TechSpot

Having problems with virus removal

By jimixd
Mar 7, 2011
  1. For the first time that I know of I have become infected with multiple threats.

    I use AVG free edition to protect my system and it does seem to be very good at telling me I am infected. It doesn't however seem to be very good at getting rid of the said threats.

    In addition I seem to be suffering from a virus that is redirecting all links followed from searches made in google or searches made from Chrome's URL bar.

    I have followed your 8 step virus post and got to here.

    Please see below the requested logs.

    Please advise the best course of action from now.

    Thanks in advance.


    ============


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5983

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    07/03/2011 20:52:15
    mbam-log-2011-03-07 (20-52-15).txt

    Scan type: Quick scan
    Objects scanned: 143417
    Time elapsed: 2 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ====================


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-07 21:01:14
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort1 Hitachi_HTS722020K9A300 rev.DC4OCA1H
    Running: lhnj4yi4.exe; Driver: C:\Users\JAMESL~1\AppData\Local\Temp\pwloikow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 390721712 (+255): rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Device\Ide\IdeDeviceP1T0L0-2 -> \??\IDE#DiskHitachi_HTS722020K9A300_________________DC4OCA1H#5&155f7073&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----



    ==========



    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by James Love-Mead at 21:03:20.55 on 07/03/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2046.1143 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\AVG\AVG10\avgui.exe
    C:\Program Files\AVG\AVG10\avgcfgex.exe
    C:\Users\James Love-Mead\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\James Love-Mead\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\James Love-Mead\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\James Love-Mead\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Mediafour XPlay Explorer notifications: {4907c0ad-874d-44d9-b13e-7b0a4d8b9d3e} - c:\program files\mediafour\xplay 3\XPBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 1 (0x1)
    mPolicies-system: DisableStartupSound = 1 (0x1)
    mPolicies-system: DisplayLastLogonInfo = 1 (0x1)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2009-9-28 259176]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-3-15 148184]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-20 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-25 1343400]
    S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-26 517448]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-23 136176]
    S4 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2009-12-28 224256]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-03-07 20:49:02 -------- d-----w- c:\users\jamesl~1\appdata\roaming\Malwarebytes
    2011-03-07 20:48:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-07 20:48:57 -------- d-----w- c:\progra~2\Malwarebytes
    2011-03-07 20:48:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-07 20:48:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-07 18:37:33 -------- d-----w- c:\windows\pss
    2011-02-24 23:52:39 -------- d-----w- c:\users\jamesl~1\appdata\roaming\The Creative Assembly
    2011-02-24 23:05:48 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2011-02-24 13:35:42 -------- d-----w- c:\users\jamesl~1\appdata\roaming\AVG
    2011-02-17 16:20:59 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
    2011-02-15 19:26:10 181608 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10137.bin
    .
    ==================== Find3M ====================
    .
    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
    2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
    2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
    2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: Hitachi_HTS722020K9A300 rev.DC4OCA1H -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-2
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85E8D5DC]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85e937b8]; MOV EAX, [0x85e93834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82C8E448] -> \Device\Harddisk0\DR0[0x85E6A510]
    3 CLASSPNP[0x88E0459E] -> ntkrnlpa!IofCallDriver[0x82C8E448] -> [0x85E70C98]
    \Driver\atapi[0x85E6CE08] -> IRP_MJ_CREATE -> 0x85E8D5DC
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-2 -> \??\IDE#DiskHitachi_HTS722020K9A300_________________DC4OCA1H#5&155f7073&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 390721966 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 21:03:52.99 ===============
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! You have a rootkit which is why you haven't been able to clean with just the AV:

    Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • A small window should open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.
    ====================================
    Follow with Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the cli[board, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. jimixd

    jimixd TS Rookie Topic Starter

    Results to step 1 below.

    Moving to next step.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: MXG071
    Logical Drives Mask: 0x0001000c

    Kernel Drivers (total 182):
    0x82C52000 \SystemRoot\system32\ntkrnlpa.exe
    0x82C1B000 \SystemRoot\system32\halmacpi.dll
    0x86198000 \SystemRoot\system32\kdcom.dll
    0x83201000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x83279000 \SystemRoot\system32\PSHED.dll
    0x8328A000 \SystemRoot\system32\BOOTVID.dll
    0x83292000 \SystemRoot\system32\CLFS.SYS
    0x832D4000 \SystemRoot\system32\CI.dll
    0x8337F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x833F0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x83417000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8345F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x83468000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x83470000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8349A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x834A5000 \SystemRoot\System32\drivers\partmgr.sys
    0x834B6000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x834BE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x834C9000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x834D9000 \SystemRoot\System32\drivers\volmgrx.sys
    0x83524000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x8352B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x83539000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8354F000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x83558000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8357B000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x83585000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8358E000 \SystemRoot\system32\drivers\fltmgr.sys
    0x835C2000 \SystemRoot\system32\drivers\fileinfo.sys
    0x83624000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x83753000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8377E000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x83791000 \SystemRoot\System32\Drivers\cng.sys
    0x837EE000 \SystemRoot\System32\drivers\pcw.sys
    0x83600000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x88E38000 \SystemRoot\system32\drivers\ndis.sys
    0x88EEF000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88F2D000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x89014000 \SystemRoot\System32\drivers\tcpip.sys
    0x8915D000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8918E000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x891CD000 \SystemRoot\System32\Drivers\spldr.sys
    0x88F52000 \SystemRoot\System32\drivers\rdyboost.sys
    0x891D5000 \SystemRoot\System32\Drivers\mup.sys
    0x88F7F000 \SystemRoot\System32\Drivers\MDFSYSNT.sys
    0x891E5000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x88FC6000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x891ED000 \SystemRoot\system32\DRIVERS\disk.sys
    0x88E00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x89000000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
    0x89005000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
    0x8D60E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8D62D000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
    0x8D639000 \SystemRoot\System32\Drivers\Null.SYS
    0x8D640000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8D647000 \SystemRoot\System32\drivers\vga.sys
    0x8D653000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8D674000 \SystemRoot\System32\drivers\watchdog.sys
    0x8D681000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8D689000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8D691000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8D699000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8D6A4000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8D6B2000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8D6C9000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8D6D4000 \SystemRoot\system32\DRIVERS\avgtdix.sys
    0x8D71C000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8D74E000 \SystemRoot\system32\drivers\afd.sys
    0x8D7A8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8D7AF000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8D7CE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x8D7DF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8D7ED000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x835E4000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8DE23000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8DE64000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
    0x8DE68000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8DE72000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8DE7C000 \SystemRoot\System32\drivers\discache.sys
    0x8DE88000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8DEA0000 \??\C:\Windows\system32\drivers\cbfs.sys
    0x8DEC3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8DED1000 \SystemRoot\system32\DRIVERS\avgldx86.sys
    0x8DF0D000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8DF2E000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8FE23000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x9091D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x9091F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8DF40000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x909D6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8DF79000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x909E1000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8FE00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8F032000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8F14A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x8F154000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
    0x8F190000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x8F1BC000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8F238000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8F289000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8F2A1000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8F2AE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8F2BB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8F2C1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8F2C5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8F2CE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x8F2DB000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x8F2E3000 \SystemRoot\system32\drivers\modem.sys
    0x8F2F0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x8F302000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8F31A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8F325000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8F347000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8F35F000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8F376000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8F38D000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0x8F394000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8F396000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8F3CA000 \SystemRoot\system32\DRIVERS\nvoclock.sys
    0x8F3D2000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8F83A000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8F87E000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8F88F000 \SystemRoot\system32\drivers\HdAudio.sys
    0x8F8DF000 \SystemRoot\system32\drivers\portcls.sys
    0x8F90E000 \SystemRoot\system32\drivers\drmk.sys
    0x8F927000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8F93E000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F940000 \SystemRoot\system32\DRIVERS\dc3d.sys
    0x8F94A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8F951000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8F95C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8F96F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8F97B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8F986000 \SystemRoot\system32\DRIVERS\point32.sys
    0x8F98F000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
    0x8F9C9000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
    0x8F9CB000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8F9D8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8F9E3000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x8F9ED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x8F800000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x82200000 \SystemRoot\System32\Drivers\bthport.sys
    0x82264000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x82288000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x82295000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x82630000 \SystemRoot\System32\win32k.sys
    0x822B0000 \SystemRoot\System32\drivers\Dxapi.sys
    0x822BA000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x82890000 \SystemRoot\System32\TSDDD.dll
    0x828C0000 \SystemRoot\System32\cdd.dll
    0x828E0000 \SystemRoot\System32\ATMFD.DLL
    0x822C5000 \SystemRoot\system32\drivers\luafv.sys
    0x822E0000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
    0x822E9000 \SystemRoot\system32\drivers\WudfPf.sys
    0x82303000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x82313000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x82359000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x82369000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9BE2F000 \SystemRoot\system32\drivers\HTTP.sys
    0x9BEB4000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9BECD000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9BEDF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9BF02000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9BF3D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9BF70000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
    0x9B839000 \SystemRoot\system32\drivers\peauth.sys
    0x9B8D0000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9B8DA000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
    0x9B966000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    0x9B99C000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9B9BD000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9B9CA000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0x9BF79000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9B9D4000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0x8237C000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9B800000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    0xA7E7A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xA7E8B000 \??\C:\Users\JAMESL~1\AppData\Local\Temp\pwloikow.sys
    0xA7EA3000 \??\C:\Users\JAMESL~1\AppData\Local\Temp\mbr.sys
    0x77820000 \Windows\System32\ntdll.dll
    0x48470000 \Windows\System32\smss.exe
    0x77A60000 \Windows\System32\apisetschema.dll

    Processes (total 67):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    536 csrss.exe
    624 C:\Windows\System32\wininit.exe
    636 csrss.exe
    684 C:\Windows\System32\services.exe
    708 C:\Windows\System32\lsass.exe
    716 C:\Windows\System32\lsm.exe
    740 C:\Windows\System32\winlogon.exe
    880 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\nvvsvc.exe
    988 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\svchost.exe
    1372 C:\Windows\System32\nvvsvc.exe
    1464 C:\Windows\System32\svchost.exe
    1596 C:\Windows\System32\spoolsv.exe
    1636 C:\Windows\System32\svchost.exe
    1724 C:\Program Files\AVG\AVG10\avgwdsvc.exe
    1760 C:\Windows\System32\svchost.exe
    1796 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    1880 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    528 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    648 C:\Windows\System32\svchost.exe
    972 C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
    1292 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    2948 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    3068 C:\Windows\System32\svchost.exe
    3240 C:\Windows\System32\svchost.exe
    2932 C:\Windows\System32\taskhost.exe
    3004 C:\Windows\System32\taskeng.exe
    3400 C:\Windows\System32\dwm.exe
    3472 C:\Windows\explorer.exe
    3536 C:\Windows\System32\taskeng.exe
    3568 C:\Program Files\Google\Update\GoogleUpdate.exe
    3800 C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    3864 C:\Windows\OEM02Mon.exe
    3988 C:\Program Files\AVG\AVG10\avgtray.exe
    3944 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3952 C:\Program Files\Microsoft IntelliType Pro\itype.exe
    3784 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    3832 C:\Windows\System32\conhost.exe
    4068 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
    1120 C:\Windows\System32\SearchIndexer.exe
    3604 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1512 C:\Windows\System32\svchost.exe
    4608 dllhost.exe
    4944 C:\Program Files\AVG\AVG10\avgui.exe
    2828 C:\Program Files\AVG\AVG10\avgcfgex.exe
    2680 C:\Users\James Love-Mead\AppData\Local\Google\Chrome\Application\chrome.exe
    5580 C:\Users\James Love-Mead\AppData\Local\Google\Chrome\Application\chrome.exe
    5436 C:\Users\James Love-Mead\AppData\Local\Google\Chrome\Application\chrome.exe
    6132 C:\Users\James Love-Mead\AppData\Local\Google\Chrome\Application\chrome.exe
    4428 C:\Windows\System32\notepad.exe
    3196 C:\Windows\System32\notepad.exe
    5228 C:\Windows\System32\notepad.exe
    1768 C:\Windows\System32\notepad.exe
    4740 WmiPrvSE.exe
    2768 C:\Windows\System32\SearchProtocolHost.exe
    2564 C:\Windows\System32\SearchFilterHost.exe
    520 C:\Windows\System32\audiodg.exe
    868 C:\Users\James Love-Mead\Downloads\MBRCheck.exe
    5440 C:\Windows\System32\conhost.exe
    3860 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\Q: --> error 5

    PhysicalDrive0 Model Number: HitachiHTS722020K9A300, Rev: DC4OCA1H

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  4. jimixd

    jimixd TS Rookie Topic Starter

    Result of scan:

    Thought that this might be the source but I could not delete it after download.

    C:\Users\James Love-Mead\Downloads\Microsoft_Office_2010_(x64)_keygen\Microsoft_Office_2010_(x64)_keygen_by_aaocg.exe a variant of Win32/Nebuler.CP trojan
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're not suppose to delete it- that's my job!

    But you are correct in thinking this might be a source for the malware:
    When you pirate a program- that is get a license or registration for a program from a torrent site to activate the program instead of paying for it, you are going to get malware with it.

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Users\James Love-Mead\Downloads\Microsoft_Office_2010_(x64)_keygen\Microsoft_Office_2010_(x6 4)_keygen_by_aaocg.exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
     
  6. jimixd

    jimixd TS Rookie Topic Starter

    Not found??? It was in the folder and now isn't... Have rerun virus scan and it came up with 0 threats this time... has it gone?


    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\James Love-Mead\Downloads\Microsoft_Office_2010_(x64)_keygen\Microsoft_Office_2010_(x6 4)_keygen_by_aaocg.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: James Love-Mead
    ->Temp folder emptied: 152048 bytes
    ->Temporary Internet Files folder emptied: 219771 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 130975810 bytes
    ->Flash cache emptied: 2413 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15301229 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 140.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 03092011_134113
     
  7. jimixd

    jimixd TS Rookie Topic Starter

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\steam\steamapps\common\empire total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
    scanner sequence 3.NA.11
    ----- EOF -----
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It was probably removed by another program. Since Office was pirated, you will have to uninstall it for support to continue.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...