Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

V-bates-Trovi-DuckDuckGo [Solved]

Started by Elisheba , May 22 2014 07:59 AM

This topic is locked

#1
Elisheba

Posted 22 May 2014 - 07:59 AM

Member

Member
43 posts

Hi. Thank you so much for the help that you provide so many people through this website. It's amazing the amount of time that you all put in to help all of us with our computer issues. And for that I'm so grateful.

I don't remember what I was doing when I got the viruses. I know though, that suddenly one minute things were fine and the next minute my search engines were changed to Trovi and I saw Bing search and it was a bit crazy for a little while.

It appears that I have at least 3 viruses. V-bate, Trovi, and DuckDuckGo. I ran Malwarebytes and it found 13 but I don't believe it got rid of everything. My computer is not acting weird at all, but since I know the viruses are still there I wanted to come and ask for help in removing them completely, if that's possible.

I tried hitman pro, Avg, and Spybot (and Im sure a few others) but none got rid of them completely. I tried a few online scanners. They didnt do the trick fully either. I see from the OTL long that there are pieces of a few of the viruses still there.

I have a Dell N4030 laptop 64 bit, with Win 7. I'm not sure what other information you need. Please ask I'll tell you what you need.

Can someone check my computer out and help me to clean it out? I'd sure appreciate it alot. Thank you!

~Lisa~

OTL logfile created on: 5/22/2014 6:19:11 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 52.33% Memory free

7.61 Gb Paging File | 5.34 Gb Available in Paging File | 70.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 297.99 Gb Total Space | 213.11 Gb Free Space | 71.52% Space Free | Partition Type: NTFS

Computer Name: LISADAY | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2014/05/22 06:17:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe

PRC - [2014/05/07 16:29:35 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/05/04 22:39:22 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2014/05/04 22:39:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/07 16:29:33 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppgooglenaclpluginchrome.dll

MOD - [2014/05/07 16:29:31 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll

MOD - [2014/05/07 16:29:27 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll

MOD - [2014/05/07 16:29:27 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll

MOD - [2014/05/07 16:29:26 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll

MOD - [2014/05/07 16:29:24 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll

MOD - [2013/12/08 16:14:51 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/05/04 22:39:22 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/03/30 12:54:31 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)

SRV:64bit: - [2010/10/14 07:45:26 | 000,270,848 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)

SRV - [2014/05/13 18:18:34 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/05/10 00:09:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)

SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)

SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)

SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)

SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)

SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)

SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)

SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/12 10:07:29 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)

DRV:64bit: - [2014/05/12 10:07:29 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)

DRV:64bit: - [2014/05/12 10:07:29 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)

DRV:64bit: - [2014/05/04 22:39:27 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2014/05/04 22:39:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2014/05/04 22:39:27 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2014/05/04 22:39:27 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2014/05/04 22:39:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)

DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/06 15:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2012/10/08 19:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)

DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/04/02 02:31:43 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)

DRV:64bit: - [2012/03/30 12:54:31 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2012/03/30 12:54:31 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/10/17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/09/19 22:54:44 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/10/14 07:45:26 | 000,518,144 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010/04/24 13:19:18 | 000,033,144 | ---- | M] (simonowen.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdrawcmd.sys -- (fdrawcmd)

DRV:64bit: - [2010/02/13 20:28:34 | 000,293,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2010/02/10 22:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/11/11 16:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/03/17 10:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)

DRV - [2012/10/16 19:47:10 | 000,013,359 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SYDEXFDD.SYS -- (SydexFDD)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 67 9B 08 14 60 CE 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {4DA5DA9D-0B66-4939-B138-6ABA03AC9584}

IE - HKCU\..\SearchScopes\{02E4B210-812F-4D4A-8DFB-A2AEB724D16A}: "URL" = http://www.google.co...utputEncoding?}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR

IE - HKCU\..\SearchScopes\{4DA5DA9D-0B66-4939-B138-6ABA03AC9584}: "URL" = http://www.google.co...utputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9

FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119

FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7

FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:5.9.1

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22

FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.3.0

FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:23.7

FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.55

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/10 00:09:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/14 03:24:18 | 000,000,000 | ---D | M]

[2012/04/02 21:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions

[2014/05/15 13:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions

[2014/05/14 13:58:02 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2014/05/11 22:43:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2014/05/14 13:58:01 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2014/01/02 11:33:10 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2014/05/11 22:38:12 | 000,000,000 | ---D | M] ("Flash Video Downloader - Full HD Download") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\[email protected]

[2013/06/02 21:48:57 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\[email protected]

[2014/05/11 22:46:26 | 000,075,097 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\[email protected]

[2014/04/16 01:34:15 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi

[2014/01/13 22:56:44 | 000,019,530 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi

[2014/05/09 23:09:35 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/06/28 16:08:30 | 000,010,530 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\duckduckgo.xml

[2014/05/17 09:06:43 | 000,001,014 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\trovi-search.xml

[2014/05/10 00:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/05/10 00:09:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll

CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\npqscan.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

CHR - Extension: Splendid = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\

CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\

CHR - Extension: Adblock for Youtubeâ„¢ = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\2.17_0\

CHR - Extension: avast! Online Security = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\

CHR - Extension: Planner 5D = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\

CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Current Moon Phase -N.Hemisphere = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo\1.28.0.0_0\

CHR - Extension: Earth map = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmibphegngmljhikklndacjdpkmhocp\2.0_0\

CHR - Extension: Bitdefender QuickScan = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\

O1 HOSTS File: ([2013/06/08 18:53:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll File not found

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [V-bates] C:\Program Files\V-bates\notifier.exe File not found

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Owner\AppData\Local\Apps\2.0\0DA0XVBE.HDP\OY9K5BEM.EEP\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe (Dell)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)

O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://dell.com/supp...t/Ode/pcd86.cab (Launcher Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B32BC24-EC0D-4AA9-A1D9-85FBD48ED006}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/20 23:52:54 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\Storage for John

[2014/05/17 11:03:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2014/05/16 20:20:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

[2014/05/16 20:05:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TuneUp Software

[2014/05/16 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MFAData

[2014/05/16 19:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2014/05/16 19:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg

[2014/05/16 19:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2014/05/15 18:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2014/05/15 17:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2014/05/15 17:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2014/05/15 14:15:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Max Secure Software

[2014/05/15 13:14:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll

[2014/05/14 14:46:18 | 000,175,528 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys

[2014/05/12 17:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2014/05/12 17:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2014/05/10 00:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2014/05/04 22:39:26 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2014/05/04 02:19:41 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieUserList

[2014/05/04 02:19:41 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieSiteList

[2014/05/01 17:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender

[2014/04/30 11:12:31 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel

========== Files - Modified Within 30 Days ==========

[2014/05/22 06:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/05/22 06:10:56 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/05/22 06:10:56 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/05/22 05:59:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/22 05:58:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/05/22 05:58:50 | 3062,915,072 | -HS- | M] () -- C:\hiberfil.sys

[2014/05/21 21:50:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/05/21 20:52:19 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/05/21 20:52:19 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/05/21 20:52:19 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/05/17 11:03:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2014/05/15 15:13:17 | 000,001,698 | ---- | M] () -- C:\Windows\SysNative\.crusader

[2014/05/15 12:50:11 | 000,000,408 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini

[2014/05/15 12:50:11 | 000,000,408 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini

[2014/05/15 12:50:11 | 000,000,046 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini

[2014/05/15 12:45:54 | 000,000,096 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\version2.xml

[2014/05/14 15:34:25 | 000,681,280 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache

[2014/05/14 15:34:05 | 000,073,469 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache

[2014/05/14 15:13:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\olepro32.dll

[2014/05/14 15:13:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumdx32.dll

[2014/05/14 15:13:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumd32.dll

[2014/05/14 15:09:57 | 000,000,010 | ---- | M] () -- C:\Users\Owner\AppData\Local\sponge.last.runtime.cache

[2014/05/12 10:07:29 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys

[2014/05/12 10:07:29 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys

[2014/05/12 10:07:29 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys

[2014/05/04 22:39:27 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1399914448080

[2014/05/04 22:39:27 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1399914448080

[2014/05/04 22:39:27 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2014/05/04 22:39:27 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2014/05/04 22:39:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2014/05/04 22:39:27 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2014/05/04 22:39:27 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2014/05/04 22:39:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys

[2014/05/04 22:39:26 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

========== Files Created - No Company Name ==========

[2014/05/15 15:13:17 | 000,001,698 | ---- | C] () -- C:\Windows\SysNative\.crusader

[2014/05/15 12:50:11 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini

[2014/05/15 12:50:11 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini

[2014/05/15 12:50:11 | 000,000,046 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini

[2014/05/15 12:45:54 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml

[2014/05/14 15:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\olepro32.dll

[2014/05/14 15:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumdx32.dll

[2014/05/14 15:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumd32.dll

[2014/05/14 15:09:57 | 000,000,010 | ---- | C] () -- C:\Users\Owner\AppData\Local\sponge.last.runtime.cache

[2014/05/04 22:39:29 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys

[2014/03/17 18:03:57 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat

[2014/03/17 18:03:20 | 000,000,075 | ---- | C] () -- C:\Windows\Crypkey.ini

[2014/03/17 18:03:10 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe

[2014/03/17 18:03:10 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll

[2014/03/17 18:03:10 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe

[2014/01/16 15:56:08 | 000,014,034 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel

[2014/01/08 21:32:57 | 000,000,070 | ---- | C] () -- C:\Windows\EurekaLog.ini

[2014/01/02 11:31:26 | 000,681,280 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache

[2014/01/02 11:30:57 | 000,073,469 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache

[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe

[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe

[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe

[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe

[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe

[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\hkcmd.exe

[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe

[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\conhost.exe

[2014/01/02 11:18:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe

[2014/01/02 11:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe

[2014/01/02 11:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe

[2014/01/02 11:08:27 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache

[2013/10/20 18:04:35 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/04/15 15:36:23 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2013/03/31 04:14:12 | 000,000,165 | ---- | C] () -- C:\Windows\WINÙS…ÏÈ.INI

[2012/06/24 11:15:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2012/06/07 20:57:11 | 000,000,288 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.backup.dm

[2012/05/07 09:51:39 | 000,043,008 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/15 10:53:34 | 000,007,622 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/20 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\abelhadigital.com

[2013/12/08 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software

[2012/03/30 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DRPSu

[2013/06/18 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft

[2013/01/03 18:36:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Flo & Seb Engineering

[2013/06/27 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView

[2012/06/27 07:27:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MP3Rocket

[2012/04/15 12:54:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netscape

[2014/03/25 16:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera Software

[2013/05/02 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle

[2012/04/04 17:10:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCDr

[2012/05/31 09:56:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProgSense

[2014/05/11 22:48:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan

[2012/11/24 02:25:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RCKR

[2014/05/20 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SandSComputing

[2013/12/29 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SSDir

[2012/04/04 17:05:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tmp

[2014/05/16 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

#2
pystryker

Posted 22 May 2014 - 05:00 PM

Trusted Helper

Malware Removal
3,912 posts

Hello and welcome to Geeks to Go! My nickname is Pystryker

, and I will be helping you with your issue today.

Before we get started, I have a few things I need to go over with you

Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
Please read through my instructions carefully and completely before executing them.
Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
If possible, please have your original Windows installation disks handy, just in case.
If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we? :thumbsup:

Hello

There is another log that was created when you first ran OTL call Extras.txt. It will be located in the same place as where you ran OTL from. In this case, here: C:\Downloads. Please post that log in your next reply.

Also, please move OTL.exe to your desktop, it works better from there. :thumbsup:

I see a few things that we'll need to get rid of, but I'd like to take a look and make sure nothing more nefarious is hiding. Please follow the intructions below.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download aswMBR.exe to your desktop.
Double click the file to run it.
It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Click the Scan button to begin the scan.

Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
Click Exit

Things I need to see in your next post:

aswMBR Log

The aforementioned Extras.txt log

#3
Elisheba

Posted 22 May 2014 - 09:20 PM

Member

Topic Starter
Member
43 posts

Hi Pystryker, thank you so much for responding. I appreciate it alot. Included are the two logs.

Attached Files

Extras.Txt 41.93KB 120 downloads
aswMBR.txt 1.76KB 128 downloads

#4
pystryker

Posted 22 May 2014 - 09:25 PM

Trusted Helper

Malware Removal
3,912 posts

Hi Pystryker, thank you so much for responding. I appreciate it alot. Included are the two logs.

Hello and you are quite welcome.

One thing I need is when you are posting logs, please copy and paste them into your replies instead of attaching them. Having them in the replies makes them much easier to research. :thumbsup:

I'll have instructions just as soon as take a look at the logs. I'm going to paste them as replies into this thread and get to work on them.

OTL Extras logfile created on: 5/22/2014 6:19:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 52.33% Memory free
7.61 Gb Paging File | 5.34 Gb Available in Paging File | 70.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 213.11 Gb Free Space | 71.52% Space Free | Partition Type: NTFS

Computer Name: LISADAY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E2272B-0E4F-443A-8D65-3C8E2973248B}" = lport=445 | protocol=6 | dir=in | app=system |
"{1E11583E-7C4D-4E20-9EA7-1C8144EF682A}" = rport=139 | protocol=6 | dir=out | app=system |
"{3D4A0098-2BF1-448C-8F9D-89C082DDC1DC}" = lport=139 | protocol=6 | dir=in | app=system |
"{50D92BA1-14C7-4E5A-8DDC-AA663B45EBDD}" = rport=137 | protocol=17 | dir=out | app=system |
"{73E54833-3DC3-449D-B010-650F8F165A9C}" = rport=445 | protocol=6 | dir=out | app=system |
"{809FFBCF-F522-457E-8075-4DE9CB12DA91}" = rport=138 | protocol=17 | dir=out | app=system |
"{815C61F2-E016-4028-8693-C37DC623A5EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FCE39E9-655E-4E3A-89A7-0E4A512A0F78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94DFDEAA-CB38-41F8-AD47-502169FD7D33}" = lport=137 | protocol=17 | dir=in | app=system |
"{AE12E7A9-249F-4745-B592-79BF3D181CDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C5F20083-6684-42C1-9287-38076759850A}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA17345B-519D-46DD-A258-94CF697A67F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05485148-95C3-4E04-8B30-72469B55520C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{112A46B0-F09B-49FD-99F2-083ABC68DCA8}" = protocol=1 | dir=out | [email protected],-28544 |
"{25EDA9BA-60F3-4A03-9142-FE9565DDB5D8}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2B278E38-A02A-40B1-B6A6-D4BFD20B2124}" = protocol=58 | dir=out | [email protected],-28546 |
"{64C73D38-C8E1-4421-AC8E-8BB1FC8CBF64}" = protocol=1 | dir=in | [email protected],-28543 |
"{8B806A31-93BE-47E6-846A-E8A28A1FEBB6}" = protocol=58 | dir=in | [email protected],-28545 |
"{99347181-F176-4346-8063-A80E8A65E291}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{2FDD458D-0E29-4427-BF32-21D59B7C75A3}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{AB8FAEE8-6FB1-4036-800C-985B0BB2D5BA}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8397C1C5-39CA-4D5E-A798-50B5E6C6ABCB}" = SewWrite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4E3AD0C-C757-47C0-B66B-341EDF6D74A2}" = SewIconz
"{A7395F20-2B22-4CB8-8510-B452C0F47E02}" = Movie Maker 6.0 for Windows 7 (64-bit)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F402D1E3-5FBB-4D83-A6AE-67CA37CBD2DA}" = SewWhat-Pro
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"HitmanPro37" = HitmanPro 3.7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F9E619-8531-479E-AB80-C81819F0A3D8}" = Wilcom TrueSizer e3.0
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E801DDB4-3CFC-496E-9E04-781EC2445D82}" = Wilcom TrueSizer e3.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast" = avast! Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"fdrawcmd" = Fdrawcmd.sys 1.0.1.11
"Google Chrome" = Google Chrome
"Inkscape" = Inkscape 0.48.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 20.0.1387.91" = Opera Stable 20.0.1387.91
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2014 6:22:30 PM | Computer Name = LisaDay | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error - 3/25/2014 6:22:30 PM | Computer Name = LisaDay | Source = Windows Search Service | ID = 7010
Description = The index cannot be initialized. Details: The content index catalog
is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error - 4/10/2014 1:26:51 AM | Computer Name = LisaDay | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: SHELL32.dll, version: 6.1.7601.18222,
time stamp: 0x51f1ddfa Exception code: 0xc0000005 Fault offset: 0x000000000012e50b
Faulting
process id: 0xabc Faulting application start time: 0x01cf547adfc72e9e Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: b82585a1-c070-11e3-8af5-f04da2b84e99

Error - 5/14/2014 5:31:00 PM | Computer Name = LisaDay | Source = Application Error | ID = 1000
Description = Faulting application name: AoAAudioExtractor.exe, version: 1.1.0.0,
time stamp: 0x4969678b Faulting module name: avcodec-51.dll, version: 0.0.0.0, time
stamp: 0x452d02f3 Exception code: 0xc0000005 Fault offset: 0x002abb46 Faulting process
id: 0xca0 Faulting application start time: 0x01cf6fbb9c8c7c99 Faulting application
path: C:\Program Files (x86)\AoA Audio Extractor\AoAAudioExtractor.exe Faulting
module path: C:\Program Files (x86)\AoA Audio Extractor\avcodec-51.dll Report Id:
0a53f154-dbaf-11e3-af16-f04da2b84e99

Error - 5/15/2014 4:19:59 PM | Computer Name = LisaDay | Source = Application Hang | ID = 1002
Description = The program adwcleaner_3.208.exe version 3.2.0.8 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 770 Start
Time: 01cf70794a633aa9 Termination Time: 0 Application Path: C:\Downloads\adwcleaner_3.208.exe

Report
Id:

Error - 5/15/2014 4:52:22 PM | Computer Name = LisaDay | Source = Application Hang | ID = 1002
Description = The program adwcleaner_3.208.exe version 3.2.0.8 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1258 Start
Time: 01cf707c05c5cb71 Termination Time: 14 Application Path: C:\Downloads\adwcleaner_3.208.exe

Report
Id:

Error - 5/16/2014 11:13:27 AM | Computer Name = LisaDay | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bd0 Start
Time: 01cf7118daba9693 Termination Time: 7 Application Path: C:\Program Files (x86)\Spybot
- Search & Destroy\SpybotSD.exe Report Id:

Error - 5/16/2014 12:22:54 PM | Computer Name = LisaDay | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/16/2014 11:02:14 PM | Computer Name = LisaDay | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASKUTIL. System Error: The system cannot find the file specified. .

Error - 5/16/2014 11:04:02 PM | Computer Name = LisaDay | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASKUTIL. System Error: The system cannot find the file specified. .

[ Broadcom Wireless LAN Events ]
Error - 3/27/2014 6:20:34 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 03:20:31, Thu, Mar 27, 14 Error - Unable to gain access to user store

Error - 4/1/2014 1:16:26 PM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 10:16:20, Tue, Apr 01, 14 Error - Unable to gain access to user store

Error - 4/4/2014 9:51:57 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 06:51:54, Fri, Apr 04, 14 Error - Unable to gain access to user store

Error - 4/5/2014 11:54:27 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 08:54:24, Sat, Apr 05, 14 Error - Unable to gain access to user store

Error - 5/4/2014 11:08:06 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 08:08:05, Sun, May 04, 14 Error - Unable to gain access to user store

[ System Events ]
Error - 5/20/2014 5:03:20 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 5:03:21 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 5:03:21 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:02 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:02 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:03 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:03 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:04 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/21/2014 11:45:50 AM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7000
Description =

Error - 5/22/2014 8:59:13 AM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7000
Description =

< End of report >

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-22 20:03:36
-----------------------------
20:03:36.930 OS Version: Windows x64 6.1.7601 Service Pack 1
20:03:36.930 Number of processors: 2 586 0x2505
20:03:36.931 ComputerName: LISADAY UserName: Owner
20:03:37.829 Initialize success
20:03:41.857 AVAST engine defs: 14052200
20:03:57.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:03:57.023 Disk 0 Vendor: ST932032 D005 Size: 305245MB BusType: 3
20:03:57.152 Disk 0 MBR read successfully
20:03:57.157 Disk 0 MBR scan
20:03:57.177 Disk 0 Windows 7 default MBR code
20:03:57.196 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:03:57.212 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
20:03:57.331 Disk 0 scanning C:\Windows\system32\drivers
20:04:10.926 Service scanning
20:04:35.377 Modules scanning
20:04:35.393 Disk 0 trace - called modules:
20:04:35.419 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:04:35.428 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a82790]
20:04:35.440 3 CLASSPNP.SYS[fffff88001c9c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048fc050]
20:04:36.239 AVAST engine scan C:\Windows
20:04:38.660 AVAST engine scan C:\Windows\system32
20:08:37.697 AVAST engine scan C:\Windows\system32\drivers
20:08:56.614 AVAST engine scan C:\Users\Owner
20:14:25.006 AVAST engine scan C:\ProgramData
20:15:15.681 Scan finished successfully
20:15:34.396 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
20:15:34.402 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#5
pystryker

Posted 22 May 2014 - 09:29 PM

Trusted Helper

Malware Removal
3,912 posts

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Program Uninstalls

This is an optional uninstall, but personally, I would uninstall Hitman Pro from your machine. This software doesn't have a very good reputation, and has been known to render machines unbootable.

Step 2: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX
[2013/06/28 16:08:30 | 000,010,530 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\duckduckgo.xml
[2014/05/17 09:06:43 | 000,001,014 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\trovi-search.xml
O2:64bit: - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [V-bates] C:\Program Files\V-bates\notifier.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8CE646EE

:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
C:\PROGRAM FILES\V-BATES
C:\PROGRA~2\SearchProtect

:Commands
[emptytemp]

Click the Run Fix button at the top of the OTL control panel.
Let the program run until it's finished and then reboot the computer.
Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.

Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
Close any open windows or browsers.
Pause your Anti-Virus program if it is running.
Once it starts, click on the Scan button.
Let the scan complete itself. This may take a few minutes.
Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
- Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 4: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 5: OTL Quick Scan

Start OTL and this time click the Quick Scan button
OTL will scan your system and produce one log when finished.
Please post that log in your next reply.

Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

#6
Elisheba

Posted 22 May 2014 - 09:31 PM

Member

Topic Starter
Member
43 posts

Sorry about not copying and pasting them in.

I don't know how to turn off Avast, other than turn off the shields. I did do that though. If you could tell me how then I'll do that real quick before I start your instructions.

#7
Elisheba

Posted 22 May 2014 - 09:42 PM

Member

Topic Starter
Member
43 posts

I also went to the add remove programs to remove Hitman Pro and its not there yet I still see it when I search for it in the search bar in the start bar.

#8
pystryker

Posted 22 May 2014 - 09:46 PM

Trusted Helper

Malware Removal
3,912 posts

Sorry about not copying and pasting them in.

I don't know how to turn off Avast, other than turn off the shields. I did do that though. If you could tell me how then I'll do that real quick before I start your instructions.

No worries, nothing to be sorry about. :thumbsup:

Disabling the shields in Avast will do the job.

I also went to the add remove programs to remove Hitman Pro and its not there yet I still see it when I search for it in the search bar in the start bar.

Interesting, ok, we'll use a different tool a bit later in this process. It may be showing in the search bar, but sounds like it may be hidden in the Add/Remove Programs window.

#9
Elisheba

Posted 22 May 2014 - 09:50 PM

Member

Topic Starter
Member
43 posts

Ok Im starting on the rest of your instructions. Thanks.

#10
pystryker

Posted 22 May 2014 - 09:51 PM

Trusted Helper

Malware Removal
3,912 posts

Ok Im starting on the rest of your instructions. Thanks.

#11
Elisheba

Posted 22 May 2014 - 10:52 PM

Member

Topic Starter
Member
43 posts

Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

OTL FIX LOG:

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== OTL ==========

C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\duckduckgo.xml moved successfully.

C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\trovi-search.xml moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\V-bates deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.

ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.

========== FILES ==========

< netsh advfirewall reset /c >

Ok.

C:\Users\Owner\Desktop\cmd.bat deleted successfully.

C:\Users\Owner\Desktop\cmd.txt deleted successfully.

< netsh advfirewall set allprofiles state on /c >

Ok.

C:\Users\Owner\Desktop\cmd.bat deleted successfully.

C:\Users\Owner\Desktop\cmd.txt deleted successfully.

File\Folder C:\PROGRAM FILES\V-BATES not found.

File\Folder C:\PROGRA~2\SearchProtect not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: Owner

->Temp folder emptied: 11433418 bytes

->Temporary Internet Files folder emptied: 555589 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 25027734 bytes

->Google Chrome cache emptied: 369588166 bytes

->Flash cache emptied: 2412 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5706 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 388.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05222014_205122

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ADWCLEANER LOG:

# AdwCleaner v3.210 - Report created 22/05/2014 at 21:08:25

# Updated 19/05/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Owner - LISADAY

# Running from : C:\Users\Owner\Desktop\adwcleaner_3.210.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0

Folder Deleted : C:\Users\Owner\AppData\Local\Max Secure Software

Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware

File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\user.js

File Deleted : C:\Windows\System32\Tasks\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

Key Deleted : [x64] HKLM\SOFTWARE\V-bates

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\lh8r2mdq.default\prefs.js ]

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\prefs.js ]

Line Deleted : user_pref("extensions.fvd_single.__surfcanyon_disable_time", "1");

Line Deleted : user_pref("extensions.fvd_single.seopack.b_surfcanyon", true);

Line Deleted : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_whiteListSearch", "{\"isearch.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"se[...]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=MA997F67D-0299-492C-A036-468648588FF9&SearchSource=58&CUI=&UM=5&UP=SP37D55BBF-4343-4387-B3FF-1430C74E7967&q={searchTerms}&SSPV=

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R3].txt - [3061 octets] - [22/05/2014 21:06:39]

AdwCleaner[S1].txt - [3008 octets] - [22/05/2014 21:08:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3068 octets] ##########

JUNKWARE REMOVAL LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Thu 05/22/2014 at 21:18:57.26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"

~~~ FireFox

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\minidumps [13 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 05/22/2014 at 21:30:10.60

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL QUICK SCAN LOG:

OTL logfile created on: 5/22/2014 9:42:50 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 56.02% Memory free

7.61 Gb Paging File | 5.48 Gb Available in Paging File | 72.08% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 297.99 Gb Total Space | 212.37 Gb Free Space | 71.27% Space Free | Partition Type: NTFS

Computer Name: LISADAY | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2014/05/22 06:17:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2014/05/13 16:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/05/04 22:39:22 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2014/05/04 22:39:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/13 16:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll

MOD - [2014/05/13 16:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

MOD - [2014/05/13 16:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

MOD - [2014/05/13 16:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll

MOD - [2014/05/13 16:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll