Trojan Affection Steam?

Posted 11/10/2012 6:15 PM
#94666
User avatar

Cool Trojan Bro Member

Date Joined Nov 2016
Total Posts: 4
I became aware of this problem yesterday when i couldn't access Steam. It got to 99% updating and then stopped and I got a Resident Shield alert that found "Trojan horse PSW.Generic.10.AIXT" filename "C:\Program Files\Steam\bin\FileSystem_Steam.dll". My system's also slower than usual.

I've detected and deleted this and a similar Trojan several times with AVG and Malwarebytes but the problem is still there.

I noticed once while I was running a Malwarebytes scan that my Resident Shield picked them up while the files were being scanned, but MB didn't:

"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0501932.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0501965.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0502968.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0503010.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP677\A0503011.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP678\A0503395.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP680\A0503589.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP682\A0504105.exe";"Trojan horse Proxy.AVIS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP682\A0504123.dll";"Trojan horse PSW.Generic10.AIXT";"Moved to Virus Vault"

Anyway here are the logs:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.10.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.3264
Administrator :: HP13888241712 [administrator]

10/11/2012 15:28:02
mbam-log-2012-11-10 (15-28-02).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312267
Time elapsed: 1 hour(s), 28 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 6.0.2900.3264 BrowserJavaVersion: 10.7.2
Run by Administrator at 17:04:26 on 2012-11-10
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2021 [GMT 0:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5
Posted 11/11/2012 8:52 PM
#94674
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello Cool Trojan Bro :smile:




[blue]"C:\Program Files\Steam\bin\FileSystem_Steam.dll"[/blue]. <<<--- Sounds like a false positive


[blue] My system's also slower than usual. [/blue]


Ok, We need to get a comprehensive report of what is present in your system.



Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in:

netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
MRESP50.SYS
CBPSp50.sys
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT



• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

• Post both logs

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/12/2012 9:27 AM
#94676
User avatar

Cool Trojan Bro Member

Date Joined Nov 2016
Total Posts: 4
Thanks for replying, here are the two logs from OTL.


OTL logfile created on: 12/11/2012 09:10:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.08% Memory free
4.84 Gb Paging File | 4.26 Gb Available in Paging File | 88.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 50.14 Gb Free Space | 36.06% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.53 Gb Free Space | 25.33% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.79% Space Free | Partition Type: FAT32

Computer Name: HP13888241712 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/11/12 09:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/11/10 17:21:03 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/09 09:59:29 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/02/29 23:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/18 10:41:46 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/11 21:45:44 | 002,839,848 | ---- | M] (RayV) -- C:\Program Files\RayV\RayV\RayV.exe
PRC - [2009/08/29 15:30:44 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/29 15:30:43 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/29 15:30:40 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/29 15:30:31 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/29 15:30:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/08 13:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/04/07 15:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 16:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/12/08 06:45:41 | 000,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\btbb_wcm\McciTrayApp.exe
PRC - [2006/07/21 16:19:46 | 000,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2006/07/10 10:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/03/03 13:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2006/02/02 16:59:32 | 000,192,512 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/11/09 09:59:32 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/11/09 09:59:31 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/09 09:59:29 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/10/11 21:45:38 | 001,680,915 | ---- | M] () -- C:\Program Files\RayV\RayV\avcodec-tiny3-52.dll
MOD - [2010/10/11 21:45:38 | 000,102,931 | ---- | M] () -- C:\Program Files\RayV\RayV\avutil-tiny3-50.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/07/10 10:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
MOD - [2006/02/23 16:13:02 | 000,038,912 | ---- | M] () -- C:\Program Files\Yahoo!\browser\YCommonPS.dll
MOD - [2006/02/02 16:59:32 | 000,192,512 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
MOD - [2006/02/02 16:59:32 | 000,057,344 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\AsstCatalog.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012/11/10 17:21:03 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/09 09:59:28 | 000,711,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/27 15:45:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/22 14:01:47 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2012/02/29 23:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/29 15:30:31 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/29 15:30:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/04/07 15:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (adpsr3oj)
DRV - [2012/11/09 09:59:32 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/01/17 12:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/12/01 13:57:05 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/07/09 18:14:20 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/30 15:45:20 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/05/30 15:45:19 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/24 16:27:08 | 000,033,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/29 15:30:44 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/29 15:30:44 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/09 10:04:35 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/06/04 14:05:58 | 000,156,160 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2007/11/06 17:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/07/30 12:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/07/30 12:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/06/29 22:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/12/08 06:45:41 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/07/02 06:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/24 16:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/08/04 00:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 00:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 00:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 00:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 00:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 00:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 00:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {D8C323FA-4384-4FBD-B702-56EC42EFE512}
IE - HKLM\..\SearchScopes\{D8C323FA-4384-4FBD-B702-56EC42EFE512}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{52C44DD7-36D1-467A-AEBC-5492674D4CA4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={0B1AB77F-4989-40C6-860B-203F03D316A3}&mid=29f91fa93287ec5ac038cfcac4d6badc-50548208d82a7e4dce6fd3caa3c5e637daa1c79f&lang=us&ds=AVG&pr=fr&d=2012-01-03 17:13:08&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D8C323FA-4384-4FBD-B702-56EC42EFE512}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmdtie7-en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "2Shared Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "2Shared Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "bbc.co.uk"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.3.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll ((주) 그래텍)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll File not found
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/09 10:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/25 14:07:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 15:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/03 18:09:51 | 000,000,000 | ---D | M]

[2009/05/03 20:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/05/03 20:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/11/03 17:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions
[2012/05/03 11:29:07 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/11/11 22:10:06 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\firefox@tvunetworks.com
[2012/09/13 06:56:33 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/11/03 17:18:31 | 000,530,388 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/07/25 16:18:38 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/10/12 18:00:58 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\searchplugins\conduit.xml
[2012/10/27 15:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 15:45:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/25 14:07:07 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/27 15:45:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/09 10:00:05 | 000,003,572 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/30 07:23:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 17:10:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: gomtvx NIE Module (Enabled) = C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RayV Plugin (Enabled) = C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Secure Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/04/05 11:46:54 | 000,424,767 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14640 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5
Posted 11/12/2012 1:19 PM
#94678
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
We need to run an OTL Fix

• Please reopen OTL on your desktop.
• Copy and Paste the following into the Custom Scan textbox. ^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

:Services

:OTL
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
:Reg
:Files
C:\Program Files\Bonjour
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Push Run Fix Button

• OTL may ask to reboot the machine. Please do so if asked.
• Click OK.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.




Please download Combofix from: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.


Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.


Post the contents of that log in your next reply

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/12/2012 3:28 PM
#94679
User avatar

Cool Trojan Bro Member

Date Joined Nov 2016
Total Posts: 4
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully.
C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Bonjour\Bonjour.Resources\zh_TW.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\zh_CN.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\sv.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\ru.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\pt_PT.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\pt.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\pl.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\nl.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\nb.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\ko.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\ja.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\it.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\fr.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\fi.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\es.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\en_GB.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\en.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\de.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\da.lproj folder moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources folder moved successfully.
C:\Program Files\Bonjour folder moved successfully.
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 7017233 bytes
->Temporary Internet Files folder emptied: 99688 bytes
->Java cache emptied: 58591583 bytes
->FireFox cache emptied: 76273060 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5908032 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41044 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 64046 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 54343693 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41044 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 12130169 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98950 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 19780 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 14264 bytes

Total Files Cleaned = 205.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11122012_135520

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



ComboFix 12-11-12.02 - Administrator 12/11/2012 15:04:22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2559 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\.#
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@2C8@38C4E8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@8FC@38C4E8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@A14@38C4E8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C498.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4A8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4B8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@F48@38C4E8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C478.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C488.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C4C8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C4D8.###
c:\documents and settings\Administrator\Local Settings\Application Data\.#\MBX@FA0@38C4E8.###
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
C:\install.exe
c:\program files\avg_free_stf_en_8_173a1373.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32bd535f5cd7e5ee.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\362e8a6ae1684106.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\600a6ffa37fe392a.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7aa9c138719c9000.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cc8f2f2a26cebd47.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dac6a74f54021d1d.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-12 13:55 . 2012-11-12 13:55 -------- d-----w- C:\_OTL
2012-11-10 17:21 . 2012-11-10 17:21 -------- d-----w- c:\program files\Common Files\Java
2012-11-10 17:21 . 2012-11-10 17:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-10 17:21 . 2012-11-10 17:21 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-10 12:27 . 2012-11-10 12:27 -------- d-----w- c:\program files\CCleaner
2012-11-10 12:12 . 2012-11-10 17:23 -------- d-----w- c:\program files\trend micro
2012-11-10 12:12 . 2012-11-10 12:12 -------- d-----w- C:\rsit
2012-11-10 11:44 . 2012-11-12 13:59 -------- d-----w- c:\program files\Steam
2012-11-09 23:27 . 2012-11-09 23:27 -------- d-----w- c:\program files\Common Files\Steam
2012-11-07 19:09 . 2012-11-07 19:09 -------- d-----w- c:\program files\iPod
2012-11-07 19:08 . 2012-11-07 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-07 19:06 . 2012-11-07 19:06 -------- d-----w- c:\program files\Apple Software Update
2012-11-07 19:04 . 2012-11-07 19:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-11-03 18:12 . 2012-11-03 18:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2012-11-03 18:09 . 2012-11-10 17:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-03 18:09 . 2012-11-10 17:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-22 14:02 . 2012-10-22 14:02 -------- d-----w- c:\program files\BT Broadband Desktop Help
2012-10-22 14:01 . 2012-10-22 14:01 -------- d-----w- c:\program files\Citrix
2012-10-22 14:01 . 2012-10-22 14:01 -------- d-----w- c:\program files\BTHomeHub
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 09:59 . 2012-09-04 15:37 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-29 19:54 . 2008-12-14 13:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 13:01 . 2009-10-15 02:59 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 13:01 . 2009-10-15 02:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2008-11-26 23:16 . 2008-11-26 23:15 7332072 -c--a-w- c:\program files\Firefox Setup 3.0.4.exe
2012-10-27 15:45 . 2012-10-27 15:45 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 09:59 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Octoshape Streaming Services"="c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-08 543232]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-25 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2007-12-01 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-10-22 14:01 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 21:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2011-05-26 15:04 1590144 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMouseMaestro]
2005-11-09 09:18 286720 ------w- c:\program files\MMaestro\Kmaestro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-01-07 19:46 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 23:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-02-06 18:52 462935 ----a-w- c:\progra~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-12-01 00:26 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2010-10-11 21:45 2839848 ----a-w- c:\program files\RayV\RayV\RayV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 20:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 09:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-05-16 10:42 932528 ----a-w- c:\documents and settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-11-10 11:44 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-31 17:11 2478080 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\ypager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"vToolbarUpdater13.2.0"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\UDK\\Fps Terminator\\Binaries\\Win32\\UDK.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"43795:TCP"= 43795:TCP:utorrent
"20919:TCP"= 20919:TCP:BitComet 20919 TCP
"20919:UDP"= 20919:UDP:BitComet 20919 UDP
"25565:TCP"= 25565:TCP:Minecraft Multiplayer
"27015:TCP"= 27015:TCP:Steam
"27014:TCP"= 27014:TCP:Steam Client
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/17/2012 5:24 PM 207792]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/9/2010 6:14 PM 697328]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/4/2012 3:37 PM 26984]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2/24/2010 4:27 PM 33856]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/26/2008 1:47 AM 576024]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [11/26/2008 1:45 AM 156160]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/9/2012 10:00 AM 711112]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-20 14:46]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-20 14:46]
.
2012-11-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1276635300-2826307005-1031441524-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2012-10-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1276635300-2826307005-1031441524-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yyr3iipu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 2Shared Customized Web Search
FF - prefs.js: browser.startup.homepage - bbc.co.uk
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
HKLM-Run-amd_dc_opt - c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
HKLM-Run-ISTray - c:\knowhow\sdscanner\pctsTray.exe
Notify-avgrsstarter - (no file)
MSConfigStartUp-igndlm - c:\program files\Download Manager\DLM.exe
MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe
AddRemove-BattlEye A2 Free - c:\program files\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Veoh Web Player Beta - c:\program files\Veoh Networks\VeohWebPlayer\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-12 15:10
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1276635300-2826307005-1031441524-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,82,b2,24,76,08,6c,c5,ee,ae,80,07,3a,94,e7,8a,5f,33,cf,19,da,18,00,
42,c1,93,b4,ec,1d,2c,61,a4,56,54,17,d2,2c,4d,f6,b1,0e,79,99,f3,1d,df,aa,dc,\
"??"=hex:22,11,6d,13,5d,78,2e,2a,4f,3f,43,f1,2a,61,06,69
.
[HKEY_USERS\S-1-5-21-1276635300-2826307005-1031441524-500\Software\SecuROM\License information*]
"datasecu"=hex:fa,bb,23,6e,34,e5,84,bb,ab,2b,bf,d0,5f,b9,a2,6d,18,ed,26,81,c5,
47,f9,15,a8,74,5d,69,7e,c3,21,c5,f0,b9,f0,b4,5a,3e,e1,9a,b9,23,79,4c,df,44,\
"rkeysecu"=hex:ec,12,aa,77,44,6f,a9,79,7e,41,f0,aa,1d,11,ba,e7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
Completion time: 2012-11-12 15:12:51
ComboFix-quarantined-files.txt 2012-11-12 15:12
ComboFix2.txt 2008-12-15 15:52
ComboFix3.txt 2008-12-14 13:48
.
Pre-Run: 54,985,019,392 bytes free
Post-Run: 54,920,589,312 bytes free
.
- - End Of File - - 6A1C6464A86DAAAF8336E6FAD855602F
Posted 11/12/2012 3:55 PM
#94680
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looks clean to me, please tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/12/2012 4:19 PM
#94681
User avatar

Cool Trojan Bro Member

Date Joined Nov 2016
Total Posts: 4
Steam is now open and everything's running fine now.

Also I'm glad I've found these programs that can help uncluttered your system.

Thank you for the help with all of that Touch :smile:
Posted 11/13/2012 7:46 AM
#94683
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
My pleasure :smile:



Start OTL
Click on the CleanUp! button.

You'll be asked if you want to Begin cleanup process? Select Yes.
This step removes the files, folders, and shortcuts created by the tools I had you download and run.

When done, you will be prompted to restart your computer. Please restart your computer.




I´ll lock this topic...........

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, July 27, 2017, 4:45 AM (GMT +2)
There are a total of 61,310 posts in 13,483 threads.
In the last 3 days there were 1 new threads and 5 reply posts.

Who's online

This forum has 38,066 registered members. Please welcome our newest member, MaxSlo.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.