Uninstall:
IB Updater 2.0.0.574
Adobe Reader X (10.1.7) (Obsolete. Should be 11. something. Get newest Reader from Adobe.com. Uncheck the foistware such as the Ask toolbar or McAfee Security Scan before the download.)
AVG SafeGuard toolbar
Norton PC Checkup (foistware -usually comes with Adobe Flash updates) See:http://www.thewindowsclub.com/trust-norton-pc-checkup-tool
Safe Saver (Adware)
IB Updater Service
Run AdWare Cleaner:
Download the
adwCleaner- Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the Delete option - When the scan completes, it will open a notepad windows.
- Please, copy the content of this file in your next reply.
Run Junkware Removal Tool:
Download the
adwCleanerClose all Browsers and Pause your anti-virus.
- Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the Delete option - When the scan completes, it will open a notepad windows.
- Please, copy the content of this file in your next reply.
http://imageshack.us.../thisisujrt.gif Please download Junkware Removal Tool to your desktop.
Close all Browsers and Pause your anti-virus.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Copy the text in the code box by highlighting and Ctrl + c
:Commands
CREATERESTOREPOINT
:OTL
SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe -- (MyFunCards_5mService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SUPERU~1\LOCALS~1\Temp\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm458YYus&ptnrS=ZUxdm458YYus&si=CP3FwLfF_q8CFQ5rhwodgBPSSg&ptb=98DA856D-7C4F-4974-8F0A-5F2FECC621ED&ind=2013072206&n=77fd0b4e&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\URLSearchHook: {f4c28532-b9d0-4950-a2df-e83f9929242b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110014&tt=050412_30b&babsrc=SP_ss&mntrId=5470cdc3000000000000f8d11114b2c5
IE - HKCU\..\SearchScopes\{23CD4AE4-AA53-4234-A599-DCAFD1077EDD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9SE&pc=BIE9&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A1F4AD43-2BEC-4B23-B795-B2B3DEEBAABE}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247201
IE - HKCU\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm458YYus&ptnrS=ZUxdm458YYus&si=CP3FwLfF_q8CFQ5rhwodgBPSSg&ptb=98DA856D-7C4F-4974-8F0A-5F2FECC621ED&ind=2013072206&n=77fd0b4e&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268934&CUI=UN41109532603224965
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb203?a=6PQOKjonX5&search={searchTerms}&i=26
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={9AFEEC1B-9AB8-4F9C-8C9F-8201E8CCC8FD}&mid=741f111a24c747d3acd3d1589e300f4a-e9c96cc6f7aa219ee07b87199a7d6de3bd0067fc&lang=en&ds=AVG&pr=pr&d=2013-08-07 03:29:57&v=15.4.0.5&pid=safeguard&sg=0&sap=hp"
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@MyFunCards_5m.com/Plugin: C:\Program Files\MyFunCards_5m\bar\1.bin\NP5mStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5mffxtbr@MyFunCards_5m.com: C:\Program Files\MyFunCards_5m\bar\1.bin [2013/08/04 16:13:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/08/07 03:30:02 | 000,000,000 | ---D | M]
[2013/08/01 17:17:04 | 000,000,000 | ---D | M] ("Safe Saver") -- C:\Documents and Settings\SuperUser\Application Data\Mozilla\Firefox\Profiles\qoxpyhtf.default-1375402388921\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com
[2013/08/01 17:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SuperUser\Application Data\Mozilla\Firefox\Profiles\qoxpyhtf.default-1375402388921\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\extensionCode
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (no name) - {c4b22c87-45ef-4f43-89f2-40db2078864e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4 - HKLM..\Run: [MyFunCards Search Scope Monitor] C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [MyFunCards_5m Browser Plugin Loader] C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [DriverHub] C:\Program Files\DriverHub\DriverHub.exe (DriverHub)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\SuperUser\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
[2013/07/25 05:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SuperUser\Application Data\SpeedyPC Software
[2013/07/25 05:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2013/07/25 04:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2013/07/22 18:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SuperUser\Application Data\AVG
[2013/07/22 05:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SuperUser\Application Data\DriverCure
[2013/07/22 05:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SuperUser\Application Data\ParetoLogic
[2013/07/22 05:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/07/22 04:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SuperUser\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/07/22 04:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SuperUser\Application Data\TuneUp Software
[2013/07/22 04:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SuperUser\Application Data\AVG SafeGuard toolbar
[2013/07/22 04:03:15 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/07/22 04:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/07/22 04:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/07/22 03:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SuperUser\Application Data\Incredibar.com
[2013/07/22 03:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Free Download Manager
[2013/07/21 22:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2013/07/21 21:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2013/08/07 03:30:04 | 000,003,723 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/07 03:29:44 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/08/07 03:04:53 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Pro.job
[2013/08/06 19:04:01 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-527237240-682003330-1003Core.job
[2013/07/25 04:11:35 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Pro.job
[2013/07/22 04:02:57 | 000,003,723 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
:files
C:\Program Files\Common Files\AVG Secure Search
C:\Program Files\AVG SafeGuard toolbar
C:\Program Files\MyFunCards_5m
C:\Program Files\AVG
sc delete vToolbarUpdater15.4.0 /c
sc delete avgtp /c
:Commands
[EMPTYTEMP]
[purity]
[Reboot]
then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
Reboot.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exeand save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Run OTL
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
You should probably run speedyfox again as we have made changes to Firefox.
Could you open the boot log again and copy and paste it?