Trojans in stem that I am unable to delete. I have run CC cleaner and Combofix. Please see below.
Any assistance greatly appreciated. I was only say at work that it's been a while since I was virused. Must have jinxed myself.
ComboFix 12-11-23.02 - User 24/11/2012 10:32:20.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3326.2457 [GMT 10:00] Running from: d:\documents and settings\User\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\Setup.exe c:\documents and settings\All Users\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\m!!!e.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini c:\documents and settings\User\WINDOWS . . ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-18 11:36 . 2012-05-02 09:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-18 11:36 . 2012-05-02 09:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 10:26 . 2012-08-16 11:27 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-10-05 22:01 . 2012-10-05 22:01 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-05 22:01 . 2012-10-05 22:01 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-05 22:01 . 2010-11-27 22:30 473072 -c--a-w- c:\windows\system32\deployJava1.dll 2012-10-28 08:46 . 2012-10-28 08:46 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2012-08-05 1353080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192] "BigPondWirelessBroadbandCM"="c:\program files\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2011-04-19 6606232] "LWS"="d:\logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "UpdatePDRShortCut"="d:\cyberlink\PowerDirector10\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\User\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - d:\logitech\Ereg\eReg.exe [2009-11-16 517384] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 05:57 948672 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-21 15:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2010-07-28 10:27 19557480 -c--a-w- c:\windows\RTHDCPL.EXE . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"= "d:\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "d:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "d:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\sniper ghost warrior\\Sniper_x86.exe"= "d:\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "d:\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"= "d:\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "d:\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "d:\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 237408] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301920] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288] R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [9/2/2010 5:39 PM 230768] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [3/10/2012 1:19 PM 114688] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/4/2010 4:00 PM 1691480] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [3/10/2012 1:19 PM 7680] . Contents of the 'Scheduled Tasks' folder . 2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 11:36] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 09:22] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 09:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.4.182.20 10.4.81.103 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\4fa742lb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ FF - ExtSQL: 2012-10-06 08:01; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff FF - ExtSQL: 2012-10-28 18:46; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2012-10-28 18:46; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-13 17:23; {88c7f2aa-f93f-432c-8f0e-b7d85967a527}; c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\4fa742lb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-24 10:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1454471165-789336058-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:fc,ad,4d,33,86,25,93,d8,02,27,5d,2e,bb,8c,22,3f,60,db,60,6a,0e,2d,bd, 14,32,da,47,a1,53,d9,24,7a,60,ee,f9,a8,cb,04,e3,35,e3,d5,51,b8,aa,7b,0e,ca,\ "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49 . [HKEY_USERS\S-1-5-21-1454471165-789336058-1801674531-1004\Software\SecuROM\License information*] "datasecu"=hex:6c,40,f3,6b,7d,c3,a4,31,3f,0e,36,a9,de,a4,c5,7b,a9,85,c1,2e,03, 8f,51,3e,47,d5,9d,b8,a0,6a,45,d6,9a,9f,a6,5d,37,40,19,b4,63,a0,74,3d,77,99,\ "rkeysecu"=hex:f5,cb,0a,b7,66,66,ab,c0,c6,13,7f,f5,52,28,54,7d . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(960) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2012-11-24 10:34:54 ComboFix-quarantined-files.txt 2012-11-24 00:34 . Pre-Run: 14,177,292,288 bytes free Post-Run: 14,419,365,888 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - AA058A98C4F6CD23E14220BA6ACFD361
Posted By : Touch - 11/25/2012 12:54 AM
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. • Select All Users • Under the Custom Scan box paste this in:
• • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. • Post both logs
As requested. OTL then Extras. (If steam is not started at computer start up then AVG does not find it!) Thanks for the assistance.
OTL logfile created on: 25/11/2012 9:16:04 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 82.31% Memory free 7.09 Gb Paging File | 6.47 Gb Available in Paging File | 91.27% Paging File free Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 13.03 Gb Free Space | 33.36% Space Free | Partition Type: NTFS Drive D: | 426.69 Gb Total Space | 233.17 Gb Free Space | 54.65% Space Free | Partition Type: NTFS Drive E: | 603.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: USER-DCB363FC2E | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
< type c:\diskreport.txt /c > Microsoft DiskPart version 5.1.3565 Copyright (C) 1999-2003 Microsoft Corporation. On computer: USER-DCB363FC2E Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 E DH2005 CDFS DVD-ROM 603 MB Volume 1 C Windows NTFS Partition 39 GB Healthy System Volume 2 D Documents a NTFS Partition 427 GB Healthy Volume 3 F Removeable 0 B Volume 4 H Removeable 0 B
< End of report >
OTL Extras logfile created on: 25/11/2012 9:16:05 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.25 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 82.31% Memory free 7.09 Gb Paging File | 6.47 Gb Available in Paging File | 91.27% Paging File free Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 13.03 Gb Free Space | 33.36% Space Free | Partition Type: NTFS Drive D: | 426.69 Gb Total Space | 233.17 Gb Free Space | 54.65% Space Free | Partition Type: NTFS Drive E: | 603.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: USER-DCB363FC2E | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08E3DDC8-E020-5903-31AE-D6B593FE8323}" = Catalyst Control Center InstallProxy "{0C305FC9-42C8-4FBE-819D-9C72CB356F09}" = Telstra Mobile Broadband Manager "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{16115E10-502B-4EA0-BD39-4DA329AD89E2}" = BELKIN F5U109 V1.25 "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}" = ATI Catalyst Install Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{68D87115-D09B-4CB3-AC58-308582DC7775}" = TTS MasterTune Delphi Manuals v180 "{6E4F4268-876D-485B-9CCE-6C67263682CF}" = TTS DataMaster-HD Delphi v183 "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABEC4C47-2E98-49BF-AF8E-06316B6B2BB9}" = AVG 2012 "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "{B1064B6C-3549-447C-8E64-44B8824316A4}" = TTS Software Updater v121 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{DFD89DF9-8A24-4389-91AC-64EF4C8AE3AE}" = TTS VTune-HD v180 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EFA1781B-D89B-4072-9102-583562741E4A}" = TTS MasterTune-HD Delphi v184 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2 "{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein "{FCE7F6A7-4AE6-4926-A15F-7B4EF6881438}_is1" = Hawke ChairGun Pro 1.0.5b "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "AVG" = AVG 2012 "CCleaner" = CCleaner "Deer Hunter 2005_is1" = Deer Hunter - The 2005 Season "ENTERPRISER" = Microsoft Office Enterprise 2007 "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.1.0 "Logitech Vid" = Logitech Vid HD "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NewBlue Art Effects for PDR10" = Art Effects for PDR10 "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PunkBusterSvc" = PunkBuster Services "Steam App 34830" = Sniper: Ghost Warrior "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Telstra Mobile Broadband Manager" = Telstra Mobile Broadband Manager "uTorrent" = µTorrent "WinRAR archiver" = WinRAR 4.20 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ] Error - 31/10/2012 5:00:35 AM | Computer Name = USER-DCB363FC2E | Source = Application Hang | ID = 1002 Description = Hanging application TelstraUCM.exe, version 3.4.10414.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/11/2012 5:36:53 AM | Computer Name = USER-DCB363FC2E | Source = MsiInstaller | ID = 1013 Description = Product: Adobe Reader 6.0.1 -- Setup has detected that you already have a more functional product installed. Setup will now terminate.
Error - 14/11/2012 3:52:16 AM | Computer Name = USER-DCB363FC2E | Source = ESENT | ID = 490 Description = svchost (1384) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error - 14/11/2012 3:52:45 AM | Computer Name = USER-DCB363FC2E | Source = ESENT | ID = 490 Description = svchost (1384) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error - 14/11/2012 3:56:39 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000 Description = Faulting application trophyviewer.exe, version 0.0.0.0, faulting module trophyviewer.exe, version 0.0.0.0, fault address 0x0012b931.
Error - 14/11/2012 4:07:35 AM | Computer Name = USER-DCB363FC2E | Source = MsiInstaller | ID = 1013 Description = Product: Adobe Reader 6.0.1 -- Setup has detected that you already have a more functional product installed. Setup will now terminate.
Error - 14/11/2012 4:52:54 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000 Description = Faulting application crysis2.exe, version 1.9.0.0, faulting module cryrenderd3d9.dll, version 1.9.0.0, fault address 0x001b8400.
Error - 15/11/2012 7:07:50 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000 Description = Faulting application dh2005.exe, version 0.0.0.0, faulting module dh2005.exe, version 0.0.0.0, fault address 0x0016de3a.
Error - 16/11/2012 12:11:01 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000 Description = Faulting application dh2005.exe, version 0.0.0.0, faulting module dh2005.exe, version 0.0.0.0, fault address 0x0016de3a.
Error - 24/11/2012 6:21:19 AM | Computer Name = USER-DCB363FC2E | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting module mshtml.dll, version 6.0.2900.5512, fault address 0x000a60c8.
[ System Events ] Error - 23/11/2012 7:55:06 PM | Computer Name = USER-DCB363FC2E | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s).
Error - 23/11/2012 7:55:18 PM | Computer Name = USER-DCB363FC2E | Source = Service Control Manager | ID = 7034 Description = The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
Error - 23/11/2012 8:15:51 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002 Description = The IP address lease 10.192.168.176 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 10.96.53.1 (The DHCP Server sent a DHCPNACK message).
Error - 23/11/2012 8:28:33 PM | Computer Name = USER-DCB363FC2E | Source = Service Control Manager | ID = 7034 Description = The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
Error - 23/11/2012 8:28:33 PM | Computer Name = USER-DCB363FC2E | Source = Service Control Manager | ID = 7034 Description = The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
Error - 23/11/2012 8:31:11 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002 Description = The IP address lease 10.96.53.3 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 10.230.11.222 (The DHCP Server sent a DHCPNACK message).
Error - 23/11/2012 8:47:01 PM | Computer Name = USER-DCB363FC2E | Source = PSched | ID = 14103 Description = QoS [Adapter {48CDCBF2-D74D-45D6-938A-B44660EF301B}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
Error - 23/11/2012 8:47:01 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002 Description = The IP address lease 10.230.11.221 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 10.192.166.1 (The DHCP Server sent a DHCPNACK message).
Error - 23/11/2012 9:06:24 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002 Description = The IP address lease 10.192.166.15 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 10.230.59.73 (The DHCP Server sent a DHCPNACK message).
Error - 24/11/2012 7:04:11 PM | Computer Name = USER-DCB363FC2E | Source = Dhcp | ID = 1002 Description = The IP address lease 10.192.164.135 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 10.230.53.113 (The DHCP Server sent a DHCPNACK message).
< End of report >
Posted By : Touch - 11/25/2012 3:33 PM
Please give an update on how things are running now ?
No joy I'm afraid. I thought I was waiting for you to review the OTL files in my last post. Did I miss something. Just scanned the computer and same virus in same location.
Is there something else I should do to assist your diagnosis?
See attached word doc for a screen dump of the AVG search screen.
Regards Russ
Post Edited (russ4570) : 11/26/2012 7:48:56 AM GMT
Posted By : Touch - 11/26/2012 5:34 PM
>>>>> Did I miss something. <<<<<
No, not at all, but there are no threats in the log, but we have to eliminate the "threat"
I actually think it's a false positive, I´ll therefore suggest you have it checked here:
Please upload and have the "infected" file scanned:
OK. Thanks for the help. I scanned the two files vgui2_s.dll & FileSystem_Steam.dll that were identified in the AVG report using the Virus Total that you recommended. Both came up negative. links to results below https://www.virustotal.com/file/0750fb4571c90522ca592096a9a40dca57d6a04e713202819914474682033148/analysis/1353997154/ https://www.virustotal.com/file/8189dc241ae33723ff4579d4067252679f0c01b1d009e5b222d22924b48070a6/analysis/
Thanks, whilst searching for help on his topic I has seen a few say that there have been false positives in steam recently (in last 30 days). I just assumed that steam and AVG would have fixed the errors in that time???
Posted By : John1992T - 11/27/2012 9:21 PM
Hello.. I saw this post and I have the exact same problem :( - I can't run steam without AVG noticing me that I have this Trojan Agent3.CKJE It really sucks and I can't play any games from steam :(
Posted By : Andreea-Luciana Ostache - 11/28/2012 8:57 AM
I apologize for my intervention but this seems more an more like a false positive detection.
I think it's better if you all contact AVG Support and see what they have to say about this.
|
Forum Help Manual
atchgrabber -- (Electronic Arts)