Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus has disabled AVG and is blocking websites [Solved]

Started by elielieli , Jul 20 2012 12:30 PM

This topic is locked

#1
elielieli

Posted 20 July 2012 - 12:30 PM

Member

Member
176 posts

Hi Guys,

First off.Thanks in advance to all who give their time , patience and help to the issues Im having.
Originally AVG detected 2 virus which it immediately quarantined.
But later AVGs virus protection had become disabled , which I attempted to remedy by
reinstalling or updating , to no avail as any AVG site is blocked along with google , youtube
and other related virus protection websites , Malwarebytes being one.
Ive managed to download this from cnet , but now it wont open.
Any help would be appreciated.
Thanks

#2
Essexboy

Posted 20 July 2012 - 01:48 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there first lets see if we can look at the system

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
elielieli

Posted 20 July 2012 - 03:59 PM

Member

Topic Starter
Member
176 posts

Hi
Here you go.

OTL logfile created on: 20/07/2012 22:47:51 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Asus\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 190.41 Mb Available Physical Memory | 18.75% Memory free
2.39 Gb Paging File | 1.30 Gb Available in Paging File | 54.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.77 Gb Total Space | 2.12 Gb Free Space | 4.74% Space Free | Partition Type: NTFS
Drive D: | 29.76 Gb Total Space | 0.57 Gb Free Space | 1.93% Space Free | Partition Type: NTFS
Drive F: | 74.51 Gb Total Space | 7.04 Gb Free Space | 9.45% Space Free | Partition Type: FAT32

Computer Name: ASUS-LAPTOP | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/20 20:53:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Asus\Desktop\OTL.exe
PRC - [2012/07/05 01:13:59 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011/04/27 09:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2011/01/12 15:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/12 15:26:54 | 001,400,832 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2011/01/12 15:23:48 | 000,966,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2011/01/12 15:16:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2011/01/12 15:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 10:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007/05/30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2006/01/20 12:34:26 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2004/06/17 16:14:14 | 000,282,624 | ---- | M] () -- C:\Program Files\MagicMus\MulMouse.exe
PRC - [2004/06/09 15:57:18 | 000,233,472 | ---- | M] () -- C:\Program Files\MagicMus\MagicWl.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/20 10:03:14 | 001,786,880 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12072000\algo.dll
MOD - [2012/07/12 12:29:02 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/07/05 01:13:58 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/01 19:47:26 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Asus\Application Data\Azureus\plugins\azutp\win32\utp.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/15 13:01:22 | 000,102,400 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
MOD - [2012/01/15 13:01:22 | 000,015,884 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll
MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/04/27 09:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
MOD - [2010/06/28 21:58:58 | 000,123,296 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/15 13:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2006/01/20 12:34:30 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2006/01/20 12:34:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2006/01/20 12:34:28 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll
MOD - [2006/01/20 12:34:28 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
MOD - [2006/01/20 12:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2006/01/20 12:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2006/01/20 12:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2006/01/20 12:34:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll
MOD - [2006/01/20 12:34:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2004/06/17 16:14:14 | 000,282,624 | ---- | M] () -- C:\Program Files\MagicMus\MulMouse.exe
MOD - [2004/06/09 15:57:18 | 000,233,472 | ---- | M] () -- C:\Program Files\MagicMus\MagicWl.exe
MOD - [2004/04/01 17:46:26 | 000,126,976 | ---- | M] () -- C:\Program Files\MagicMus\Function\Function.dll
MOD - [2004/04/01 16:59:58 | 000,390,656 | ---- | M] () -- C:\Program Files\MagicMus\MouHelp.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/12 12:29:03 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/05 01:13:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/01/12 15:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2011/01/12 15:23:48 | 000,966,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2011/01/12 15:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/05/30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Asus\LOCALS~1\Temp\olfwvscj.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/20 20:09:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/07 04:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Intel®
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/06/25 16:10:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/08/28 05:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007/05/30 13:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/05/30 13:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2006/05/26 11:50:14 | 000,018,560 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DUBE100B.sys -- (DUBE100B)
DRV - [2006/01/20 12:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/03/22 13:45:38 | 000,006,528 | ---- | M] (Waytech Development, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MUsbFltr.sys -- (MUsbFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-2052111302-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-746137067-2052111302-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-746137067-2052111302-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l...APN10112&gct=hp
IE - HKU\S-1-5-21-746137067-2052111302-725345543-1003\..\SearchScopes,DefaultScope = {46F85442-8ACD-4290-8128-9E558AA329E3}
IE - HKU\S-1-5-21-746137067-2052111302-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-746137067-2052111302-725345543-1003\..\SearchScopes\{46F85442-8ACD-4290-8128-9E558AA329E3}: "URL" = http://websearch.ask...86-E3412D48CF18
IE - HKU\S-1-5-21-746137067-2052111302-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-07-20 12:41:26&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-746137067-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://sn114w.snt114...58&fid=1&fav=1"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...2:58&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Iminent\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/05 01:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/26 11:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Asus\Application Data\Mozilla\Extensions
[2012/07/20 16:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\extensions
[2012/05/28 17:17:27 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/05/04 15:40:46 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\searchplugins\askcom.xml
[2012/05/26 11:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/31 00:36:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/07/05 01:13:59 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/20 12:41:18 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/03/15 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-746137067-2052111302-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-2052111302-725345543-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe ()
O4 - HKU\S-1-5-21-746137067-2052111302-725345543-1003..\Run: [Azureus] C:\Program Files\Vuze\Azureus.exe (Vuze Inc.)
O4 - HKU\S-1-5-21-746137067-2052111302-725345543-1003..\Run: [HahPvvgw] C:\Documents and Settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-2052111302-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B65CBEE6-C44B-4AFC-BAA5-B7F2838A178D}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C87D9209-A971-49C4-BA9E-FBCB0284C826}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe) - C:\Documents and Settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Asus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Asus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/25 15:35:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 21:04:21 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/20 21:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/07/20 21:04:20 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/20 21:04:17 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/20 21:04:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/20 21:04:06 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/20 21:04:06 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/20 21:04:03 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/20 21:01:02 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2012/07/20 21:01:01 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/20 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/07/20 21:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/07/20 20:53:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Asus\Desktop\OTL.exe
[2012/07/20 20:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/20 20:09:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/20 20:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/20 19:14:36 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/07/20 19:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Application Data\Malwarebytes
[2012/07/20 19:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/20 19:13:41 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Asus\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/20 17:06:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/20 12:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AVG Secure Search
[2012/07/20 12:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Application Data\Grisoft
[2012/07/20 12:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Spyware 7.5
[2012/07/20 12:14:10 | 000,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2012/07/20 12:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2012/07/20 12:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/07/20 12:02:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Asus\Recent
[2012/07/17 15:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/07/07 22:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Desktop\Weird Science 1986 DVDRip XviD AC3 MRX (Kingdom-Release)
[2012/06/29 18:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Asus\Desktop\walk
[2012/06/25 13:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZAR
[2012/06/25 13:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZAR
[2012/06/24 20:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Titledrome
[2012/06/24 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bitmansoft
[2012/06/24 20:50:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/20 22:49:27 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Asus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 22:28:23 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B2072BF-545A-419E-A66B-9CB2F1668F00}.job
[2012/07/20 22:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/20 21:04:23 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/20 21:04:07 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/20 20:53:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Asus\Desktop\OTL.exe
[2012/07/20 20:09:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/07/20 20:09:51 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 19:35:37 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Asus\Desktop\exeHelper.com
[2012/07/20 19:13:47 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Asus\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/20 17:11:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/20 16:23:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/20 12:44:41 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/07/20 12:14:14 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2012/07/19 12:05:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/14 21:27:40 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Asus\Local Settings\Application Data\dt.dat
[2012/07/13 12:12:37 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/24 22:17:32 | 000,044,241 | ---- | M] () -- C:\Documents and Settings\Asus\Desktop\El patrullero (Alex Cox, 1991) DVDRip Xvid Ac3.English.srt
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/20 21:04:23 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/20 20:09:51 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 19:35:37 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\exeHelper.com
[2012/07/20 12:44:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/07/20 12:14:14 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2012/07/14 21:27:40 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Asus\Local Settings\Application Data\dt.dat
[2012/06/28 16:51:40 | 000,082,451 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\faccia.a.faccia.1967.srt
[2012/06/26 23:41:27 | 957,714,432 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\Summer In The City (Wim Wenders, 1970).avi
[2012/06/24 21:17:53 | 000,044,241 | ---- | C] () -- C:\Documents and Settings\Asus\Desktop\El patrullero (Alex Cox, 1991) DVDRip Xvid Ac3.English.srt
[2012/06/11 23:09:06 | 000,013,484 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/06/01 08:36:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/29 10:19:37 | 000,091,494 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-2052111302-725345543-1003-0.dat
[2012/05/29 01:14:51 | 000,091,494 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/28 15:10:03 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Asus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/28 09:44:13 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/05/25 16:48:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/25 16:21:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/25 16:19:58 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/25 16:15:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2012/05/25 16:15:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2012/05/25 16:15:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2012/05/25 16:15:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2012/05/25 16:15:49 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2012/05/25 16:15:49 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2012/05/25 16:15:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2012/05/25 16:15:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2012/05/25 16:15:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2012/05/25 15:39:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/25 15:31:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2012/07/20 21:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/07/20 17:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/28 09:52:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/20 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/07/20 17:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/28 15:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/20 22:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Asus\Application Data\Azureus
[2012/05/26 09:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Asus\Application Data\Easeware
[2012/07/20 12:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Asus\Application Data\Grisoft
[2012/05/26 11:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Asus\Application Data\Oracle
[2012/05/29 09:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Asus\Application Data\Toolbar4
[2012/06/17 15:13:20 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\MixPadReminder.job
[2012/06/17 15:13:20 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2012/06/20 15:13:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\SwitchReminder.job
[2012/07/20 22:28:23 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B2072BF-545A-419E-A66B-9CB2F1668F00}.job
[2012/06/17 15:13:21 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\WavePadReminder.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/03/15 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2006/03/15 13:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/04/04 06:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006/03/15 13:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2012/05/25 15:36:03 | 000,001,602 | ---- | M] () MD5=6F2A9DEAA985946FFDE64137E5351A7C -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2006/03/15 13:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/03/15 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/03/15 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/03/15 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >

OTL Extras logfile created on: 20/07/2012 22:47:51 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Asus\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 190.41 Mb Available Physical Memory | 18.75% Memory free
2.39 Gb Paging File | 1.30 Gb Available in Paging File | 54.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.77 Gb Total Space | 2.12 Gb Free Space | 4.74% Space Free | Partition Type: NTFS
Drive D: | 29.76 Gb Total Space | 0.57 Gb Free Space | 1.93% Space Free | Partition Type: NTFS
Drive F: | 74.51 Gb Total Space | 7.04 Gb Free Space | 9.45% Space Free | Partition Type: FAT32

Computer Name: ASUS-LAPTOP | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E95DA08-2514-4399-AD87-349C350FA9DE}" = Intel® PROSet/Wireless WiFi Software
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.10.01.01
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Prism" = Prism Video File Converter
"ProInst" = Intel PROSet Wireless
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Switch" = Switch Sound File Converter
"Titledrome_is1" = Titledrome 4.2
"VersatoMs" = ViewMate Desktop Mouse CC2201 Uninstaller
"VLC media player" = VLC media player 2.0.1
"WavePad" = WavePad Sound Editor
"Windows XP Service Pack" = Windows XP Service Pack 3
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/06/2012 18:19:17 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4578

Error - 01/06/2012 18:19:19 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/06/2012 18:19:19 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6578

Error - 01/06/2012 18:19:19 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6578

Error - 01/06/2012 18:21:51 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/06/2012 18:21:51 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 158797

Error - 01/06/2012 18:21:51 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 158797

Error - 01/06/2012 18:21:53 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/06/2012 18:21:53 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 160766

Error - 01/06/2012 18:21:53 | Computer Name = ASUS-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 160766

[ System Events ]
Error - 19/07/2012 20:11:53 | Computer Name = ASUS-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Standard HID Class Driver service failed to start due to the following
error: %%1058

Error - 20/07/2012 06:56:35 | Computer Name = ASUS-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Standard HID Class Driver service failed to start due to the following
error: %%1058

Error - 20/07/2012 06:59:26 | Computer Name = ASUS-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Standard HID Class Driver service failed to start due to the following
error: %%1058

Error - 20/07/2012 08:01:25 | Computer Name = ASUS-LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 20/07/2012 08:01:25 | Computer Name = ASUS-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Standard HID Class Driver service failed to start due to the following
error: %%1058

Error - 20/07/2012 08:03:18 | Computer Name = ASUS-LAPTOP | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 20/07/2012 12:02:14 | Computer Name = ASUS-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Standard HID Class Driver service failed to start due to the following
error: %%1058

Error - 20/07/2012 12:11:39 | Computer Name = ASUS-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Standard HID Class Driver service failed to start due to the following
error: %%1058

Error - 20/07/2012 12:13:36 | Computer Name = ASUS-LAPTOP | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 20/07/2012 12:15:36 | Computer Name = ASUS-LAPTOP | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

< End of report >

#4
Essexboy

Posted 20 July 2012 - 04:05 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets see what this does

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Asus\LOCALS~1\Temp\olfwvscj.sys -- (Micorsoft Windows Service)
O3 - HKU\S-1-5-21-746137067-2052111302-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-2052111302-725345543-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKU\S-1-5-21-746137067-2052111302-725345543-1003..\Run: [HahPvvgw] C:\Documents and Settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe) - C:\Documents and Settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe File not found

:Files
ipconfig /flushdns /c
C:\Documents and Settings\Asus\Local Settings\Application Data\ytpdlvag

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#5
elielieli

Posted 20 July 2012 - 04:13 PM

Member

Topic Starter
Member
176 posts

All processes killed
========== OTL ==========
Service Micorsoft Windows Service stopped successfully!
Service Micorsoft Windows Service deleted successfully!
File C:\DOCUME~1\Asus\LOCALS~1\Temp\olfwvscj.sys not found.
Registry value HKEY_USERS\S-1-5-21-746137067-2052111302-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-2052111302-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\HahPvvgw deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Asus\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Asus\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Asus\Local Settings\Application Data\ytpdlvag not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Asus
->Temp folder emptied: 53843483 bytes
->Temporary Internet Files folder emptied: 8165867 bytes
->FireFox cache emptied: 136167822 bytes
->Flash cache emptied: 2129 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1240100 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2358534 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 99531836 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 3973935631 bytes

Total Files Cleaned = 4,077.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07202012_230636

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/07/20 23:09:23 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast5_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

#6
Essexboy

Posted 20 July 2012 - 04:21 PM

GeekU Moderator

Retired Staff
69,964 posts

If you could now try and download aswMBR please

#7
elielieli

Posted 20 July 2012 - 04:24 PM

Member

Topic Starter
Member
176 posts

Unfortunately the page wont open.
I may be able to download from another computer tomorrow.
Thanks for all your help so far!

#8
Essexboy

Posted 20 July 2012 - 04:26 PM

GeekU Moderator

Retired Staff
69,964 posts

No that was just a test .. So we will go to the next stage

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#9
elielieli

Posted 20 July 2012 - 04:51 PM

Member

Topic Starter
Member
176 posts

Well , it looks as though you've healed it!!!
Your amazing!!
Thanks so much.
How can I repay you?

#10
elielieli

Posted 20 July 2012 - 04:54 PM

Member

Topic Starter
Member
176 posts

ComboFix 12-07-20.02 - Asus 20/07/2012 23:33:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.138 [GMT 1:00]
Running from: c:\documents and settings\Asus\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Asus\Application Data\Toolbar4
c:\documents and settings\Asus\Local Settings\Application Data\bdbyasni.log
c:\documents and settings\Asus\Local Settings\Application Data\jtxvkuiq.log
c:\documents and settings\Asus\Local Settings\Application Data\ktnoiclh.log
c:\documents and settings\Asus\Local Settings\Application Data\nmogqmgj.log
c:\documents and settings\Asus\Local Settings\Application Data\uvrmikmh.log
c:\documents and settings\Asus\Local Settings\Application Data\woljuifi.log
c:\documents and settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\78dbf3743f2fc82e.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d4bd8254bb2abaec.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 22:06 . 2012-07-20 22:06 -------- d-----w- C:\_OTL
2012-07-20 20:04 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-20 20:04 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-20 20:04 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-20 20:04 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-20 20:04 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-20 20:04 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-20 20:04 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-20 20:01 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2012-07-20 20:01 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-20 20:00 . 2012-07-20 20:00 -------- d-----w- c:\program files\Alwil Software
2012-07-20 20:00 . 2012-07-20 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2012-07-20 19:09 . 2012-07-20 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-20 19:09 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 18:14 . 2012-07-20 19:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-20 18:14 . 2012-07-20 18:14 -------- d-----w- c:\documents and settings\Asus\Application Data\Malwarebytes
2012-07-20 18:14 . 2012-07-20 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-20 11:40 . 2012-07-20 11:40 -------- d-----w- c:\documents and settings\All Users\AVG Secure Search
2012-07-20 11:14 . 2012-07-20 11:14 -------- d-----w- c:\documents and settings\Asus\Application Data\Grisoft
2012-07-20 11:14 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2012-07-20 11:14 . 2012-07-20 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2012-07-20 00:08 . 2012-07-20 22:41 -------- d-----w- c:\documents and settings\Asus\Local Settings\Application Data\ytpdlvag
2012-07-12 11:28 . 2012-07-12 11:28 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-05 00:14 . 2012-07-05 00:14 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-05 00:14 . 2012-07-05 00:14 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-25 12:11 . 2012-06-25 13:14 -------- d-----w- c:\program files\ZAR
2012-06-24 19:57 . 2012-06-25 11:26 -------- d-----w- c:\program files\Bitmansoft
2012-06-24 19:50 . 2012-06-24 19:50 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:29 . 2012-05-26 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 11:29 . 2012-05-26 10:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19 . 2006-03-15 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2012-05-25 14:58 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-03-15 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-15 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19 . 2009-08-06 18:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2012-05-25 14:33 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2012-05-25 14:33 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2012-05-25 14:33 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2012-05-25 14:33 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2012-05-25 14:33 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2006-03-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-08-06 18:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2012-05-25 14:33 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2012-05-25 14:33 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-03-15 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2006-03-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-03-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-03-15 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-03-15 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2012-05-25 14:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-05 00:13 . 2012-05-26 10:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Azureus"="c:\program files\Vuze\Azureus.exe" [2011-04-27 232896]
"HahPvvgw"="c:\documents and settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe" [2012-07-20 94700]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"VersatoMs"="c:\program files\MagicMus\MulMouse.exe" [2004-06-17 282624]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Asus\Start Menu\Programs\Startup\
hahpvvgw.exe [2012-7-20 94700]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\Asus\Local Settings\Application Data\ytpdlvag\hahpvvgw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/07/2012 21:04 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/07/2012 21:04 17744]
R2 MUsbFltr;USB WTMouse Filter Service;c:\windows\system32\drivers\MUsbFltr.sys [22/03/2004 13:45 6528]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [26/05/2012 10:07 6609920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26/05/2012 11:23 250056]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [19/04/2012 15:50 18560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20/07/2012 19:14 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26/05/2012 11:43 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 11:29]
.
2012-06-17 c:\windows\Tasks\MixPadReminder.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2012-06-07 11:50]
.
2012-06-17 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2012-06-07 11:51]
.
2012-06-20 c:\windows\Tasks\SwitchReminder.job
- c:\program files\NCH Software\Switch\switch.exe [2012-06-07 11:50]
.
2012-07-20 c:\windows\Tasks\User_Feed_Synchronization-{8B2072BF-545A-419E-A66B-9CB2F1668F00}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2012-06-17 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-06-07 11:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=APN10112&gct=hp
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://sn114w.snt114.mail.live.com/mail/InboxLight.aspx?n=1788983327&fid=1&fav=1#n=1466668558&fid=1&fav=1
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9aae389a-e770-4f1f-a196-7f5ac1298350%7D&mid=bc653f889ea147d0b143d151987802fd-d34c8cfae782fea4cf013a1bd96b68f99ddc7e29&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-28%2009%3A52%3A58&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AVG Anti-Spyware Driver
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-20 23:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\01\1c\10\0c\10?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(3660)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\sm56hlpr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-07-20 23:46:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 22:46
.
Pre-Run: 2,369,662,976 bytes free
Post-Run: 2,087,817,216 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 309A6AAA1829A0CD34E70AB545A4FB6C

#11
elielieli

Posted 20 July 2012 - 04:58 PM

Member

Topic Starter
Member
176 posts

Actually , google wont open although youtube and avg.com will.
And Ive tried to reinstall AVG with no success

Edited by elielieli, 20 July 2012 - 05:01 PM.

#12
Essexboy

Posted 21 July 2012 - 05:02 AM

GeekU Moderator

Retired Staff
69,964 posts

Aye there are still a few bits hanging around

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Asus\Local Settings\Application Data\ytpdlvag
c:\documents and settings\Asus\Start Menu\Programs\Startup\hahpvvgw.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HahPvvgw"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,

Driver::
MICORSOFT_WINDOWS_SERVICE

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

#13
elielieli

Posted 21 July 2012 - 05:22 AM

Member

Topic Starter
Member
176 posts

Here ya go.

ComboFix 12-07-20.02 - Asus 21/07/2012 12:07:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.419 [GMT 1:00]
Running from: c:\documents and settings\Asus\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Asus\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\documents and settings\Asus\Local Settings\Application Data\ytpdlvag"
"c:\documents and settings\Asus\Start Menu\Programs\Startup\hahpvvgw.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Asus\Local Settings\Application Data\bdbyasni.log
c:\documents and settings\Asus\Local Settings\Application Data\jtxvkuiq.log
c:\documents and settings\Asus\Local Settings\Application Data\ktnoiclh.log
c:\documents and settings\Asus\Local Settings\Application Data\nmogqmgj.log
c:\documents and settings\Asus\Local Settings\Application Data\uvrmikmh.log
c:\documents and settings\Asus\Local Settings\Application Data\woljuifi.log
c:\documents and settings\Asus\Start Menu\Programs\Startup\hahpvvgw.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-20 22:06 . 2012-07-20 22:06 -------- d-----w- C:\_OTL
2012-07-20 20:04 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-20 20:04 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-20 20:04 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-20 20:04 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-20 20:04 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-20 20:04 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-20 20:04 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-20 20:01 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2012-07-20 20:01 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-20 20:00 . 2012-07-20 20:00 -------- d-----w- c:\program files\Alwil Software
2012-07-20 20:00 . 2012-07-20 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2012-07-20 19:09 . 2012-07-20 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-20 19:09 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 18:14 . 2012-07-20 22:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-20 18:14 . 2012-07-20 18:14 -------- d-----w- c:\documents and settings\Asus\Application Data\Malwarebytes
2012-07-20 18:14 . 2012-07-20 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-20 11:40 . 2012-07-20 11:40 -------- d-----w- c:\documents and settings\All Users\AVG Secure Search
2012-07-20 11:14 . 2012-07-20 11:14 -------- d-----w- c:\documents and settings\Asus\Application Data\Grisoft
2012-07-20 11:14 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2012-07-20 11:14 . 2012-07-20 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2012-07-20 00:08 . 2012-07-20 22:41 -------- d-----w- c:\documents and settings\Asus\Local Settings\Application Data\ytpdlvag
2012-07-12 11:28 . 2012-07-12 11:28 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-05 00:14 . 2012-07-05 00:14 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-05 00:14 . 2012-07-05 00:14 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-25 12:11 . 2012-06-25 13:14 -------- d-----w- c:\program files\ZAR
2012-06-24 19:57 . 2012-06-25 11:26 -------- d-----w- c:\program files\Bitmansoft
2012-06-24 19:50 . 2012-06-24 19:50 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:29 . 2012-05-26 10:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 11:29 . 2012-05-26 10:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19 . 2006-03-15 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2012-05-25 14:58 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-03-15 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-15 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19 . 2009-08-06 18:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2012-05-25 14:33 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2012-05-25 14:33 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2012-05-25 14:33 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2012-05-25 14:33 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2012-05-25 14:33 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2006-03-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-08-06 18:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2012-05-25 14:33 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2012-05-25 14:33 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-03-15 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2006-03-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-03-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-03-15 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-03-15 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2012-05-25 14:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-05 00:13 . 2012-05-26 10:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-20_22.41.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-21 11:16 . 2012-07-21 11:16 16384 c:\windows\Temp\Perflib_Perfdata_ab8.dat
+ 2012-07-21 11:18 . 2012-07-21 11:18 724996 c:\windows\Temp\_asw_aisI.tm~a03036\sig.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Azureus"="c:\program files\Vuze\Azureus.exe" [2011-04-27 232896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"VersatoMs"="c:\program files\MagicMus\MulMouse.exe" [2004-06-17 282624]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/07/2012 21:04 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/07/2012 21:04 17744]
R2 MUsbFltr;USB WTMouse Filter Service;c:\windows\system32\drivers\MUsbFltr.sys [22/03/2004 13:45 6528]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [26/05/2012 10:07 6609920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26/05/2012 11:23 250056]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [19/04/2012 15:50 18560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20/07/2012 19:14 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26/05/2012 11:43 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 11:29]
.
2012-06-17 c:\windows\Tasks\MixPadReminder.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2012-06-07 11:50]
.
2012-06-17 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2012-06-07 11:51]
.
2012-06-20 c:\windows\Tasks\SwitchReminder.job
- c:\program files\NCH Software\Switch\switch.exe [2012-06-07 11:50]
.
2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{8B2072BF-545A-419E-A66B-9CB2F1668F00}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2012-06-17 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-06-07 11:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=APN10112&gct=hp
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://sn114w.snt114.mail.live.com/mail/InboxLight.aspx?n=1788983327&fid=1&fav=1#n=1466668558&fid=1&fav=1
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9aae389a-e770-4f1f-a196-7f5ac1298350%7D&mid=bc653f889ea147d0b143d151987802fd-d34c8cfae782fea4cf013a1bd96b68f99ddc7e29&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-28%2009%3A52%3A58&sap=ku&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 12:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\01\1c\10\0c\10?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\sm56hlpr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-07-21 12:21:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-21 11:20
ComboFix2.txt 2012-07-20 22:46
.
Pre-Run: 2,082,713,600 bytes free
Post-Run: 1,898,356,736 bytes free
.
- - End Of File - - 2E8995D62EBECD91AF652F435BF14D60

#14
Essexboy

Posted 21 July 2012 - 05:32 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you now try AVG and Google.. Plus you will need to uninstall Avast if you are keeping AVG

Download aswClear from here
Go to Programs and Features > add/remove and uninstall Avast
Reboot back to safe mode and run aswClear (select all versions of Avast ) once for each version, no need to reboot in between
After the last one reboot