Win32:Dropper-gen

Morris_fe1s

Hi folks
Cant find a proper link with good instructions to delete this virus from the computer.

I read through some instructions but they dont seem to be any good

jsa112

run adwcleaner and post its log


http://www.bleepingcomputer.com/download/adwcleaner/

Morris_fe1s

AdwCleaner v3.210 - Report created 20/05/2014 at 05:48:40
# Updated 19/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : admin - DELL-8253B6FF1F
# Running from : C:\Documents and Settings\admin\My Documents\Downloads\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Search Protection
Folder Deleted : C:\Program Files\fileopenerpro
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Documents and Settings\admin\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Dell\Local Settings\Application Data\Bundled software uninstaller
Folder Deleted : C:\Documents and Settings\Dell\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Dell\Application Data\Babylon
File Deleted : C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\[opt]rs0\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe]
Key Deleted : HKCU\Software\adawarebp
Key Deleted : HKCU\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v34.0.1847.137

[ File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-362&v=n12521-343&t=4
Deleted [Extension] : fgeapihpgbepllencafcpkfbjlkogfan

*************************

AdwCleaner[R0].txt - [8436 octets] - [20/05/2014 05:46:41]
AdwCleaner[S0].txt - [7906 octets] - [20/05/2014 05:48:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7966 octets] ##########

Is that the log you were referring to ?

jsa112

yeah, if you are still having problems do this


Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files here

Morris_fe1s

OTL logfile created on: 20/05/2014 18:58:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.02% Memory free
3.84 Gb Paging File | 2.93 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 92.32 Gb Free Space | 61.96% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL-8253B6FF1F | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/20 18:58:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\My Documents\Downloads\OTL.exe
PRC - [2014/05/13 19:18:13 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/05/13 19:18:10 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/08 00:29:35 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/01/23 16:32:46 | 003,643,224 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
PRC - [2014/01/23 16:26:08 | 000,651,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/12 18:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 18:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2005/07/22 20:45:16 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/06/27 18:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
PRC - [2005/06/21 21:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/20 11:22:21 | 002,253,312 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14052000\algo.dll
MOD - [2014/05/08 00:29:33 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppgooglenaclpluginchrome.dll
MOD - [2014/05/08 00:29:31 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
MOD - [2014/05/08 00:29:26 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
MOD - [2014/05/08 00:29:24 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
MOD - [2014/01/23 16:33:14 | 000,148,808 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
MOD - [2014/01/23 16:33:12 | 000,131,920 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
MOD - [2014/01/23 16:33:12 | 000,122,704 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
MOD - [2014/01/23 16:33:06 | 000,030,584 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll
MOD - [2014/01/23 16:33:04 | 000,087,928 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
MOD - [2014/01/23 16:33:04 | 000,022,392 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
MOD - [2014/01/23 16:33:02 | 000,638,328 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll
MOD - [2014/01/23 16:33:00 | 000,405,880 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:58 | 000,107,904 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:58 | 000,048,512 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:56 | 000,030,072 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:54 | 000,541,008 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
MOD - [2014/01/23 16:32:54 | 000,123,744 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll
MOD - [2014/01/23 16:32:52 | 001,928,008 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
MOD - [2014/01/23 16:32:52 | 000,118,104 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll
MOD - [2014/01/23 16:32:50 | 000,308,064 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
MOD - [2014/01/23 16:32:50 | 000,056,664 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
MOD - [2014/01/23 16:32:48 | 001,858,408 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll
MOD - [2014/01/23 16:32:46 | 003,643,224 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
MOD - [2014/01/23 16:32:46 | 000,789,360 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
MOD - [2014/01/23 16:32:44 | 000,105,304 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll
MOD - [2014/01/23 16:32:42 | 003,053,416 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll
MOD - [2014/01/23 16:32:42 | 000,268,656 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll
MOD - [2014/01/23 16:32:40 | 000,367,472 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll
MOD - [2014/01/23 16:32:38 | 000,502,112 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll
MOD - [2014/01/23 16:32:38 | 000,087,384 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll
MOD - [2014/01/23 16:32:36 | 000,274,808 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll
MOD - [2014/01/23 16:32:36 | 000,210,280 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll
MOD - [2014/01/23 16:32:34 | 000,298,840 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll
MOD - [2014/01/23 16:32:32 | 000,472,944 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll
MOD - [2014/01/23 16:32:28 | 000,513,392 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll
MOD - [2014/01/23 16:32:28 | 000,422,752 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll
MOD - [2014/01/23 16:32:26 | 000,342,376 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll
MOD - [2014/01/23 16:32:26 | 000,190,824 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll
MOD - [2014/01/23 16:32:24 | 000,241,504 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll
MOD - [2014/01/23 16:32:24 | 000,119,656 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll
MOD - [2014/01/23 16:32:22 | 000,223,088 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll
MOD - [2014/01/23 16:32:18 | 000,228,728 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll
MOD - [2014/01/23 16:32:18 | 000,170,376 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll
MOD - [2014/01/23 16:32:14 | 000,244,088 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll
MOD - [2014/01/23 16:32:12 | 000,181,600 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll
MOD - [2014/01/23 16:32:12 | 000,174,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll
MOD - [2014/01/23 16:32:10 | 000,244,592 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll
MOD - [2014/01/23 16:32:10 | 000,105,320 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll
MOD - [2014/01/23 16:32:08 | 000,477,544 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll
MOD - [2014/01/23 16:26:08 | 000,651,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
MOD - [2013/11/13 12:21:51 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/07/17 17:10:52 | 000,565,640 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll
MOD - [2013/07/17 17:10:52 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\trufos.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/06/27 18:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
MOD - [2005/06/21 21:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll
MOD - [2005/06/21 21:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
MOD - [2005/06/21 21:18:24 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\dlcdprox.dll
MOD - [2005/06/06 16:59:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll
MOD - [2005/04/28 14:43:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll


========== Services (SafeList) ==========

SRV - [2014/05/14 18:56:56 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/13 19:18:10 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/01/23 16:26:08 | 000,651,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV - [2006/10/12 18:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2005/06/21 21:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/05/20 18:53:58 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/05/15 20:45:11 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/05/15 20:45:11 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/05/15 20:45:11 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (aswRdr)
DRV - [2014/05/13 19:19:21 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/13 19:19:21 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/05/13 19:19:20 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/05/13 19:19:20 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/13 19:19:19 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/07/17 17:10:52 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2006/10/26 21:22:00 | 000,357,344 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02)
DRV - [2005/11/17 00:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{E9339D3A-0CAD-4299-94FE-F0D367F90003}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=46D1E4F6C797BA45F0B1F2537A7BDF23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 D5 90 89 9E 73 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{E9339D3A-0CAD-4299-94FE-F0D367F90003}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/10/10 11:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: SecureSearch (Enabled)
CHR - default_search_provider: search_url = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=46D1E4F6C797BA45F0B1F2537A7BDF23
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357840139812 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA217AC7-70FA-401C-ADF4-CEA35C9E2733}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - (PRISMAPI.DLL) - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/10 02:00:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/20 06:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/05/20 05:47:53 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/05/20 05:46:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/20 05:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Downloads
[2014/05/20 05:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CDB
[2014/05/20 05:32:23 | 010,828,640 | ---- | C] (Reimage®) -- C:\TRANSLATE
[2014/05/20 05:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Lavasoft
[2014/05/20 05:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\LavasoftStatistics
[2014/05/19 22:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
[2014/05/19 22:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\adawarebp
[2014/05/19 22:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/05/19 21:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Windows Search
[2014/05/19 21:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Temp
[2014/05/19 21:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Macromedia
[2014/05/19 21:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Google
[2014/05/19 21:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Google
[2014/05/19 21:11:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\PrivacIE
[2014/05/19 21:05:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\SendTo
[2014/05/19 21:05:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2014/05/19 21:05:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\Startup
[2014/05/19 21:05:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Pictures
[2014/05/19 21:05:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Music
[2014/05/19 21:05:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents
[2014/05/19 21:05:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\Accessories
[2014/05/19 21:05:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2014/05/19 21:05:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\PrintHood
[2014/05/19 21:05:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\NetHood
[2014/05/19 21:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
[2014/05/19 21:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2014/05/19 21:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Sun
[2014/05/19 21:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Identities
[2014/05/19 21:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop
[2014/05/19 21:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Adobe
[2014/05/19 21:05:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Start Menu
[2014/05/19 21:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Sun
[2014/05/19 20:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\AVAST Software
[2014/05/19 20:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Identities
[2014/05/19 20:56:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IETldCache
[2014/05/19 20:55:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\admin\Application Data\Microsoft
[2014/05/19 20:55:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Application Data
[2014/05/19 20:55:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Favorites
[2014/05/19 20:55:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\Cookies
[2014/05/19 20:55:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\Templates
[2014/05/19 20:55:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\Local Settings
[2014/05/19 20:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft
[2014/05/19 20:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014/05/13 19:32:13 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2014/05/13 19:32:12 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2014/05/13 19:32:12 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2014/05/13 19:32:11 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2014/05/13 19:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Win 32. Trojan Dropper Removal Tool
[2014/05/13 19:19:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/05/13 07:04:02 | 000,000,000 | ---D | C] -- C:\Avenger
[2014/05/13 07:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/12 22:42:45 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/12 22:42:45 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/05/12 22:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/10 19:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/20 19:46:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/20 19:27:50 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/05/20 19:19:20 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/05/20 19:19:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/20 18:53:22 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/20 18:53:11 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/05/20 18:52:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/20 07:24:22 | 000,465,852 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/05/20 07:24:22 | 000,079,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/05/20 07:23:41 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2014/05/20 07:20:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/20 05:35:23 | 000,000,163 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2014/05/20 05:33:08 | 010,828,640 | ---- | M] (Reimage®) -- C:\TRANSLATE
[2014/05/19 22:48:12 | 000,000,061 | ---- | M] () -- C:\prefs.js
[2014/05/19 21:50:20 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Google Chrome.lnk
[2014/05/19 21:16:38 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/19 20:57:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/19 20:57:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/05/15 20:45:11 | 000,777,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2014/05/15 20:45:11 | 000,411,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/05/15 20:45:11 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys
[2014/05/13 19:20:47 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/05/13 19:19:21 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys.1400183102390
[2014/05/13 19:19:21 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/05/13 19:19:21 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/05/13 19:19:20 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/05/13 19:19:20 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/05/13 19:19:19 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys.1400183102390
[2014/05/13 19:19:19 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/05/13 19:19:14 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/05/13 19:19:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/20 05:31:18 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2014/05/19 22:56:15 | 000,002,028 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2014/05/19 22:48:12 | 000,000,061 | ---- | C] () -- C:\prefs.js
[2014/05/19 20:57:52 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/19 20:57:52 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Google Chrome.lnk
[2014/05/19 20:57:52 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/19 20:57:52 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Internet Explorer.lnk
[2014/05/19 20:57:47 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/05/19 20:55:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Remote Assistance.lnk
[2014/05/19 20:55:12 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Windows Media Player.lnk
[2014/05/13 19:19:40 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/05/12 22:42:56 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/13 12:22:10 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/11/13 12:22:09 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/10/13 21:34:40 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/31 19:59:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/27 20:35:08 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 22:26:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 22:26:01 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/15 09:45:56 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2013/06/15 09:45:19 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2013/06/15 09:45:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2013/06/15 09:45:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2013/06/15 09:45:18 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcdih.exe
[2013/06/15 09:45:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2013/06/15 09:45:17 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2013/06/15 09:45:17 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2013/06/15 09:45:17 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2013/06/15 09:45:17 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.exe
[2013/06/15 09:45:17 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2013/06/15 09:45:16 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2013/06/15 09:45:16 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2013/06/15 09:45:16 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2013/06/15 09:45:16 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcdcoms.exe
[2013/06/15 09:45:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2013/06/15 09:45:15 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2013/06/15 09:45:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2013/06/15 09:45:14 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2013/06/15 09:45:13 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2013/06/15 09:45:13 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2013/06/15 09:45:12 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2013/02/27 11:06:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/01/21 20:51:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/01/10 20:46:05 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/01/10 20:46:05 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/01/10 20:46:05 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/01/10 20:46:04 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/01/10 20:46:01 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/01/10 19:09:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/01/10 02:37:02 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2013/01/10 02:37:00 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\StopSrvr.exe
[2013/01/10 02:02:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/01/10 01:56:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/01/09 17:46:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/01/09 17:45:36 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/01/10 21:01:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 12:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/05/19 20:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\AVAST Software
[2014/05/19 21:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2014/05/19 21:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
[2014/05/19 21:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Search
[2014/02/24 15:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/05/20 05:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/11/13 12:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/05/20 05:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDB
[2013/04/26 09:50:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/05/10 19:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/10/07 18:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/10 02:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2013/07/16 13:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

< End of report >

jsa112

you still having problems with the pc ?

Morris_fe1s

not so sure, i did have viruses in avast - that avast wouldnt/ couldnt remove - so i deleted avast - i will re-install avast - and run it and see...

it does ..dare i say seem to be quicker

interesting as i have not heard of OTL before ... i did hear of adaware, but that adaware seems to be a different one.

is it dodgey for computer to play around with otl and run..run fix/ clean up and change etc?

jsa112

can you post the log from avast for whatever it found first ?

yeah its dangerous to use otl

Morris_fe1s

i deleted avast so i cant get the log can i?
i just downloaded avast again and ran it and the windows 32 dropper gen virus is gone.. thanks to your help!!!
i really did not want to attempt deleting dll reg files

if u tell me where i can locate the old log files i can post

im really surprised 4-5 anitvirus/ malware couldn't delete this virus... i know it seems to hide in the dll files

otl rules!

jsa112

the log should be here

C:\Program Files\AVAST Software\Avast\log

also if there are any Reports there, post them too


and open malwarebytes, there is a Log tab at the top, post any new logs from that here

Morris_fe1s

Hi there,

Sorry there not there... i deleted the programs because they didnt resolve my issue.... and used OTL instead which worked....

i scanned with avast perhaps 20 times - 4 scans located a virus.. win32 dropper gen.... avast gave three options to fix/delete/move to virus vault... some worked others didnt, avast just seemed to shrug its shoulders and ignore the request to fix resolve or delete about three viruses on a scan..maybe the same virus

the virus prevented system restore...

jsa112 wrote: »

the log should be here

C:\Program Files\AVAST Software\Avast\log

also if there are any Reports there, post them too


and open malwarebytes, there is a Log tab at the top, post any new logs from that here

jsa112

any luck with the malwarebytes logs ?


I'll fix your system restore don't worry

Morris_fe1s

no sorry it must have been deleted when i deleted the program file

i assume system restore will work now that the virus is gone?? and anyway as the virus is gone theres prob no need to system restore is there?

jsa112

viruses usually disable system restore, so this will make sure its working. and yeah no point using a restore point since the infection is gone.


open OTL and copy this into the box at the bottom


:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c


click run fix and post the log it gives

Morris_fe1s

Here we go!
in simple terms did that speed up my computer by killing processes and did it also create a restore point


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 18909265 bytes
->Temporary Internet Files folder emptied: 52228573 bytes
->Google Chrome cache emptied: 43250471 bytes
->Flash cache emptied: 1090 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Dell
->Temp folder emptied: 14154804 bytes
->Temporary Internet Files folder emptied: 42462066 bytes
->Flash cache emptied: 1101 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 34140 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 506356 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89761626 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 808281911 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33612 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,022.00 mb


[EMPTYFLASH]

User: admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Dell
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: admin

User: All Users

User: Default User

User: Dell

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\admin\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\admin\My Documents\Downloads\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 05202014_211322

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

jsa112

looks good, all done ^^