Open Notepad. Inside Notepad paste the highlighted text below
start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2294209149-3407582263-2661049725-1001\$15da2196a821ebda03249fdef95d7253\o. ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [ROC_ROC_NT] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [x]
AppInit_DLLs-x32: c:\progra~2\contin~1\sprote~1.dll [97280 2009-07-13] ()
SearchScopes: HKCU - {5510EFCC-BCB8-4649-89A2-39E9BAFF93A8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN23162986582385297&UM=2
BHO-x32: Shopping Sidekick - {11111111-1111-1111-1111-110011501158} - C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll No File
BHO-x32: Safe Saver - {11111111-1111-1111-1111-110311321154} - C:\Program Files (x86)\Safe Saver\Safe Saver-bho.dll No File
BHO-x32: coiNttinueetosavoe - {9EA40422-A01A-2ED9-0188-E7AA52A6BB36} - C:\ProgramData\coiNttinueetosavoe\518488e6cd950.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
CHR HomePage: http:\/\/www.safesearch.net\/?utm_medium=ch&utm_campaign=52&utm_source=sm&utm_content=1&utm_term=1516EA45B4F4436B
CHR RestoreOnStartup: "urls_to_restore_on_startup":[
CHR DefaultSearchURL: ( "name":"Delta Search",) - "search_url":"http:\/\/www1.delta-search.com\/?q={searchTerms}&babsrc=SP_ss&mntrId=10F7C018859E0CDD&affID=119360&tsp=4966",
CHR DefaultSuggestURL: ( "name":"Delta Search",) - "suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}"
CHR Plugin: ( "name":"Remoting Viewer",) - "path":"internal-remoting-viewer",
CHR Extension: (Session Buddy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\user\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx
CHR HKLM-x32\...\Chrome\Extension: [nllafhekklanfkimibokomlmidmcmaoi] - C:\Users\user\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx
2013-08-06 09:07 - 2013-08-06 09:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Babylon
2013-08-06 09:07 - 2013-08-06 09:07 - 00000000 ____D C:\ProgramData\Babylon
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253\@
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253\U\00000001.@
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253\U\80000000.@
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253\U\800000cb.@
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253\@
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253\U\00000001.@
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253\U\80000000.@
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253\U\800000cb.@
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2294209149-3407582263-2661049725-1001\$15da2196a821ebda03249fdef95d7253
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$15da2196a821ebda03249fdef95d7253
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
end
Click on File Select Save As
Save to : Desktop
File Name : Fixlist.txt
Save file as : All files
Click on Save . Close Notepad
Open FRST.exe click on the [Fix] button . Once complet it will create a new file called Fixlog.txt . Upload the log . Should be on your Desktop
Then run these programs next
AdwCleaner
Click here
AdwCleaner
:ar: Click on Download Now button
:ar: Save to the Desktop
:ar: Right-click on AdwCleaner.exe and choose
:ar: Click on
Delete and confirm the prompt.
:ar: Your computer will be rebooted automatically. A text file will open after the restart.
Upload the log : The log file is at C:\AdwCleaner[Sn].txt
Download Junkware Removal Toolkit
Click here
Junkware Removal Tool to download
Drag the JRT.exe from the Downloads folder to your Desktop
Right click JRT.exe and choose
Once done upload the JRT.txt file
TDSSKILLER
download link :ar:
TDSSKiller
Save to the Desktop
Right-click the program and select
When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to:
Detect TDLFS File System
Click: OK
Press: Start Scan
If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)
When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\
Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt
Please post the TDSSKiller log in your reply.