jeff O\Downloads\setup.exe
Folder: C:\Windows\SysWOW64\jmdp
C:\Users\Jeff O\AppData\Roaming\Mozilla\Firefox\Profiles\ktwk1gpn.default\Extensions\{a335954b-a0f3-48e4-8124-c4101e1a4620}
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\XingHaoLyrics
End

  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

  • THEN

Re-run FRST;

[*]Type Services.exe into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt
[*]Exit FRST and attach here Search.txt logreport please.

  • THEN
  1. System re-check:

Please download zoek.exe and save it to your desktop.

[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:



filesrcm;
startupall;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
firefoxlook;
chromelook;


[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log

  1. AntiRootkit tool:

Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.