@agentstar

Where is aswMBR.txt log?

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.




:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-2052111302-1960408961-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B5A61C14-3174-4237-91E5-30D6F97B9994}&mid=2e21da0eb24b47d0813ad15dc355416c-ea3d16f5ffb7cf6e70d1b97c6fc803d06c715fca&lang=en&ds=AVG&pr=fr&d=2012-06-06 15:53:56&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - Extension: No name found = C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: No name found = C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\
O3 - HKU\S-1-5-21-2052111302-1960408961-682003330-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O33 - MountPoints2\{393b2724-b606-11e1-9aab-e3e182d9e42b}\Shell - "" = AutoRun
O33 - MountPoints2\{393b2724-b606-11e1-9aab-e3e182d9e42b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393b2724-b606-11e1-9aab-e3e182d9e42b}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{436fe342-b5f7-11e1-9aa7-80d94f5434d2}\Shell - "" = AutoRun
O33 - MountPoints2\{436fe342-b5f7-11e1-9aa7-80d94f5434d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{436fe342-b5f7-11e1-9aa7-80d94f5434d2}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{44c1ad2e-83cb-11e1-a28b-001485b1a89f}\Shell - "" = AutoRun
O33 - MountPoints2\{44c1ad2e-83cb-11e1-a28b-001485b1a89f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{44c1ad2e-83cb-11e1-a28b-001485b1a89f}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{6ac3ea04-992f-11e1-9a22-a8a1e967ebcc}\Shell - "" = AutoRun
O33 - MountPoints2\{6ac3ea04-992f-11e1-9a22-a8a1e967ebcc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ac3ea04-992f-11e1-9a22-a8a1e967ebcc}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{7708af08-87c7-11e1-a2a5-001485b1a89f}\Shell - "" = AutoRun
O33 - MountPoints2\{7708af08-87c7-11e1-a2a5-001485b1a89f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7708af08-87c7-11e1-a2a5-001485b1a89f}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{7827b6c1-b7e1-11e1-9abc-c7e47109ee24}\Shell - "" = AutoRun
O33 - MountPoints2\{7827b6c1-b7e1-11e1-9abc-c7e47109ee24}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7827b6c1-b7e1-11e1-9abc-c7e47109ee24}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{843d38f1-b7c2-11e1-9ab8-9770198503bd}\Shell - "" = AutoRun
O33 - MountPoints2\{843d38f1-b7c2-11e1-9ab8-9770198503bd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{843d38f1-b7c2-11e1-9ab8-9770198503bd}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{95db3757-b871-11e1-9aca-83ffd7e9d992}\Shell - "" = AutoRun
O33 - MountPoints2\{95db3757-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95db3757-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{95db375a-b871-11e1-9aca-83ffd7e9d992}\Shell - "" = AutoRun
O33 - MountPoints2\{95db375a-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95db375a-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{95db375d-b871-11e1-9aca-83ffd7e9d992}\Shell - "" = AutoRun
O33 - MountPoints2\{95db375d-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95db375d-b871-11e1-9aca-83ffd7e9d992}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{9893ac98-b7bc-11e1-9ab7-b076a798fdca}\Shell - "" = AutoRun
O33 - MountPoints2\{9893ac98-b7bc-11e1-9ab7-b076a798fdca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9893ac98-b7bc-11e1-9ab7-b076a798fdca}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{9a1c2ae9-96eb-11e1-9a12-c49a73171326}\Shell - "" = AutoRun
O33 - MountPoints2\{9a1c2ae9-96eb-11e1-9a12-c49a73171326}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a1c2ae9-96eb-11e1-9a12-c49a73171326}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{9e15b038-8924-11e1-a2a9-001485b1a89f}\Shell - "" = AutoRun
O33 - MountPoints2\{9e15b038-8924-11e1-a2a9-001485b1a89f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e15b038-8924-11e1-a2a9-001485b1a89f}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{a1e3fc50-a35b-11e1-9a4c-b5c54da14094}\Shell - "" = AutoRun
O33 - MountPoints2\{a1e3fc50-a35b-11e1-9a4c-b5c54da14094}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1e3fc50-a35b-11e1-9a4c-b5c54da14094}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{c582d154-b87a-11e1-9acc-b62e8cdf7ab8}\Shell - "" = AutoRun
O33 - MountPoints2\{c582d154-b87a-11e1-9acc-b62e8cdf7ab8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c582d154-b87a-11e1-9acc-b62e8cdf7ab8}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{d3502d0f-b5f5-11e1-9aa6-93811688c683}\Shell - "" = AutoRun
O33 - MountPoints2\{d3502d0f-b5f5-11e1-9aa6-93811688c683}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3502d0f-b5f5-11e1-9aa6-93811688c683}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{d4b985b3-b7b4-11e1-9ab3-bd1856ab85d1}\Shell - "" = AutoRun
O33 - MountPoints2\{d4b985b3-b7b4-11e1-9ab3-bd1856ab85d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4b985b3-b7b4-11e1-9ab3-bd1856ab85d1}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{d4b985b6-b7b4-11e1-9ab3-bd1856ab85d1}\Shell - "" = AutoRun
O33 - MountPoints2\{d4b985b6-b7b4-11e1-9ab3-bd1856ab85d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4b985b6-b7b4-11e1-9ab3-bd1856ab85d1}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{e253cf25-96b3-11e1-9a0f-ddb8164f8d7e}\Shell - "" = AutoRun
O33 - MountPoints2\{e253cf25-96b3-11e1-9a0f-ddb8164f8d7e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e253cf25-96b3-11e1-9a0f-ddb8164f8d7e}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{f51d556d-b864-11e1-9ac8-947ab89be3d5}\Shell - "" = AutoRun
O33 - MountPoints2\{f51d556d-b864-11e1-9ac8-947ab89be3d5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f51d556d-b864-11e1-9ac8-947ab89be3d5}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{f95dcf50-8700-11e1-a29c-001485b1a89f}\Shell - "" = AutoRun
O33 - MountPoints2\{f95dcf50-8700-11e1-a29c-001485b1a89f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f95dcf50-8700-11e1-a29c-001485b1a89f}\Shell\AutoRun\command - "" = J:\.\Setup.exe AUTORUN=1
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

:FILES
ipconfig /flushdns /c
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
C:\Documents and Settings\All Users\Application Data\AVG2012
C:\Documents and Settings\Home\Application Data\AVG
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:COMMANDS
[EMPTYTEMP]




[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

----- next -----

Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[list]
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log