1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
START
Task: {DC077140-FBE0-453F-975A-645A41397987} - System32\Tasks\TopArcadeHits => C:\Users\Carlton\AppData\Local\TopArcadeHits\updater.exe [2013-08-19] ()
C:\Users\Carlton\AppData\Local\TopArcadeHits
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\WebConnect
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135672 2013-06-07] (PC Utilities Pro)
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=8607c61b-6b19-11e2-9c16-bc5ff4490e14&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=8607c61b-6b19-11e2-9c16-bc5ff4490e14&q={searchTerms}
BHO-x32: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files (x86)\WebConnect\WebConnectbho.dll (Web Connect)
BHO-x32: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Carlton\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
C:\Program Files (x86)\PricePeep
CHR HomePage: hxxp://search.babylon.com/?affID=121845&babsrc=HP_ss_sps&mntrId=D27BBC5FF4490E14
CHR RestoreOnStartup: "hxxp://search.babylon.com/?affID=121845&babsrc=HP_ss_din2g&mntrId=D27BBC5FF4490E14", "hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=D27BBC5FF4490E14"
CHR Extension: () - C:\Users\Carlton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
C:\Users\Carlton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
CHR Extension: (MagniPic) - C:\Users\Carlton\AppData\Local\Google\Chrome\User Data\Default\Extensions\iambhhlobalofpohkppnnjhbmcakilpb\1
CHR Extension: (WebConnect) - C:\Users\Carlton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_0
C:\Users\Carlton\AppData\Local\Google\Chrome\User Data\Default\Extensions\iambhhlobalofpohkppnnjhbmcakilpb
C:\Users\Carlton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
CHR Extension: (PricePeep) - C:\Users\Carlton\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0
C:\Users\Carlton\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
CHR HKLM-x32\...\Chrome\Extension: [ieakfmpjhljbpbfpldjkddkjmmgjmgon] - C:\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx
C:\Program Files (x86)\WebConnect
R2 Update WK; C:\Program Files (x86)\WebConnect\updateWebConnect.exe [199976 2013-08-17] ()
C:\Windows\System32\Tasks\TopArcadeHits
C:\Windows\Tasks\TopArcadeHits.job
C:\Users\Carlton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
C:\Users\Carlton\AppData\Local\TopArcadeHits
CMD: netsh winsock reset
CMD: ipconfig /flushdns
END
2. Save notepad as
fixlist.txtNOTE. It's important that both files,
FRST and
fixlist.txt are in the same location or the fix will not work.
3. Run
FRST/FRST64 and press the
Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
============ next =============1. Please download
ComboFix from here and save it to your
Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.--------------------------------------------------------------------
2. Temporarily disable your
AntiVirus program.
If you are unsure how to do this please read this or this Instruction.Instructions how to disable avast:- Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
- In the window that opens on the top right corner, click Settings.
- In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
- => Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
- In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note:
Do not forget to turn on this option after the cleaning.--------------------------------------------------------------------
3. Run
ComboFix. Click on
I Agree!ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\
ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.