Hi you also have Norton installed and running, so if you are keeping Avast this will need to be removed
Norton removal tool can be found here
https://support.norton.com/sp/en/uk/home/current/solutions/kb20080710133834EN_EndUserProfile_en_usWarning This fix is only relevant for this system and no other, using on another computer may cause problems Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[CREATERESTOREPOINT]
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=150&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=150&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2680659631-4092460083-4132615119-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-2680659631-4092460083-4132615119-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=150&systemid=406&sr=0&q={searchTerms}
[2013/12/08 23:56:29 | 000,003,725 | ---- | M] () -- C:\Users\Jeanbird\AppData\Roaming\Mozilla\Firefox\Profiles\0lj36wlj.default\searchplugins\safeguard-secure-search.xml
[2011/10/14 12:45:22 | 000,002,469 | ---- | M] () -- C:\Users\Jeanbird\AppData\Roaming\Mozilla\Firefox\Profiles\0lj36wlj.default\searchplugins\safesearch.xml
[2012/07/18 17:27:26 | 000,002,519 | ---- | M] () -- C:\Users\Jeanbird\AppData\Roaming\Mozilla\Firefox\Profiles\0lj36wlj.default\searchplugins\Search_Results.xml
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2014/01/11 12:04:55 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012/07/18 17:27:26 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKU\S-1-5-21-2680659631-4092460083-4132615119-1002..\Run: [YahooPartnerToolbar Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
[2014/03/13 19:35:14 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\ewwsq.hub
[2014/03/11 23:13:26 | 000,000,000 | --S- | M] () -- C:\Windows\SysNative\jwxe.pzf
[2014/03/10 22:08:49 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\u
[2014/03/10 22:07:21 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\kvgrdw.gyc
[2014/03/10 22:07:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\otut.xoo
[2014/03/10 21:51:36 | 000,230,284 | --S- | C] () -- C:\Windows\SysNative\agop.iui
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THENPlease download
Malwarebytes AntiRootkit and save it to your desktop.
Full instructions how to use MBAR Please note: This is a beta version so please be sure to read the disclaimer and note of it.• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...
• Click on Next > then on Update button to download fresh definitions.
• When database updates click Next
• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"
• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.
• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
>> Please attach the two following logs from the mbar folder:
system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.
FINALLYPlease download
AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
