1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

plz evaluate hijack this log - postvirus

Discussion in 'Virus & Other Malware Removal' started by Lypka109, Jan 4, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Lypka109

    Lypka109 Thread Starter

    Joined:
    Apr 10, 2005
    Messages:
    40
    hi, recently i had a virus (moneypak) and i thought i got rid of all traces of it, but my computer is acting slow ever since i got rid of it. can someone please evaluate my hijackthis log and tell me what i need to get rid of? it looks like there's a lot of junk in there... thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 9:51:21 PM, on 1/4/2013
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    S:\Steam\Steam.exe
    C:\Program Files\Ventrilo\32 bit\Ventrilo.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    S:\TeamSpeak 3 Client\ts3client_win32.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
    S:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>??????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>?????n††??;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<lo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (file missing)
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (file missing)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: AVG Rewards - {EE8BD456-055B-40ce-8A17-9B7D4600264D} - C:\Program Files\AVG Rewards\AVGRewards.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (file missing)
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: AVG Rewards - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - C:\Program Files\AVG Rewards\AVGRewards.dll
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: RPM Poker - {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\all\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O11 - Options group: [INTERNATIONAL] International
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} (Session2 Class) - http://dl.pmang.com/common/pmangctl/pmangax.cab
    O16 - DPF: {D915AE88-270D-479D-8AC1-B3CDD62DBCBF} (CsWebGameController Class) - http://www.cosmicbreak.com/start/cswebgamelauncher.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - s:\Program Files\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
     
  2. Lypka109

    Lypka109 Thread Starter

    Joined:
    Apr 10, 2005
    Messages:
    40
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    who helped you get rid of the virus
    there are loads of junk & malware left showing in that log

    Before we can think of doing anything we need to see all the logs requested in the sticky at the top of the page, to know exactly what we are dealing with

    follow advice here and post the logs those programs make
     
  4. Lypka109

    Lypka109 Thread Starter

    Joined:
    Apr 10, 2005
    Messages:
    40
    ok i downloaded all that and here it is:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Ad-Aware Antivirus
    Ad-Aware Browsing Protection
    Adobe AIR
    Adobe Flash Media Live Encoder 3.2
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.4
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AmericasCardroom
    Apple Software Update
    AVG 2013
    AVG Rewards
    Bandisoft MPEG-1 Decoder
    Battlefield 3&#8482;
    Battlelog Web Plugins
    Bloodline Champions Beta
    Brother MFL-Pro Suite MFC-465CN
    Browser Guard 4.0
    Cake Poker 2.0
    CCleaner
    Click to Call with Skype
    CPUID CPU-Z 1.55
    Deus Ex
    DH Driver Cleaner Professional Edition
    Diablo II
    Diablo III
    Dishonored
    DragonNest
    ESET Online Scanner v3
    ESN Sonar
    EVGA Precision 2.1.2
    Far Cry 3
    Fraps (remove only)
    Ghost Recon Online (NCSA-Live)
    Google Chrome
    Google Update Helper
    Hardware Helper
    Hi-Rez Studios Authenticate and Update Service
    HiJackThis
    HijackThis 1.99.1
    Hitman Absolution
    Holdem Manager
    Holdem Manager 2
    IHA_MessageCenter
    Internet Explorer Toolbar 4.6 by SweetPacks
    Java Auto Updater
    Java(TM) 6 Update 20
    League of Legends
    Lock Poker
    Magic Workstation 0.94f
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office File Validation Add-In
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    MicroVolts
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MTG Card Images for Magic Workstation
    MTG GamePack for Magic Workstation
    Natural Selection 2
    Nexon Game Manager
    Nightmare House Final
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OpenOffice.org 3.2
    Origin
    Pando Media Booster
    PC Tools Spyware Doctor 9.1
    PeerBlock 1.0.0 (r181)
    Pidgin
    PokerStars
    PokerStars.net
    PokerTracker 3 (remove only)
    PostgreSQL 8.4
    Pristontale 3133
    PunkBuster Services
    Quake Live Internet Explorer Plugin
    Quake Live Mozilla Plugin
    QuickTime
    Recover My Files
    RPM Poker
    Sansa Updater
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Silent Storm
    Skype&#8482; 6.0
    Sleeping Dogs
    Smite Closed Beta
    Steam
    STOPzilla
    TeamSpeak 3 Client
    TeamViewer 8
    Tomb Raider: Underworld 1.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Uplay
    Vegas Pro 9.0
    VH Toolkit 1.0.44.0
    VirtualDJ Home FREE
    VLC media player 2.0.0
    Vz In Home Agent
    Winamp
    Winamp Detector Plug-in
    Winamp Toolbar
    WinASO Registry Optimizer 4.8.0
    Windows Live ID Sign-in Assistant
    WinRAR archiver
    Workspace Macro Pro 6.0
    Yontoo 1.10.03
    .
    ==== End Of File ===========================





    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by all at 19:03:30 on 2013-01-10
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\STOPzilla!\SZServer.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    S:\AVG\AVG2013\avgidsagent.exe
    S:\AVG\AVG2013\avgwdsvc.exe
    s:\Program Files\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    S:\AVG\AVG2013\avgui.exe
    C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    S:\Steam\Steam.exe
    S:\AVG\AVG2013\avgnsx.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchProtocolHost.exe
    S:\TeamSpeak 3 Client\ts3client_win32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    S:\AVG\AVG2013\avgmfapx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: AVG Rewards: {EE8BD456-055B-40ce-8A17-9B7D4600264D} - c:\program files\avg rewards\AVGRewards.dll
    TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
    TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
    TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - LocalServer32 - <no file>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [CPN Notifier] c:\program files\lock poker\PokerNotifier.exe
    mRun: [AVG_UI] "s:\avg\avg2013\avgui.exe" /TRAYONLY
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - c:\program files\avg rewards\AVGRewards.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D915AE88-270D-479D-8AC1-B3CDD62DBCBF} - hxxp://www.cosmicbreak.com/start/cswebgamelauncher.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{AC85AE65-A470-45EF-BA73-9ABBA12F7094} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - LocalServer32 - <no file>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\all\appdata\roaming\mozilla\firefox\profiles\c5aijy8y.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - plugin: c:\program files\battlelog web plugins\1.118.0\npesnlaunch.dll
    FF - plugin: c:\program files\battlelog web plugins\1.138.0\npesnlaunch.dll
    FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\all\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - plugin: c:\windows\system32\npPMangFX.dll
    FF - plugin: c:\windows\system32\nppmuspec.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    FF - ExtSQL: 2012-12-31 13:12; {83aace32-eca0-4c3a-b4d6-9ad594496b48}; c:\users\all\appdata\roaming\mozilla\firefox\profiles\c5aijy8y.default\extensions\{83aace32-eca0-4c3a-b4d6-9ad594496b48}
    FF - ExtSQL: 2013-01-02 18:51; [email protected]; c:\users\all\appdata\roaming\mozilla\firefox\profiles\c5aijy8y.default\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 3ceb3dea-8d0e-4ea9-8fc4-a0f187ab80d9
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
    .
    FF - user.js: extensions.autoDisableScopes - 14
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2013-01-09 02:59:04 2345984 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 02:59:01 492032 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 02:58:50 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 02:58:39 49152 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 02:58:39 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-08 03:12:43 -------- d-----w- c:\program files\MSXML 4.0
    2013-01-06 23:23:09 77816 ----a-r- c:\windows\system32\drivers\sbapifs.sys
    2013-01-06 23:22:45 -------- d-----w- c:\program files\STOPzilla!
    2013-01-06 22:57:44 -------- d-----w- c:\users\all\appdata\roaming\AVG2013
    2013-01-06 22:57:02 -------- d-----w- c:\users\all\appdata\roaming\TuneUp Software
    2013-01-06 22:56:34 -------- d-----w- c:\programdata\AVG2013
    2013-01-06 22:30:26 -------- d-----w- c:\program files\TeamViewer
    2013-01-06 22:29:26 -------- d-----w- c:\users\all\appdata\roaming\TeamViewer
    2013-01-05 02:48:29 -------- d-----w- c:\users\all\appdata\roaming\Nico Mak Computing
    2013-01-05 02:48:23 17224 ----a-w- c:\windows\system32\roboot.exe
    2013-01-05 02:39:25 388096 ----a-r- c:\users\all\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2013-01-05 02:39:24 -------- d-----w- c:\program files\Trend Micro
    2013-01-03 06:15:01 -------- d-----w- c:\program files\SweetIM
    2013-01-03 06:14:33 -------- d-----w- c:\program files\Yontoo
    2013-01-03 06:14:30 -------- d-----w- c:\programdata\Tarma Installer
    2013-01-03 06:14:24 -------- d-----w- c:\users\all\appdata\roaming\ExpressFiles
    2013-01-03 00:03:13 -------- d-----w- c:\users\all\appdata\roaming\SUPERAntiSpyware.com
    2013-01-02 23:56:34 -------- d-----w- c:\users\all\appdata\roaming\LavasoftStatistics
    2013-01-02 23:53:59 -------- d-----w- c:\programdata\Ad-Aware Antivirus
    2013-01-02 23:52:35 -------- d-----w- c:\program files\Ad-Aware Antivirus
    2013-01-02 23:52:20 -------- d-----w- c:\users\all\appdata\local\Downloaded Installations
    2013-01-02 23:52:14 42864 ------w- c:\windows\system32\sbbd.exe
    2013-01-02 23:52:14 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
    2013-01-02 23:51:57 -------- d-----w- c:\programdata\blekko toolbars
    2013-01-02 23:51:56 -------- d-----w- c:\users\all\appdata\local\adawarebp
    2013-01-02 23:51:56 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2013-01-02 23:51:53 -------- d-----w- c:\program files\Toolbar Cleaner
    2013-01-02 23:51:53 -------- d-----w- c:\program files\adawaretb
    2013-01-02 23:50:16 -------- d-----w- c:\users\all\appdata\roaming\Ad-Aware Antivirus
    2013-01-02 23:48:37 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
    2013-01-02 23:30:21 -------- d-----w- c:\windows\B4F3A360E1E2479DADE79BE3B07F4539.TMP
    2013-01-02 23:30:18 -------- d-----w- c:\programdata\NVIDIA Corporation
    2013-01-02 23:16:19 -------- d-----w- C:\NVIDIA
    2012-12-31 18:26:47 769144 ----a-w- c:\windows\BDTSupport.dll
    2012-12-31 18:26:47 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys
    2012-12-31 18:26:46 150648 ----a-w- c:\windows\SGDetectionTool.dll
    2012-12-31 18:26:44 2280568 ----a-w- c:\windows\PCTBDCore.dll
    2012-12-31 18:26:44 1690744 ----a-w- c:\windows\PCTBDRes.dll
    2012-12-31 18:25:50 260760 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-12-31 18:25:50 178584 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2012-12-31 18:25:44 19464 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-12-31 18:25:41 71752 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-12-31 18:25:41 68272 ----a-w- c:\windows\system32\drivers\pctplsm.sys
    2012-12-31 18:22:24 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-12-31 18:22:24 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-12-31 18:22:22 368616 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-12-31 18:22:22 163288 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-12-31 18:22:19 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-12-31 18:22:19 -------- d-----w- c:\program files\common files\PC Tools
    2012-12-31 18:21:47 -------- d-----w- c:\users\all\appdata\roaming\TestApp
    2012-12-31 18:13:09 -------- d-----w- c:\users\all\appdata\local\MFAData
    2012-12-31 18:13:09 -------- d-----w- c:\users\all\appdata\local\Avg2013
    2012-12-31 18:12:50 -------- d-----w- c:\users\all\appdata\roaming\AVG Rewards for Chrome
    2012-12-31 18:12:50 -------- d-----w- c:\program files\AVG Rewards
    2012-12-31 18:10:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-31 18:10:46 -------- d-----w- c:\programdata\Malwarebytes
    2012-12-31 18:10:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-12-31 18:10:36 -------- d-----w- c:\users\all\appdata\local\Programs
    2012-12-21 04:02:16 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 04:02:16 295424 ----a-w- c:\windows\system32\atmfd.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 02:42:16 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 02:42:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-13 02:53:05 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2012-12-13 02:52:59 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2012-12-13 02:52:59 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-12-11 21:52:45 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2012-12-05 18:06:28 23416 ----a-r- c:\windows\system32\SZIO5.dll
    2012-12-05 18:06:16 681848 ----a-r- c:\windows\system32\SZComp5.dll
    2012-12-05 18:06:12 509816 ----a-r- c:\windows\system32\SZBase5.dll
    2012-12-02 23:33:15 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
    2012-12-01 03:43:52 438632 ----a-w- c:\windows\system32\nvStreaming.exe
    2012-11-26 15:55:48 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
    2012-11-26 15:55:48 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
    2012-10-22 18:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2012-10-15 08:48:52 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2006-10-28 05:14:54 463152 ----a-w- c:\program files\setup.exe
    .
    ============= FINISH: 19:13:16.05 ===============





    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-10 20:33:06
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJB-56R1A0 rev.01.03E01 149.05GB
    Running: omx484m6.exe; Driver: C:\Users\all\AppData\Local\Temp\kwtdrpog.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8BE9FB60]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8BE9FE28]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8BEA0124]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x91ACD14A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x91ACD21A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x91ACCD7C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x91ACCF6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x91ACD000]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8BE9F75E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x91ACCECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x91ACD09C]

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C47A49 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C814D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82C88618 8 Bytes [60, FB, E9, 8B, 28, FE, E9, ...]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82C88650 4 Bytes [24, 01, EA, 8B]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82C8878C 8 Bytes [4A, D1, AC, 91, 1A, D2, AC, ...] {DEC EDX; SHR DWORD [ECX+EDX*4-0x6e532de6], 0x1}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82C887D4 4 Bytes [7C, CD, AC, 91] {JL 0xffffffcf; LODSB ; XCHG ECX, EAX}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82C88A94 8 Bytes [6A, CF, AC, 91, 00, D0, AC, ...] {PUSH -0x31; LODSB ; XCHG ECX, EAX; ADD AL, DL; LODSB ; XCHG ECX, EAX}
    .text ...
    ? System32\Drivers\spdr.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 93DD3D81 5 Bytes JMP 86B471D8
    .text a5e5a2nx.SYS 91B99000 12 Bytes [44, 28, 02, 83, EE, 26, 02, ...] {INC ESP; SUB [EDX], AL; SUB ESI, 0x26; ADD AL, [EBX-0x7cfdf860]}
    .text a5e5a2nx.SYS 91B9900D 9 Bytes [07, 02, 83, 48, 2B, 02, 83, ...] {POP ES; ADD AL, [EBX-0x7cfdd4b8]; ADD [EAX], AL}
    .text a5e5a2nx.SYS 91B99017 20 Bytes [00, DE, C7, B8, 8B, E6, C5, ...]
    .text a5e5a2nx.SYS 91B9902C 136 Bytes [00, 00, 00, 00, C0, 28, C4, ...]
    .text a5e5a2nx.SYS 91B990B5 12 Bytes [54, C8, 82, F0, 39, C8, 82, ...]
    .text ...
    .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9FB3B300, 0x3B638, 0xE8000020]
    .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9FB82300, 0x1BEE, 0xE8000020]
    ? C:\Users\all\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SetFocus 7618ABAD 5 Bytes JMP 50D293E0 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
    .text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SetForegroundWindow 7618B225 5 Bytes JMP 50D292C0 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
    .text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!ShowWindow 7618F2A9 5 Bytes JMP 50D29390 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
    .text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SetWindowPos 76191BC4 5 Bytes JMP 50D29400 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
    .text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SetActiveWindow 7619333A 5 Bytes JMP 50D29450 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
    .text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!BringWindowToTop 761B040B 5 Bytes JMP 50D292F0 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
    .text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SwitchToThisWindow 761B6A17 5 Bytes JMP 50D29320 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
    .text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!ShowWindowAsync 761E4F03 5 Bytes JMP 50D29340 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
    .text s:\Program Files\Origin\Origin.exe[4932] ole32.dll!DoDragDrop 75BCA827 5 Bytes JMP 50D292A0 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5900] ntdll.dll!LdrGetProcedureAddress + 26 775C2239 7 Bytes JMP 5F914470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5900] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 765B941E 7 Bytes JMP 5FB60459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5900] kernel32.dll!QueryPerformanceCounter + 13 765BC435 7 Bytes JMP 5FB6047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5900] kernel32.dll!LoadAppInitDlls + 355 765BF4F6 7 Bytes JMP 5F91F972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5900] GDI32.dll!GetViewportOrgEx + 26C 7625884B 3 Bytes JMP 5FB603DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5900] GDI32.dll!GetViewportOrgEx + 270 7625884F 3 Bytes JMP 017B823F

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\[email protected] ?Thu?, ?Jan ?10 ?13, 07:01:56 PM???????????????????????????????C
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x5D 0x32 0xED 0x43 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x25 0x40 0x6C 0x0B ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x58 0x23 0x77 0xAE ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x5D 0x32 0xED 0x43 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x25 0x40 0x6C 0x0B ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x58 0x23 0x77 0xAE ...

    ---- EOF - GMER 2.0 ----


    thanks in advance
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    first

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  6. Lypka109

    Lypka109 Thread Starter

    Joined:
    Apr 10, 2005
    Messages:
    40
    # AdwCleaner v2.105 - Logfile created 01/11/2013 at 17:16:50
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : all - ALL-PC
    # Boot Mode : Normal
    # Running from : C:\Users\all\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Program Files\adawaretb
    Folder Found : C:\Program Files\SweetIM
    Folder Found : C:\Program Files\Winamp Toolbar
    Folder Found : C:\Program Files\Yontoo
    Folder Found : C:\ProgramData\blekko toolbars
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\ProgramData\Winamp Toolbar
    Folder Found : C:\Users\all\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Folder Found : C:\Users\all\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Found : C:\Users\all\AppData\Local\OpenCandy
    Folder Found : C:\Users\all\AppData\Local\Winamp Toolbar
    Folder Found : C:\Users\all\AppData\Locallow\adawaretb
    Folder Found : C:\Users\all\AppData\Locallow\AVG Security Toolbar
    Folder Found : C:\Users\all\AppData\Locallow\SweetIM
    Folder Found : C:\Users\all\AppData\Roaming\Mozilla\Firefox\Profiles\c5aijy8y.default\adawaretb
    Folder Found : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\SweetIM
    Key Found : HKCU\Software\Winamp Toolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
    Key Found : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
    Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
    Key Found : HKLM\Software\SweetIM
    Key Found : HKLM\Software\Tarma Installer
    Key Found : HKLM\Software\Winamp Toolbar
    Key Found : HKU\S-1-5-21-2906375110-3581957490-1177268750-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Users\all\AppData\Roaming\Mozilla\Firefox\Profiles\c5aijy8y.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\all\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Chromium v directory_upgrade: true
    }

    File : C:\Users\all\AppData\Local\Chromium\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [9512 octets] - [11/01/2013 17:16:50]

    ########## EOF - C:\AdwCleaner[R1].txt - [9572 octets] ##########
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - evaluate hijack postvirus
  1. genubi
    Replies:
    0
    Views:
    320
  2. bj nick
    Replies:
    0
    Views:
    767
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083790

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice