Bugisrb fix

Does AVG show the enhanced mode as well

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

 
[Unregister Dlls]
[Processes - Safe List]
YY -> svchost.exe -> C:\WINDOWS\update.5.0\svchost.exe
YY -> svchost.exe -> C:\WINDOWS\update.2\svchost.exe
YY -> svchost.exe -> C:\WINDOWS\update.tray-7-0-lnk\svchost.exe
YY -> svchost.exe -> C:\WINDOWS\update.1\svchost.exe
YY -> ufa.exe -> C:\WINDOWS\ufa\ufa.exe
[Win32 Services - Safe List]
YY -> (srvsysdriver32) srvsysdriver32 [Auto | Stopped] -> C:\WINDOWS\sysdriver32.exe
YY -> (srvbtcclient) srvbtcclient [Auto | Running] -> C:\WINDOWS\update.5.0\svchost.exe
YY -> (srviecheck) srviecheck [Auto | Running] -> C:\WINDOWS\update.2\svchost.exe
YY -> (wxpdrivers) wxpdrivers [Auto | Running] -> C:\WINDOWS\update.1\svchost.exe
[Registry - Safe List]
< HOSTS File > ([2011.07.25 19:47:00 | 000,203,160 | -H-- | M] - 100105 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> Reset Hosts -> 
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "avast5" -> [C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui]
YN -> "wxpdrv" -> [C:\WINDOWS\services32.exe]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\services32.exe" -> [C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe]
YY -> "C:\WINDOWS\update.1\svchost.exe" -> C:\WINDOWS\update.1\svchost.exe [C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe]
YY -> "C:\WINDOWS\update.2\svchost.exe" -> C:\WINDOWS\update.2\svchost.exe [C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe]
YY -> "C:\WINDOWS\update.tray-7-0\svchost.exe" -> C:\WINDOWS\update.tray-7-0\svchost.exe [C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe]
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
YN -> "AlternateShell" -> services32.exe
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{ae29bd69-06dd-11e0-ad6f-8cc07d22ad93}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae29bd69-06dd-11e0-ad6f-8cc07d22ad93}\Shell\AutoRun\command -> 
YN -> \{ae29bd69-06dd-11e0-ad6f-8cc07d22ad93}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL app1.EXE]
YN -> \{da5f22c2-f0bf-11de-ab2a-aa4e7a1752ce}\Shell\AutoRun\\"" -> [Auto&Play]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da5f22c2-f0bf-11de-ab2a-aa4e7a1752ce}\Shell\AutoRun\command -> 
YN -> \{da5f22c2-f0bf-11de-ab2a-aa4e7a1752ce}\Shell\AutoRun\command\\"" -> [C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL app1.EXE]
[Files/Folders - Created Within 30 Days]
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs
NY ->  update.tray-12-0-lnk -> C:\WINDOWS\update.tray-12-0-lnk
NY ->  update.tray-12-0 -> C:\WINDOWS\update.tray-12-0
NY ->  ufa -> C:\WINDOWS\ufa
NY ->  rpcminer -> C:\WINDOWS\rpcminer
NY ->  phoenix -> C:\WINDOWS\phoenix
NY ->  update.5.0 -> C:\WINDOWS\update.5.0
NY ->  update.2 -> C:\WINDOWS\update.2
NY ->  WinRAR -> C:\Documents and Settings\LocalService\Application Data\WinRAR
NY ->  av_ico -> C:\WINDOWS\av_ico
NY ->  update.1 -> C:\WINDOWS\update.1
NY ->  update.tray-7-0-lnk -> C:\WINDOWS\update.tray-7-0-lnk
NY ->  update.tray-7-0 -> C:\WINDOWS\update.tray-7-0
[Files/Folders - Modified Within 30 Days]
NY ->  info1 -> C:\WINDOWS\info1
NY ->  sysdriver32_.exe -> C:\WINDOWS\sysdriver32_.exe
NY ->  sysdriver32.exe -> C:\WINDOWS\sysdriver32.exe
NY ->  Skype.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
NY ->  phoenix.rar -> C:\WINDOWS\phoenix.rar
NY ->  unrar.exe -> C:\WINDOWS\unrar.exe
NY ->  ufa.rar -> C:\WINDOWS\ufa.rar
NY ->  rpcminer.rar -> C:\WINDOWS\rpcminer.rar
NY ->  systemup.exe -> C:\WINDOWS\systemup.exe
NY ->  l1rezerv.exe -> C:\WINDOWS\l1rezerv.exe
NY ->  geoiplist.rar -> C:\WINDOWS\geoiplist.rar
NY ->  loader2.exe_ok -> C:\WINDOWS\loader2.exe_ok
NY ->  geoiplist -> C:\WINDOWS\geoiplist
[Files - No Company Name]
NY ->  phoenix.rar -> C:\WINDOWS\phoenix.rar
NY ->  rpcminer.rar -> C:\WINDOWS\rpcminer.rar
NY ->  systemup.exe -> C:\WINDOWS\systemup.exe
NY ->  l1rezerv.exe -> C:\WINDOWS\l1rezerv.exe
NY ->  geoiplist -> C:\WINDOWS\geoiplist
NY ->  geoiplist.rar -> C:\WINDOWS\geoiplist.rar
NY ->  unrar.exe -> C:\WINDOWS\unrar.exe
NY ->  info1 -> C:\WINDOWS\info1
NY ->  loader2.exe_ok -> C:\WINDOWS\loader2.exe_ok
NY ->  sysdriver32_.exe -> C:\WINDOWS\sysdriver32_.exe
NY ->  sysdriver32.exe -> C:\WINDOWS\sysdriver32.exe
[Custom Scans]
YY ->  svchost.exe : MD5=B29DC60E06AF2B9ED13E6C6935BC3670 -> C:\WINDOWS\update.2\svchost.exe
YY ->  svchost.exe : MD5=DDE08469DED554140851ACFFCB8F4802 -> C:\WINDOWS\update.5.0\svchost.exe
YY ->  svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.1\svchost.exe
YY ->  svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.tray-12-0\svchost.exe
YY ->  svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.tray-12-0-lnk\svchost.exe
YY ->  svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.tray-7-0\svchost.exe
YY ->  svchost.exe : MD5=F8BC8EA7B65C439E43ED68241A4651EA -> C:\WINDOWS\update.tray-7-0-lnk\svchost.exe
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

I have used the Malwarebytes’Anti-Malware to delete all of the viruses, then I reinstalled avast (it is working ok), then I saw your post and used the run fix in the OTS program. After that I can use facebook again. Here are my reports, please replay to confirm if everthing is ok. Thank you very much for your help.

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRKgmailcom
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan – Date : 07/26/2011 01:12:01

Bad processes: 0

Registry Entries: 4
[HJ] HKLM[…]\System : EnableLUA (0) → FOUND
[HJ] HKLM[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → FOUND
[HJ] HKCU[…]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → FOUND
[HJ] HKCU[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → FOUND

HOSTS File:
ÿþ1

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

And here is the link for the OTS skan I couldn`t get the report after the fix

http://www.mediafire.com/?7b6jjquu8vc6bje

Looks good, nary a sign of the bad boys - don’t forget to uninstall AVG ;D