Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam  
Forum Quick Jump
 
New Topic Post reply to : Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam Printable version of : Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
[ << Previous Thread | Next Thread >> ]

russ4570
New Member


Date Joined Nov 2012
Total Posts : 5
  		   Posted 11/24/2012 12:30 PM (GMT +3)    Quote: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in SteamAlert an admin about: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
Hi. Thaanks for the responce. I have read Can't Delete Trojan Agent3.CKJE or Trojan PSW.Generic10.AIXT from Steam and have the same issue.
Trojans in stem that I am unable to delete. I have run CC cleaner and Combofix. Please see below.
Any assistance greatly appreciated. I was only say at work that it's been a while since I was virused. Must have jinxed myself.
 
ComboFix 12-11-23.02 - User 24/11/2012  10:32:20.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.61.1033.18.3326.2457 [GMT 10:00]
Running from: d:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\m!!!e.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\User\WINDOWS
.
.
(((((((((((((((((((((((((   Files Created from 2012-10-24 to 2012-11-24  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 11:36 . 2012-05-02 09:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-18 11:36 . 2012-05-02 09:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 10:26 . 2012-08-16 11:27 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-05 22:01 . 2012-10-05 22:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-05 22:01 . 2012-10-05 22:01 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-05 22:01 . 2010-11-27 22:30 473072 -c--a-w- c:\windows\system32\deployJava1.dll
2012-10-28 08:46 . 2012-10-28 08:46 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2011-04-19 6606232]
"LWS"="d:\logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"UpdatePDRShortCut"="d:\cyberlink\PowerDirector10\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - d:\logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 05:57 948672 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 15:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-07-28 10:27 19557480 -c--a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"d:\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sniper ghost warrior\\Sniper_x86.exe"=
"d:\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"d:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"d:\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"d:\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301920]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [9/2/2010 5:39 PM 230768]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [3/10/2012 1:19 PM 114688]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/4/2010 4:00 PM 1691480]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [3/10/2012 1:19 PM 7680]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 11:36]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 09:22]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 09:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.4.182.20 10.4.81.103
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\4fa742lb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -  
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - ExtSQL: 2012-10-06 08:01; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2012-10-28 18:46; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-10-28 18:46; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-13 17:23; {88c7f2aa-f93f-432c-8f0e-b7d85967a527}; c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\4fa742lb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-24 10:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-789336058-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fc,ad,4d,33,86,25,93,d8,02,27,5d,2e,bb,8c,22,3f,60,db,60,6a,0e,2d,bd,
   14,32,da,47,a1,53,d9,24,7a,60,ee,f9,a8,cb,04,e3,35,e3,d5,51,b8,aa,7b,0e,ca,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1454471165-789336058-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:6c,40,f3,6b,7d,c3,a4,31,3f,0e,36,a9,de,a4,c5,7b,a9,85,c1,2e,03,
   8f,51,3e,47,d5,9d,b8,a0,6a,45,d6,9a,9f,a6,5d,37,40,19,b4,63,a0,74,3d,77,99,\
"rkeysecu"=hex:f5,cb,0a,b7,66,66,ab,c0,c6,13,7f,f5,52,28,54,7d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-11-24  10:34:54
ComboFix-quarantined-files.txt  2012-11-24 00:34
.
Pre-Run: 14,177,292,288 bytes free
Post-Run: 14,419,365,888 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AA058A98C4F6CD23E14220BA6ACFD361
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12862
  		   Posted 11/25/2012 12:54 AM (GMT +3)    Quote: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in SteamAlert an admin about: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe


• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in:



netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
MRESP50.SYS
CBPSp50.sys
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT





• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

russ4570
New Member


Date Joined Nov 2012
Total Posts : 5
  		   Posted 11/25/2012 1:26 AM (GMT +3)    Quote: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in SteamAlert an admin about: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
As requested.
OTL then Extras. (If steam is not started at computer start up then AVG does not find it!)
Thanks for the assistance.

OTL logfile created on: 25/11/2012 9:16:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 82.31% Memory free
7.09 Gb Paging File | 6.47 Gb Available in Paging File | 91.27% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 13.03 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 426.69 Gb Total Space | 233.17 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
Drive E: | 603.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-DCB363FC2E | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/25 09:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/08/05 11:56:56 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/04/19 14:28:26 | 006,606,232 | ---- | M] (Telstra) -- C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
PRC - [2010/09/02 17:39:44 | 000,230,768 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- D:\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- D:\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 17:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/26 14:07:03 | 020,317,008 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/10/26 14:06:58 | 001,099,616 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/10/26 14:06:58 | 000,902,480 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/10/26 14:06:58 | 000,190,816 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/10/26 14:06:58 | 000,123,232 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/12 09:23:44 | 000,330,584 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- D:\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- D:\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- D:\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- D:\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- D:\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- D:\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- D:\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/03/11 03:35:38 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\sso4ml3.dll
MOD - [2009/08/03 03:53:56 | 000,475,136 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\sso2mdu.dll
MOD - [2009/08/03 03:53:54 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\sso2ml3.dll
MOD - [2007/11/01 17:13:08 | 000,012,288 | ---- | M] () -- C:\Program Files\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
MOD - [2006/10/26 13:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/18 21:36:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/28 18:46:16 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/02 17:39:44 | 000,230,768 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/11/10 12:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/10 12:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/08/04 12:20:12 | 005,243,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/07/28 20:27:36 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/07/16 11:04:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010/07/16 11:04:44 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/07/16 11:04:44 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/07/16 11:04:44 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/07/16 11:04:44 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/11/18 09:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 09:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2004/05/05 02:25:02 | 000,023,296 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\U2S2KXP.sys -- (U2SP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1454471165-789336058-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1454471165-789336058-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-789336058-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 16:47:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 17:43:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 18:46:11 | 000,000,000 | ---D | M]

[2010/09/06 11:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/11/13 17:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4fa742lb.default\extensions
[2012/08/30 17:46:22 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4fa742lb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/11/13 17:23:07 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4fa742lb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/08/29 11:12:56 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4fa742lb.default\extensions\en-AU@dictionaries.addons.mozilla.org
[2011/05/14 13:51:15 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4fa742lb.default\searchplugins\conduit.xml
[2012/10/28 18:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/28 18:46:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/28 18:46:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/07/03 17:43:23 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/10/28 18:46:16 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 11:12:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/28 18:46:15 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/24 10:34:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe (Telstra)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [LWS] D:\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] D:\CyberLink\PowerDirector10\PowerDirector10\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1454471165-789336058-1801674531-1004..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = D:\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-789336058-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-789336058-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-789336058-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-789336058-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/04 10:48:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/28 10:52:48 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/25 09:00:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/11/24 10:41:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/24 10:31:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/24 10:30:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/24 10:30:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/24 10:30:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/24 10:30:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/24 10:28:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/24 10:28:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/24 10:03:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/11/24 09:22:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User\My Documents\cc cleaner registry back up
[2012/11/24 09:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/11/14 18:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Atari
[2012/11/14 17:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Profiles
[2012/10/28 18:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/25 09:15:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/25 09:03:41 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/25 09:03:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/25 09:03:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/25 09:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/11/25 08:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/25 08:02:46 | 101,103,245 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/11/24 10:34:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/24 10:31:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/11/24 09:18:47 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/19 18:27:04 | 000,092,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/11/14 18:07:18 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Deer Hunter - The 2005 Season.lnk
[2012/11/13 17:22:54 | 000,017,925 | ---- | M] () -- D:\Documents and Settings\User\My Documents\Deer Hunter Cheats.pdf
[2012/11/01 21:14:09 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/24 10:31:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/11/24 10:31:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/24 10:30:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/24 10:30:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/24 10:30:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/24 10:30:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/24 10:30:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/24 09:18:47 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/14 18:07:18 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Deer Hunter - The 2005 Season.lnk
[2012/11/13 17:22:54 | 000,017,925 | ---- | C] () -- D:\Documents and Settings\User\My Documents\Deer Hunter Cheats.pdf
[2012/09/04 20:00:17 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\dt.dat
[2012/05/01 18:51:07 | 000,088,576 | ---- | C] () -- C:\WINDOWS\UNINSTCC.EXE
[2012/04/16 18:48:33 | 000,000,305 | ---- | C] () -- C:\WINDOWS\game.ini
[2012/02/20 16:36:02 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/20 16:36:00 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/20 16:36:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/02/20 16:35:53 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/05/04 20:30:09 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011/03/05 08:18:42 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/03/05 08:18:27 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2011/03/05 08:17:39 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/03/05 08:17:38 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/03/05 08:17:38 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/09/06 11:01:38 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/03/27 18:36:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 22:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/04/14 22:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 22:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/09/06 11:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/05/19 10:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/18 17:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/09/15 14:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChairGun3
[2011/03/16 19:20:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/10 15:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/03/10 15:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/11/25 08:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/10 15:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2012/03/10 13:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Telstra
[2012/04/28 20:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/06 11:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ashampoo
[2012/05/19 09:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2012
[2010/11/09 20:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Tiberium Wars
[2011/03/29 08:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GARMIN
[2012/03/13 18:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2012/03/10 13:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sierra Wireless
[2012/03/10 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Telstra
[2012/11/24 09:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/05/19 09:53:23 | 000,000,000 | ---D | M] -- C:\$AVG
[2010/09/06 16:18:21 | 000,000,000 | ---D | M] -- C:\ATI
[2012/11/24 10:31:46 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2010/09/04 10:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2012/03/28 17:43:51 | 000,000,000 | ---D | M] -- C:\F5U109
[2010/09/04 11:27:43 | 000,000,000 | ---D | M] -- C:\Intel
[2010/11/13 16:47:08 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/02/20 16:34:30 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012/10/28 18:47:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/11/24 10:34:56 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/11/24 10:41:54 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/05/14 19:31:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/11/24 10:34:09 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< %windir%\Installer\*.* >
[2011/11/17 22:56:41 | 001,435,136 | ---- | M] () -- C:\WINDOWS\Installer\13ff4c5.msi
[2012/04/16 18:48:29 | 008,742,912 | ---- | M] () -- C:\WINDOWS\Installer\141128.msi
[2012/04/16 19:02:49 | 005,521,920 | ---- | M] () -- C:\WINDOWS\Installer\14112d.msi
[2012/03/27 18:54:05 | 000,766,976 | ---- | M] () -- C:\WINDOWS\Installer\166aa1.msi
[2012/03/27 18:54:46 | 000,799,232 | ---- | M] () -- C:\WINDOWS\Installer\166ab7.msi
[2012/02/20 16:36:44 | 001,598,464 | ---- | M] () -- C:\WINDOWS\Installer\28b29.msi
[2012/05/04 18:24:55 | 031,876,096 | ---- | M] () -- C:\WINDOWS\Installer\2c765c.msi
[2012/09/17 17:15:14 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\2d0af6.msi
[2012/11/18 17:45:16 | 002,208,768 | ---- | M] () -- C:\WINDOWS\Installer\36bc2.msi
[2011/03/05 08:17:16 | 031,465,472 | ---- | M] () -- C:\WINDOWS\Installer\3c430.msi
[2012/03/10 14:21:13 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\41ab1d.msi
[2012/04/28 19:57:33 | 001,769,984 | ---- | M] () -- C:\WINDOWS\Installer\4b90bf.msi
[2012/04/28 20:01:25 | 001,530,368 | ---- | M] () -- C:\WINDOWS\Installer\4b9102.msi
[2012/04/28 20:01:53 | 002,002,432 | ---- | M] () -- C:\WINDOWS\Installer\4b910d.msi
[2012/04/28 20:02:21 | 001,718,784 | ---- | M] () -- C:\WINDOWS\Installer\4b9113.msi
[2012/04/28 20:03:22 | 004,288,000 | ---- | M] () -- C:\WINDOWS\Installer\4b9117.msi
[2010/09/30 17:35:00 | 001,094,144 | ---- | M] () -- C:\WINDOWS\Installer\5a111.msi
[2012/03/10 15:05:28 | 003,582,976 | ---- | M] () -- C:\WINDOWS\Installer\5d5e8.msi
[2010/09/08 11:02:12 | 000,331,264 | ---- | M] () -- C:\WINDOWS\Installer\5ec01f.msi
[2012/03/27 18:36:41 | 002,109,440 | ---- | M] () -- C:\WINDOWS\Installer\617d5.msi
[2012/09/11 16:47:47 | 005,174,272 | ---- | M] () -- C:\WINDOWS\Installer\635d0.msi
[2012/10/06 08:01:05 | 000,900,096 | ---- | M] () -- C:\WINDOWS\Installer\63c4f.msi
[2012/10/06 08:01:32 | 000,203,776 | ---- | M] () -- C:\WINDOWS\Installer\63c5f.msi
[2012/06/25 18:08:37 | 001,259,008 | ---- | M] () -- C:\WINDOWS\Installer\708b5.msi
[2012/08/30 18:38:36 | 000,282,112 | ---- | M] () -- C:\WINDOWS\Installer\78f642.msi
[2010/09/06 11:39:43 | 000,424,448 | ---- | M] () -- C:\WINDOWS\Installer\81db3e.msi
[2010/09/06 11:43:22 | 003,940,352 | ---- | M] () -- C:\WINDOWS\Installer\81db42.msi
[2010/09/04 10:59:46 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\84fc4.msi
[2012/03/13 18:27:53 | 000,064,512 | ---- | M] () -- C:\WINDOWS\Installer\878a04.msi
[2012/03/13 18:28:02 | 000,027,136 | ---- | M] () -- C:\WINDOWS\Installer\878a0a.msi
[2012/03/13 18:28:33 | 000,119,296 | ---- | M] () -- C:\WINDOWS\Installer\878a10.msi
[2012/03/13 18:28:37 | 000,023,552 | ---- | M] () -- C:\WINDOWS\Installer\878a16.msi
[2012/03/13 18:29:22 | 000,240,640 | ---- | M] () -- C:\WINDOWS\Installer\878a1c.msi
[2012/03/13 18:29:27 | 000,023,040 | ---- | M] () -- C:\WINDOWS\Installer\878a22.msi
[2012/03/13 18:29:30 | 000,023,552 | ---- | M] () -- C:\WINDOWS\Installer\878a28.msi
[2012/03/13 18:29:55 | 000,030,208 | ---- | M] () -- C:\WINDOWS\Installer\878a2e.msi
[2012/03/13 18:30:06 | 000,024,576 | ---- | M] () -- C:\WINDOWS\Installer\878a34.msi
[2012/03/13 18:30:10 | 000,023,552 | ---- | M] () -- C:\WINDOWS\Installer\878a3a.msi
[2012/03/13 18:30:13 | 000,023,040 | ---- | M] () -- C:\WINDOWS\Installer\878a40.msi
[2012/03/13 18:30:21 | 000,030,720 | ---- | M] () -- C:\WINDOWS\Installer\878a46.msi
[2012/03/13 18:30:24 | 000,030,208 | ---- | M] () -- C:\WINDOWS\Installer\878a4c.msi
[2012/03/13 18:30:28 | 000,023,040 | ---- | M] () -- C:\WINDOWS\Installer\878a52.msi
[2012/03/27 18:41:12 | 000,539,648 | ---- | M] () -- C:\WINDOWS\Installer\9277c.msi
[2012/03/27 18:41:52 | 000,537,088 | ---- | M] () -- C:\WINDOWS\Installer\92780.msi
[2012/03/27 18:42:31 | 000,493,056 | ---- | M] () -- C:\WINDOWS\Installer\92784.msi
[2012/03/10 13:19:11 | 002,145,280 | ---- | M] () -- C:\WINDOWS\Installer\9a60b.msi
[2012/08/05 15:22:45 | 009,474,048 | ---- | M] () -- C:\WINDOWS\Installer\b405d4.msi
[2010/11/13 16:47:26 | 002,397,184 | ---- | M] () -- C:\WINDOWS\Installer\b781fc.msi
[2010/11/13 16:47:32 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\b78202.msi
[2010/11/13 16:47:36 | 001,713,152 | ---- | M] () -- C:\WINDOWS\Installer\b78208.msi
[2010/11/13 16:47:42 | 002,022,912 | ---- | M] () -- C:\WINDOWS\Installer\b7820e.msi
[2010/11/13 16:47:46 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\b78214.msi
[2010/11/13 16:47:49 | 000,048,128 | ---- | M] () -- C:\WINDOWS\Installer\b7821d.msi
[2010/11/13 16:47:54 | 001,647,616 | ---- | M] () -- C:\WINDOWS\Installer\b78223.msi
[2010/11/13 16:47:57 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\b78229.msi
[2010/11/13 16:48:01 | 002,319,872 | ---- | M] () -- C:\WINDOWS\Installer\b7822f.msi
[2010/11/13 16:48:08 | 000,513,024 | ---- | M] () -- C:\WINDOWS\Installer\b78235.msi
[2010/11/13 16:48:13 | 000,516,608 | ---- | M] () -- C:\WINDOWS\Installer\b7823c.msi
[2010/11/13 16:48:18 | 000,506,880 | ---- | M] () -- C:\WINDOWS\Installer\b78243.msi
[2010/11/13 16:48:22 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\b78249.msi
[2010/11/13 16:48:26 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\b7824f.msi
[2010/11/13 16:48:29 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\b78255.msi
[2010/11/13 16:48:34 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\b7825b.msi
[2010/11/13 16:48:37 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\b78261.msi
[2010/11/13 16:48:40 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\b78267.msi
[2010/11/13 16:49:35 | 018,181,632 | ---- | M] () -- C:\WINDOWS\Installer\b7826f.msi
[2012/03/13 19:21:23 | 001,605,120 | ---- | M] () -- C:\WINDOWS\Installer\b8739f.msi
[2012/08/29 19:25:33 | 000,392,704 | ---- | M] () -- C:\WINDOWS\Installer\d08e06.msi
[2012/08/29 19:26:39 | 002,404,864 | ---- | M] () -- C:\WINDOWS\Installer\d08e62.msi
[2012/08/29 19:28:28 | 000,282,112 | ---- | M] () -- C:\WINDOWS\Installer\d08e66.msi
[2012/08/29 19:29:42 | 000,282,112 | ---- | M] () -- C:\WINDOWS\Installer\d08e6a.msi
[2010/09/06 16:19:00 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\fae39e.msi
[2010/09/06 16:19:00 | 000,435,712 | ---- | M] () -- C:\WINDOWS\Installer\fae3a4.msi
[2010/09/06 16:19:02 | 001,597,440 | ---- | M] () -- C:\WINDOWS\Installer\fae3ab.msi
[2012/04/28 20:02:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}.SchedServiceConfig.rmi

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/04/14 22:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\erdnt\cache\regedit.exe
[2008/04/14 22:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/14 22:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 22:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 22:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 22:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 22:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 22:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 22:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2010/09/04 10:47:43 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2010/09/04 10:51:31 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011/04/19 19:22:55 | 000,000,878 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 19:22:56 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012/05/02 19:18:36 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright (C) 1999-2003 Microsoft Corporation.
On computer: USER-DCB363FC2E
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DH2005 CDFS DVD-ROM 603 MB
Volume 1 C Windows NTFS Partition 39 GB Healthy System
Volume 2 D Documents a NTFS Partition 427 GB Healthy
Volume 3 F Removeable 0 B
Volume 4 H Removeable 0 B

< End of report >

OTL Extras logfile created on: 25/11/2012 9:16:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 82.31% Memory free
7.09 Gb Paging File | 6.47 Gb Available in Paging File | 91.27% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 13.03 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 426.69 Gb Total Space | 233.17 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
Drive E: | 603.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-DCB363FC2E | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"D:\Activision\Wolfenstein\MP\Wolf2MP.exe" = D:\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"D:\Activision\Wolfenstein\MP\Wolf2MPLite.exe" = D:\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOps.exe" = C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"D:\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = D:\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"D:\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = D:\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Program Files\Steam\SteamApps\common\sniper ghost warrior\Sniper_x86.exe" = C:\Program Files\Steam\SteamApps\common\sniper ghost warrior\Sniper_x86.exe:*:Enabled:Sniper: Ghost Warrior -- (City Interactive)
"D:\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe" = D:\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2 -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\EA Games\Command & Conquer Generals Zero Hour\patchget.dat" = D:\EA Games\Command & Conquer Generals Zero Hour\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"D:\uTorrent\uTorrent.exe" = D:\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"D:\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe" = D:\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:*:Enabled:Frontlines Game -- (Kaos Studios)
"C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe" = C:\Program Files\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- ()
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"D:\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe" = D:\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2 -- (Crytek GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08E3DDC8-E020-5903-31AE-D6B593FE8323}" = Catalyst Control Center InstallProxy
"{0C305FC9-42C8-4FBE-819D-9C72CB356F09}" = Telstra Mobile Broadband Manager
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{16115E10-502B-4EA0-BD39-4DA329AD89E2}" = BELKIN F5U109 V1.25
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{68D87115-D09B-4CB3-AC58-308582DC7775}" = TTS MasterTune Delphi Manuals v180
"{6E4F4268-876D-485B-9CCE-6C67263682CF}" = TTS DataMaster-HD Delphi v183
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEC4C47-2E98-49BF-AF8E-06316B6B2BB9}" = AVG 2012
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B1064B6C-3549-447C-8E64-44B8824316A4}" = TTS Software Updater v121
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DFD89DF9-8A24-4389-91AC-64EF4C8AE3AE}" = TTS VTune-HD v180
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFA1781B-D89B-4072-9102-583562741E4A}" = TTS MasterTune-HD Delphi v184
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FCE7F6A7-4AE6-4926-A15F-7B4EF6881438}_is1" = Hawke ChairGun Pro 1.0.5b
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Deer Hunter 2005_is1" = Deer Hunter - The 2005 Season
"ENTERPRISER" = Microsoft Office Enterprise 2007
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.1.0
"Logitech Vid" = Logitech Vid HD
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PunkBusterSvc" = PunkBuster Services
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Telstra Mobile Broadband Manager" = Telstra Mobile Broadband Manager
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/10/2012 5:00:35 AM | Computer Name = USER-DCB363FC2E | Source = Application Hang | ID = 1002
Description = Hanging application TelstraUCM.exe, version 3.4.10414.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2012 5:36:53 AM | Computer Name = USER-DCB363FC2E | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 6.0.1 -- Setup has detected that you already
have a more functional product installed. Setup will now terminate.

Error - 14/11/2012 3:52:16 AM | Computer Name = USER-DCB363FC2E | Source = ESENT | ID = 490
Description = svchost (1384) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 14/11/2012 3:52:45 AM | Computer Name = USER-DCB363FC2E | Source = ESENT | ID = 490
Description = svchost (1384) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 14/11/2012 3:56:39 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000
Description = Faulting application trophyviewer.exe, version 0.0.0.0, faulting module
trophyviewer.exe, version 0.0.0.0, fault address 0x0012b931.

Error - 14/11/2012 4:07:35 AM | Computer Name = USER-DCB363FC2E | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 6.0.1 -- Setup has detected that you already
have a more functional product installed. Setup will now terminate.

Error - 14/11/2012 4:52:54 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000
Description = Faulting application crysis2.exe, version 1.9.0.0, faulting module
cryrenderd3d9.dll, version 1.9.0.0, fault address 0x001b8400.

Error - 15/11/2012 7:07:50 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000
Description = Faulting application dh2005.exe, version 0.0.0.0, faulting module
dh2005.exe, version 0.0.0.0, fault address 0x0016de3a.

Error - 16/11/2012 12:11:01 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000
Description = Faulting application dh2005.exe, version 0.0.0.0, faulting module
dh2005.exe, version 0.0.0.0, fault address 0x0016de3a.

Error - 24/11/2012 6:21:19 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5512, fault address 0x000a60c8.

[ System Events ]
Error - 23/11/2012 7:55:06 PM | Computer Name = USER-DCB363FC2E | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 23/11/2012 7:55:18 PM | Computer Name = USER-DCB363FC2E | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 23/11/2012 8:15:51 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.192.168.176 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 10.96.53.1 (The DHCP Server
sent a DHCPNACK message).

Error - 23/11/2012 8:28:33 PM | Computer Name = USER-DCB363FC2E | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 23/11/2012 8:28:33 PM | Computer Name = USER-DCB363FC2E | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 23/11/2012 8:31:11 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.96.53.3 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 10.230.11.222 (The DHCP Server
sent a DHCPNACK message).

Error - 23/11/2012 8:47:01 PM | Computer Name = USER-DCB363FC2E | Source = PSched | ID = 14103
Description = QoS [Adapter {48CDCBF2-D74D-45D6-938A-B44660EF301B}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 23/11/2012 8:47:01 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.230.11.221 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 10.192.166.1 (The DHCP Server
sent a DHCPNACK message).

Error - 23/11/2012 9:06:24 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.192.166.15 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 10.230.59.73 (The DHCP Server
sent a DHCPNACK message).

Error - 24/11/2012 7:04:11 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.192.164.135 for the Network Card with network
address 00A0C6000000 has been denied by the DHCP server 10.230.53.113 (The DHCP
Server sent a DHCPNACK message).


< End of report >
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12862
  		   Posted 11/25/2012 3:33 PM (GMT +3)    Quote: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in SteamAlert an admin about: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
Please give an update on how things are running now ?

Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

russ4570
New Member


Date Joined Nov 2012
Total Posts : 5
  		   Posted 11/26/2012 10:47 AM (GMT +3)    Quote: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in SteamAlert an admin about: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
No joy I'm afraid. I thought I was waiting for you to review the OTL files in my last post. Did I miss something. Just scanned the computer and same virus in same location.

Is there something else I should do to assist your diagnosis?

See attached word doc for a screen dump of the AVG search screen.

Regards Russ

Post Edited (russ4570) : 11/26/2012 7:48:56 AM GMT



File Attachment :
virus screendump of AVG.docx   242KB (application/vnd.openxmlformats-officedocument.word)
This file has been downloaded 47 time(s).
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12862
  		   Posted 11/26/2012 5:34 PM (GMT +3)    Quote: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in SteamAlert an admin about: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
>>>>> Did I miss something. <<<<<

No, not at all, but there are no threats in the log, but we have to eliminate the "threat"

I actually think it's a false positive, I´ll therefore suggest you have it checked here:




Please upload and have the "infected" file scanned:

Here: http://www.virustotal.com/

Post back the results.

Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

russ4570
New Member


Date Joined Nov 2012
Total Posts : 5
  		   Posted 11/27/2012 9:36 AM (GMT +3)    Quote: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in SteamAlert an admin about: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
OK. Thanks for the help.
I scanned the two files
vgui2_s.dll & FileSystem_Steam.dll
that were identified in the AVG report using the Virus Total that you recommended.
Both came up negative.
links to results below
https://www.virustotal.com/file/0750fb4571c90522ca592096a9a40dca57d6a04e713202819914474682033148/analysis/1353997154/
https://www.virustotal.com/file/8189dc241ae33723ff4579d4067252679f0c01b1d009e5b222d22924b48070a6/analysis/

Thanks, whilst searching for help on his topic I has seen a few say that there have been false positives in steam recently (in last 30 days). I just assumed that steam and AVG would have fixed the errors in that time???
Back to Top
 

John1992T
New Member


Date Joined Nov 2012
Total Posts : 1
  		   Posted 11/27/2012 9:21 PM (GMT +3)    Quote: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in SteamAlert an admin about: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
Hello.. I saw this post and I have the exact same problem :(
- I can't run steam without AVG noticing me that I have this Trojan Agent3.CKJE
It really sucks and I can't play any games from steam :(
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 373
  		   Posted 11/28/2012 8:57 AM (GMT +3)    Quote: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in SteamAlert an admin about: Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
I apologize for my intervention but this seems more an more like a false positive detection.

I think it's better if you all contact AVG Support and see what they have to say about this.

Cheers!

Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 
New Topic Post reply to : Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam Printable version of : Trojan Agent3.CKJE and Trojan PSW.Generic10.AIXT in Steam
 
Forum Information
Currently it is Tuesday, May 21, 2013 5:17 PM (GMT +3)
There are a total of 59,520 posts in 13,139 threads.
In the last 3 days there were 1 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 34613 registered members. Please welcome our newest member, aadi95.
23 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
BullGuard Firewall and Windows Firewall (4)5/21/2013 5:24:46 AM (aadi95)
The NovaShield behavior analysis techniques (2)5/21/2013 12:28:32 AM (Robert Mateescu)
Bullguard online drive back up URL for Syncovery? (2)5/20/2013 10:11:29 AM (LogoLogics)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard Internet Security