@ Voble
[*] I will be working on your Malware issues this may or may not solve other issues you have with your machine.
[*] The fixes are specific to your problem and should only be used for this issue on this machine.
[*] If you don’t know or understand something, please don’t hesitate to ask.
[*]Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc…)
[*] Please DO NOT run any other tools or scans whilst I am helping you.
[*] It is important that you reply to this thread. Do not start a new topic.
[*] Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
[*] Absence of symptoms does not mean that everything is clear.
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=ds&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138870
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138869
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=A65817A5CE74AFD44DA94152258152BB
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=ds&from=amt&uid=WDCXWD10EARX-22N0YB0_WD-WMC0S009795997959&ts=1378138870
IE - HKU\S-1-5-21-4054640938-4055872445-3309794027-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR - default_search_provider: SecureSearch (Enabled)
CHR - default_search_provider: search_url = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=A65817A5CE74AFD44DA94152258152BB
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:commands
[CREATERESTOREPOINT]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
----- next -----
Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[list]
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:
createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
=================================
Please attach logreports here as attachment:
http://www.mcshield.net/personal/magna86/Images/avast%20attach%20post.png