Jump to content

fbi hijack virus on XP pro computer


Recommended Posts

OTL logfile created on: 3/18/2013 3:07:16 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 82.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 48.49 Gb Free Space | 65.07% Space Free | Partition Type: NTFS

Drive D: | 7.20 Gb Total Space | 7.18 Gb Free Space | 99.68% Space Free | Partition Type: FAT32

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)

SRV - [2013/03/13 12:41:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/18 10:53:32 | 000,968,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)

SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/01/25 10:14:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)

SRV - [2009/11/11 09:55:50 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009/11/11 09:55:47 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2007/09/20 18:10:02 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled] -- C:\Documents and Settings\Administrator\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2013/02/18 10:53:32 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)

DRV - [2009/11/11 09:55:55 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/11/11 09:55:55 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/05/26 14:19:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2006/08/01 15:07:02 | 004,356,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/06/16 15:56:38 | 000,083,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/01/05 07:46:42 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)

DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)

DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)

DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)

DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)

DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)

DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)

DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)

DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)

DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)

DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)

DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)

DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)

DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)

DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)

DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)

DRV - [2001/08/17 12:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 10:53:49 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AdvBHO) - {2ED2390A-E6F6-F895-FE75-013E2D97184A} - File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Shared Library) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - File not found

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [p479eb276] C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe ()

O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKU\.DEFAULT..\Run: [swg] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll (Sun Microsystems, Inc.)

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://insurity.colinsgrp.com/agents/CABFiles/ScriptX.cab (MeadCo ScriptX)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)

O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab (ActiveWebParts Illustration Viewer)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 13:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/03/18 13:30:16 | 067,676,974 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2013/03/18 12:06:17 | 000,393,528 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/03/18 12:06:17 | 000,084,908 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/03/18 12:02:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/03/18 12:01:34 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job

[2013/03/18 12:01:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/03/18 12:01:29 | 1474,875,392 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/15 16:35:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/03/13 12:41:31 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/03/13 12:41:31 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/02/28 22:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2013/02/18 10:53:32 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/03 17:34:39 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI

[2013/01/03 17:34:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT

[2013/01/03 17:34:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL

[2012/02/14 16:23:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/11 18:15:26 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/08/03 13:45:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2007/06/07 13:46:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2007/05/01 11:11:14 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\reboin01.exe

[2007/03/06 23:58:51 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32MKDE.EXE

[2007/03/06 23:58:51 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\WBMANAGE.EXE

[2007/03/06 23:58:51 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL

[2007/03/06 23:58:51 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\WDBUUI32.DLL

[2007/03/06 23:58:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WDBUMK32.DLL

[2007/03/06 23:58:51 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\WBEXEC.EXE

[2007/03/06 23:58:51 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL

[2007/03/06 23:58:51 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BGBMNG.EXE

[2007/03/06 23:58:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DBU_UI.DLL

[2007/03/06 23:58:50 | 000,126,929 | ---- | C] () -- C:\WINDOWS\System32\WBROLL.EXE

[2007/03/06 23:58:50 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.DLL

[2007/03/06 23:58:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.EXE

[2007/03/06 19:11:59 | 000,008,192 | ---- | C] () -- C:\WINDOWS\APPEXEC.DLL

[2007/03/06 19:09:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/02/15 02:46:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/02/15 02:41:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2007/02/15 02:39:25 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2007/02/15 02:39:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2007/02/15 02:38:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2007/02/15 02:26:46 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2004/08/09 10:00:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/09 09:44:32 | 000,393,528 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/09 09:44:32 | 000,084,908 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/09 09:40:44 | 000,157,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/09 09:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/09 09:28:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/05/28 04:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002/05/28 04:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2002/05/08 05:12:22 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2013/02/07 14:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\439C8C27E2C9CBFE0000439C4892D337

[2012/11/08 11:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2010/10/26 10:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2012/02/14 11:22:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2013/03/18 12:01:34 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/04/18 12:40:03 | 000,000,009 | ---- | M] () -- C:\1A50004F-2074-4fce-8D48-06CDE7C23618.cpt

[2002/04/26 17:05:44 | 000,006,004 | ---- | M] () -- C:\BGFILE.BG

[2008/05/16 15:37:11 | 000,000,000 | ---- | M] () -- C:\BGFILE.FLG

[2007/03/06 16:30:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[1990/09/27 01:23:58 | 000,015,831 | ---- | M] () -- C:\BOPDIR.EXE

[1988/04/09 11:18:12 | 000,005,120 | ---- | M] () -- C:\C.COM

[2013/03/18 12:01:29 | 1474,875,392 | -HS- | M] () -- C:\hiberfil.sys

[2000/04/03 20:03:04 | 000,000,060 | ---- | M] () -- C:\interest.bat

[2007/03/06 17:33:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[1993/10/01 14:00:04 | 000,025,860 | ---- | M] () -- C:\IVDLL.DLL

[1993/10/01 14:00:04 | 000,002,372 | ---- | M] () -- C:\IVISION.DOT

[1993/10/01 14:00:04 | 000,001,792 | ---- | M] () -- C:\IVISION.SMM

[1993/10/01 14:00:04 | 000,003,685 | ---- | M] () -- C:\IVISION.XLM

[1993/10/01 14:00:04 | 000,220,160 | ---- | M] () -- C:\IVSE.EXE

[1993/10/01 14:00:04 | 000,125,268 | ---- | M] () -- C:\IVSE.HLP

[1993/10/01 14:00:04 | 000,001,185 | ---- | M] () -- C:\IV_NOTE.WCM

[1993/10/01 14:00:04 | 000,001,202 | ---- | M] () -- C:\IV_SCHED.WCM

[2007/03/06 17:33:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2009/02/11 11:38:26 | 000,000,040 | ---- | M] () -- C:\NETINFO.BAT

[2004/02/26 17:54:06 | 000,012,651 | ---- | M] () -- C:\NETLOG.TXT

[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/08/26 09:07:39 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2013/03/18 12:01:28 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys

[2011/02/17 11:56:45 | 000,043,008 | ---- | M] () -- C:\Player_Appeal_Form.doc

[2007/02/24 19:59:24 | 000,000,967 | ---- | M] () -- C:\Tam Index.pif

[1998/10/29 11:21:04 | 000,000,469 | ---- | M] () -- C:\TAM.COM

[2009/02/11 11:34:22 | 257,721,303 | ---- | M] (Macrovision Corporation) -- C:\TAM_10_0_3_Server.exe

[2009/02/11 11:10:14 | 046,269,292 | ---- | M] (Macrovision Corporation) -- C:\TAM_10_1_1_Server.exe

[2009/02/11 12:11:47 | 000,001,391 | ---- | M] () -- C:\The Agency Manager.lnk

[2009/02/11 11:02:15 | 010,860,887 | ---- | M] () -- C:\WATERS01101CL.rar

[1985/01/30 20:33:38 | 000,001,024 | ---- | M] () -- C:\WHERE.COM

[2009/02/11 10:58:58 | 001,206,366 | ---- | M] () -- C:\wrar371.exe

< MD5 for: EXPLORER.EXE >

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

[2004/08/04 04:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

Link to post
Share on other sites

See if this works:

OK, basically what we want to do is copy the text that's in BOLD into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in BOLD into notepad and save it:

:OTL

O4 - HKLM..\Run: [p479eb276] C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe ()

:Files

C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here. MrC

Link to post
Share on other sites

OTL logfile created on: 3/18/2013 3:38:54 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 79.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 48.49 Gb Free Space | 65.07% Space Free | Partition Type: NTFS

Drive D: | 7.20 Gb Total Space | 7.18 Gb Free Space | 99.68% Space Free | Partition Type: FAT32

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)

SRV - [2013/03/13 12:41:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/18 10:53:32 | 000,968,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)

SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/01/25 10:14:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)

SRV - [2009/11/11 09:55:50 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009/11/11 09:55:47 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2007/09/20 18:10:02 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled] -- C:\Documents and Settings\Administrator\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2013/02/18 10:53:32 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)

DRV - [2009/11/11 09:55:55 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/11/11 09:55:55 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/05/26 14:19:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2006/08/01 15:07:02 | 004,356,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/06/16 15:56:38 | 000,083,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/01/05 07:46:42 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)

DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)

DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)

DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)

DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)

DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)

DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)

DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)

DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)

DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)

DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)

DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)

DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)

DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)

DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)

DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)

DRV - [2001/08/17 12:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 10:53:49 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AdvBHO) - {2ED2390A-E6F6-F895-FE75-013E2D97184A} - File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Shared Library) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - File not found

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [p479eb276] C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe ()

O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKU\.DEFAULT..\Run: [swg] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll (Sun Microsystems, Inc.)

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://insurity.colinsgrp.com/agents/CABFiles/ScriptX.cab (MeadCo ScriptX)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)

O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab (ActiveWebParts Illustration Viewer)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 13:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/03/18 13:30:16 | 067,676,974 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2013/03/18 12:06:17 | 000,393,528 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/03/18 12:06:17 | 000,084,908 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/03/18 12:02:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/03/18 12:01:34 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job

[2013/03/18 12:01:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/03/18 12:01:29 | 1474,875,392 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/15 16:35:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/03/13 12:41:31 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/03/13 12:41:31 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/02/28 22:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2013/02/18 10:53:32 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/03 17:34:39 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI

[2013/01/03 17:34:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT

[2013/01/03 17:34:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL

[2012/02/14 16:23:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/11 18:15:26 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/08/03 13:45:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2007/06/07 13:46:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2007/05/01 11:11:14 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\reboin01.exe

[2007/03/06 23:58:51 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32MKDE.EXE

[2007/03/06 23:58:51 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\WBMANAGE.EXE

[2007/03/06 23:58:51 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL

[2007/03/06 23:58:51 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\WDBUUI32.DLL

[2007/03/06 23:58:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WDBUMK32.DLL

[2007/03/06 23:58:51 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\WBEXEC.EXE

[2007/03/06 23:58:51 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL

[2007/03/06 23:58:51 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BGBMNG.EXE

[2007/03/06 23:58:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DBU_UI.DLL

[2007/03/06 23:58:50 | 000,126,929 | ---- | C] () -- C:\WINDOWS\System32\WBROLL.EXE

[2007/03/06 23:58:50 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.DLL

[2007/03/06 23:58:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.EXE

[2007/03/06 19:11:59 | 000,008,192 | ---- | C] () -- C:\WINDOWS\APPEXEC.DLL

[2007/03/06 19:09:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/02/15 02:46:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/02/15 02:41:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2007/02/15 02:39:25 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2007/02/15 02:39:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2007/02/15 02:38:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2007/02/15 02:26:46 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2004/08/09 10:00:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/09 09:44:32 | 000,393,528 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/09 09:44:32 | 000,084,908 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/09 09:40:44 | 000,157,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/09 09:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/09 09:28:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/05/28 04:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002/05/28 04:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2002/05/08 05:12:22 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2013/02/07 14:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\439C8C27E2C9CBFE0000439C4892D337

[2012/11/08 11:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2010/10/26 10:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2012/02/14 11:22:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2013/03/18 12:01:34 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< O4 - HKLM..\Run: [p479eb276] C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe () >

< :Files >

< C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe >

[2013/03/15 16:35:57 | 000,129,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe

< End of report >

Link to post
Share on other sites

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\p479eb276 deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe moved successfully.

========== FILES ==========

File\Folder C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 03182013_155157

Link to post
Share on other sites

OK...Great

We should run a couple of other scans though to make sure you're clean.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Link to post
Share on other sites

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 03/18/2013 17:46:16

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : p479eb276 (C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : p479eb276 (C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3612505227-3114379139-1742574260-500[...]\Run : p479eb276 (C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe) -> FOUND

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3808110AS +++++

--- User ---

[MBR] 4011fe774d80bd435cfe712bfd49e1ea

[bSP] 7eeda5f9a983235f8b4e167c6c41fb09 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03182013_02d1746.txt >>

RKreport[1]_S_03182013_02d1746.txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKCU\[...]\Run : p479eb276 (C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : p479eb276 (C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3612505227-3114379139-1742574260-500[...]\Run : p479eb276 (C:\Documents and Settings\Administrator\Local Settings\Application Data\build.exe) -> FOUND

Now click Delete on the right hand column under Options

-------------------------------------

Next................

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ok I did all that,....here is the log it generated. Thanks!

-----------------------------------------------------------------------------------------

ComboFix 13-03-19.01 - Administrator 03/19/2013 10:11:05.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.619 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\g2mdlhlpx.exe

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Administrator\WINDOWS\WINTAM.INI

c:\program files\Shared

c:\windows\system32\Cache

c:\windows\system32\Cache\17d211043862478c.fb

c:\windows\system32\Cache\2654d123a5e7ae7c.fb

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\517d71ec20d5c923.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\7a401a77f5655157.fb

c:\windows\system32\Cache\8071b9938386d1cc.fb

c:\windows\system32\Cache\8dcd826508196cd8.fb

c:\windows\system32\Cache\909bb431c46bff70.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\98d1e720d8645a67.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\c968b1cd9eb68c7d.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))

.

.

2013-03-18 20:10 . 2013-03-18 20:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-03-18 20:09 . 2013-03-18 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-03-18 20:09 . 2013-03-18 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-03-18 20:09 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-18 19:51 . 2013-03-18 19:51 -------- d-----w- C:\_OTL

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-13 16:41 . 2012-03-29 14:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 16:41 . 2011-05-20 14:46 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-18 14:53 . 2012-08-29 15:04 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-02-05 20:05 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll

2013-02-05 20:05 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-02-05 20:05 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-02-05 05:53 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec

2013-01-26 03:55 . 2004-08-04 08:00 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19 . 2004-08-04 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37 . 2004-08-04 08:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20 . 2004-08-04 08:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-04 08:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2004-08-04 08:00 1292288 ----a-w- c:\windows\system32\quartz.dll

2012-12-27 15:22 . 2011-04-18 17:01 906240 ----a-w- c:\windows\system32\VFP6RESN.DLL

2012-12-27 15:22 . 2011-04-18 17:01 905728 ----a-w- c:\windows\system32\VFP6RFRA.DLL

2012-12-27 15:22 . 2011-04-18 17:01 876032 ----a-w- c:\windows\system32\VFP6RENU.DLL

2012-12-27 15:22 . 2011-04-18 17:01 3373328 ----a-w- c:\windows\system32\VFP6R.DLL

2012-12-27 15:22 . 2007-03-07 03:58 203976 ----a-w- c:\windows\system32\RICHTX32.OCX

2012-12-27 15:22 . 2007-03-07 03:58 140288 ----a-w- c:\windows\system32\COMDLG32.OCX

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-02-18 14:53 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-05 344064]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-11 13:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\PROG\\PRW1.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 9:28 AM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 9:28 AM 108552]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/29/2012 11:04 AM 33112]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/7/2008 8:33 AM 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/7/2008 8:33 AM 297752]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/18/2013 4:09 PM 398184]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/18/2013 4:09 PM 682344]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2/18/2013 10:53 AM 968880]

R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [1/3/2013 5:34 PM 245760]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/18/2013 4:09 PM 21104]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [10/26/2010 10:16 AM 167264]

S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\Administrator\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [9/20/2007 6:10 PM 32768]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - TrueSight

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:41]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-03-19 10:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3612505227-3114379139-1742574260-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,51,58,55,21,16,ec,4f,bf,36,f6,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,6f,21,a4,fe,e4,98,42,b0,3b,0a,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(568)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2013-03-19 10:28:39

ComboFix-quarantined-files.txt 2013-03-19 14:28

.

Pre-Run: 55,603,458,048 bytes free

Post-Run: 56,456,990,720 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - D38C0D85433333B6367B3A46527B9408

Link to post
Share on other sites

ComboFix 13-03-19.01 - Administrator 03/19/2013 10:11:05.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.619 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\g2mdlhlpx.exe

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Administrator\WINDOWS\WINTAM.INI

c:\program files\Shared

c:\windows\system32\Cache

c:\windows\system32\Cache\17d211043862478c.fb

c:\windows\system32\Cache\2654d123a5e7ae7c.fb

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\517d71ec20d5c923.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\7a401a77f5655157.fb

c:\windows\system32\Cache\8071b9938386d1cc.fb

c:\windows\system32\Cache\8dcd826508196cd8.fb

c:\windows\system32\Cache\909bb431c46bff70.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\98d1e720d8645a67.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\c968b1cd9eb68c7d.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))

.

.

2013-03-18 20:10 . 2013-03-18 20:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-03-18 20:09 . 2013-03-18 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-03-18 20:09 . 2013-03-18 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-03-18 20:09 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-18 19:51 . 2013-03-18 19:51 -------- d-----w- C:\_OTL

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-13 16:41 . 2012-03-29 14:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 16:41 . 2011-05-20 14:46 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-18 14:53 . 2012-08-29 15:04 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-02-05 20:05 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll

2013-02-05 20:05 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-02-05 20:05 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-02-05 05:53 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec

2013-01-26 03:55 . 2004-08-04 08:00 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19 . 2004-08-04 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37 . 2004-08-04 08:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20 . 2004-08-04 08:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-04 08:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2004-08-04 08:00 1292288 ----a-w- c:\windows\system32\quartz.dll

2012-12-27 15:22 . 2011-04-18 17:01 906240 ----a-w- c:\windows\system32\VFP6RESN.DLL

2012-12-27 15:22 . 2011-04-18 17:01 905728 ----a-w- c:\windows\system32\VFP6RFRA.DLL

2012-12-27 15:22 . 2011-04-18 17:01 876032 ----a-w- c:\windows\system32\VFP6RENU.DLL

2012-12-27 15:22 . 2011-04-18 17:01 3373328 ----a-w- c:\windows\system32\VFP6R.DLL

2012-12-27 15:22 . 2007-03-07 03:58 203976 ----a-w- c:\windows\system32\RICHTX32.OCX

2012-12-27 15:22 . 2007-03-07 03:58 140288 ----a-w- c:\windows\system32\COMDLG32.OCX

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-02-18 14:53 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-05 344064]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-11 13:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\PROG\\PRW1.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 9:28 AM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 9:28 AM 108552]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/29/2012 11:04 AM 33112]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/7/2008 8:33 AM 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/7/2008 8:33 AM 297752]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/18/2013 4:09 PM 398184]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/18/2013 4:09 PM 682344]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2/18/2013 10:53 AM 968880]

R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [1/3/2013 5:34 PM 245760]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/18/2013 4:09 PM 21104]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [10/26/2010 10:16 AM 167264]

S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\Administrator\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [9/20/2007 6:10 PM 32768]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - TrueSight

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:41]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-03-19 10:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3612505227-3114379139-1742574260-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,51,58,55,21,16,ec,4f,bf,36,f6,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,6f,21,a4,fe,e4,98,42,b0,3b,0a,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(568)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2013-03-19 10:28:39

ComboFix-quarantined-files.txt 2013-03-19 14:28

.

Pre-Run: 55,603,458,048 bytes free

Post-Run: 56,456,990,720 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - D38C0D85433333B6367B3A46527B9408

Link to post
Share on other sites

Looks Good.............Next:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

MrC

Link to post
Share on other sites

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 15:13:28

# Updated 17/03/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - BILLY

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Administrator\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\AVG Security Toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKU\S-1-5-21-3612505227-3114379139-1742574260-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={25C08C83-38B4-471F-B3F6-8E2D6BEB8E8D}&mid=127beaa8de349345bef3b9f722620154-e8fde049c8740f4d883d1de114446b2b8d987e23〈=us&ds=AVG&pr=fr&d=2012-02-14 10:22:35&pid=avg&sg=&v=14.2.0.1&sap=nt

*************************

AdwCleaner[R1].txt - [4650 octets] - [19/03/2013 15:13:28]

########## EOF - C:\AdwCleaner[R1].txt - [4710 octets] ##########

Link to post
Share on other sites

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 15:39:42

# Updated 17/03/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - BILLY

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

Folder Deleted : C:\Program Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={25C08C83-38B4-471F-B3F6-8E2D6BEB8E8D}&mid=127beaa8de349345bef3b9f722620154-e8fde049c8740f4d883d1de114446b2b8d987e23〈=us&ds=AVG&pr=fr&d=2012-02-14 10:22:35&pid=avg&sg=&v=14.2.0.1&sap=nt --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [4779 octets] - [19/03/2013 15:13:28]

AdwCleaner[R2].txt - [4839 octets] - [19/03/2013 15:39:30]

AdwCleaner[s1].txt - [4750 octets] - [19/03/2013 15:39:42]

########## EOF - C:\AdwCleaner[s1].txt - [4810 octets] ##########

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.