Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: Computer Cleanup

  1. 2013-09-30, 23:00 #21
    Robybel
    Robybel is offline
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi mum2_3

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -
  2. 2013-10-01, 10:51 #22
    mum2_3
    mum2_3 is offline
    Member
    Join Date
    Sep 2013
    Posts
    33

    Default

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.30.09

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Liv :: LIV [administrator]

    Protection: Enabled

    1/10/2013 9:17:35 AM
    mbam-log-2013-10-01 (09-17-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 276253
    Time elapsed: 50 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E596DF5F-4239-4D40-8367-EBADF0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Documents and Settings\Liv\Desktop\JRT.exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Liv\Application Data\Server.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    (end)
  3. 2013-10-01, 21:39 #23
    Robybel
    Robybel is offline
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi mum2_3

    Try this


    • Physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
    • Click on your START button and choose Run. Then copy/paste the entire code in RED (Including the "" marks and the Symbols) into the run box.

      Go to Then Run

      "%userprofile%\desktop\combofix.exe" /killall



    • Click OK and this will start ComboFix in a special way.
    • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -
  4. 2013-10-02, 06:00 #24
    mum2_3
    mum2_3 is offline
    Member
    Join Date
    Sep 2013
    Posts
    33

    Default

    Works as far as the blue screen but nothing appears on it
  5. 2013-10-02, 15:33 #25
    Robybel
    Robybel is offline
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi mum2_3

    Thanks for your patience, I am trying to solve your problem.

    Try this:

    • Physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
    • Click on your START button and choose Run. Then copy/paste the entire code in RED (Including the "" marks and the Symbols) into the run box.

      Go to Then Run

      Combofix /nombr
    • Click OK and this will start ComboFix in a special way.
    • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -
  6. 2013-10-04, 01:35 #26
    mum2_3
    mum2_3 is offline
    Member
    Join Date
    Sep 2013
    Posts
    33

    Default

    Stuck on 49 :-(
  7. 2013-10-04, 06:37 #27
    Robybel
    Robybel is offline
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Ok mum2_3

    Re-Run OTL

    • Open OTL again and click the Quick Scan button
    • Post the OTL.txt log it produces in your next reply.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -
  8. 2013-10-05, 12:48 #28
    mum2_3
    mum2_3 is offline
    Member
    Join Date
    Sep 2013
    Posts
    33

    Default

    OTL logfile created on: 5/10/2013 10:40:47 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Liv\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1022.07 Mb Total Physical Memory | 314.97 Mb Available Physical Memory | 30.82% Memory free
    3.90 Gb Paging File | 3.11 Gb Available in Paging File | 79.73% Paging File free
    Paging file location(s): C:\pagefile.sys 3069 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 97.51 Gb Free Space | 65.46% Space Free | Partition Type: NTFS

    Computer Name: LIV | User Name: Liv | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Liv\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
    PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
    PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\108Mbps Wireless Network USB Dongle\WLANPRO.exe ()
    PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
    MOD - C:\Program Files\Steam\bin\libcef.dll ()
    MOD - C:\Program Files\Steam\SDL2.dll ()
    MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
    MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
    MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
    MOD - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
    MOD - C:\Program Files\108Mbps Wireless Network USB Dongle\WLANPRO.exe ()


    ========== Services (SafeList) ==========

    SRV - (vToolbarUpdater15.5.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe File not found
    SRV - (SpyroService) -- C:\Program Files\FS\Spyro Portal\FlashPortal.exe File not found
    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll ()
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
    SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (dump_wmimmc) -- C:\Program Files\OGPlanet\NeoOnline\GameGuard\dump_wmimmc.sys File not found
    DRV - (cpuz132) -- C:\DOCUME~1\Liv\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
    DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\Liv\LOCALS~1\Temp\catchme.sys File not found
    DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
    DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (MfeAVFK) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
    DRV - (MfeBOPK) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (MfeRKDK) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
    DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (drmkaud) -- C:\WINDOWS\system32\drivers\drmkaud.sys ()
    DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
    DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
    DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
    DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
    DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
    DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
    DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 4D 7C 01 53 BF CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKCU\..\SearchScopes\{2BCD1EE9-4AA0-488A-9AE5-2294CF49F5E2}: "URL" = http://www.bing.com/search?FORM=IE8SRC&q={searchTerms}&src={referrer:source?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Liv\Local Settings\Application Data\RobloxVersions\version-394f11f19cd64b1a\\NPRobloxProxy.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/05/15 19:22:06 | 000,000,000 | ---D | M]


    ========== Chrome ==========


    O1 HOSTS File: ([2013/09/25 09:45:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
    O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\108Mbps Wireless Network USB Dongle Configuration Utility.lnk = C:\Program Files\108Mbps Wireless Network USB Dongle\WLANPRO.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reg.lnk = C:\Program Files\108Mbps Wireless Network USB Dongle\Reg.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
    O4 - Startup: C:\Documents and Settings\Liv\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 10.40.2)
    O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3...iew22RTEv4.cab (View22RTEv4 Class)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/acti..._v1-0-31-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 10.40.2)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net...l_4.1.66.0.cab (SysInfo Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEAC92F2-B27F-4F57-BAFD-FFF6E3FC3744}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFD98FEF-C2EC-4562-9DEE-30AF1B6D7740}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Liv\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Liv\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/02/23 16:39:12 | 000,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/03 18:41:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/10/03 10:08:02 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2013/10/01 09:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\Application Data\Malwarebytes
    [2013/10/01 09:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/10/01 09:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/10/01 09:09:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/10/01 09:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/10/01 09:07:12 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Liv\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/09/30 08:45:01 | 005,130,789 | R--- | C] (Swearware) -- C:\Documents and Settings\Liv\Desktop\ComboFix.exe
    [2013/09/25 10:16:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/09/25 10:02:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/09/25 10:02:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/09/25 10:02:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/09/25 10:02:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/09/25 09:59:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/09/25 09:43:47 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/09/24 09:26:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Liv\Desktop\OTL.exe
    [2013/09/23 20:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\Desktop\RK_Quarantine
    [2013/09/23 11:00:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/09/23 10:57:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/23 10:47:11 | 000,760,937 | ---- | C] (Farbar) -- C:\Documents and Settings\Liv\Desktop\MiniToolBox.exe
    [2013/09/19 18:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
    [2013/09/19 18:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\Local Settings\Application Data\WinZip
    [2013/09/19 18:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\My Documents\Add-in Express
    [2013/09/19 18:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2013/09/19 13:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\Local Settings\Application Data\Sun
    [2013/09/19 11:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2013/09/19 09:52:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Liv\Start Menu\Programs\Administrative Tools
    [2013/09/19 09:52:15 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Liv\Desktop\dds.scr
    [2013/09/19 09:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2013/09/19 09:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/09/19 09:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/09/19 09:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
    [2013/07/07 12:58:44 | 005,022,720 | ---- | C] (Privax Ltd) -- C:\Documents and Settings\Liv\Application Data\CubeLauncher.exe
    [2013/07/07 12:58:36 | 000,252,400 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Liv\Application Data\vccorlib110.dll
    [2013/07/07 12:58:34 | 000,535,008 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Liv\Application Data\msvcp110.dll
    [2013/07/07 12:58:28 | 000,875,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Liv\Application Data\msvcr110.dll
    [2006/07/18 14:12:08 | 000,908,800 | ---- | C] (Foxit Software Company) -- C:\Program Files\PDFEdit.exE
    [2006/03/13 11:27:52 | 004,789,792 | ---- | C] (Google Inc.) -- C:\Program Files\picasa2-current.exe
    [2006/02/23 13:59:32 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Liv\MSSSerif120.fon
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/10/05 10:05:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/10/05 09:09:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/10/05 09:09:18 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/10/05 08:40:37 | 139,104,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2013/10/05 06:55:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/10/05 06:55:43 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2013/10/04 17:34:28 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{69704788-5D88-4C51-BF94-32258AD6E79D}.job
    [2013/10/04 17:28:53 | 000,443,761 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2013/10/01 09:09:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/10/01 09:07:14 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Liv\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/09/30 08:45:01 | 005,130,789 | R--- | M] (Swearware) -- C:\Documents and Settings\Liv\Desktop\ComboFix.exe
    [2013/09/28 09:19:57 | 000,038,636 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_28.09.2013_09.00.39_log.zip
    [2013/09/28 08:59:50 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\tdsskiller.zip
    [2013/09/27 14:53:13 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\ROBLOX Player.lnk
    [2013/09/27 14:53:13 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\ROBLOX Studio 2013.lnk
    [2013/09/25 10:16:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/09/25 09:45:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2013/09/24 09:26:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liv\Desktop\OTL.exe
    [2013/09/23 20:38:43 | 000,922,112 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\RogueKiller.exe
    [2013/09/23 10:56:45 | 001,042,066 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\AdwCleaner.exe
    [2013/09/23 10:53:55 | 000,891,144 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\SecurityCheck.exe
    [2013/09/23 10:47:13 | 000,760,937 | ---- | M] (Farbar) -- C:\Documents and Settings\Liv\Desktop\MiniToolBox.exe
    [2013/09/19 18:49:08 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2013/09/19 18:49:08 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2013/09/19 13:05:19 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\Microsoft Word 2010.lnk
    [2013/09/19 11:35:57 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Liv\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/09/19 11:35:57 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\Spybot - Search & Destroy.lnk
    [2013/09/19 11:26:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\MBR.dat
    [2013/09/19 09:52:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Liv\Desktop\dds.scr
    [2013/09/19 09:50:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Liv\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/09/19 09:50:43 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\NTREGOPT.lnk
    [2013/09/19 09:50:43 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\ERUNT.lnk
    [2013/09/13 17:53:16 | 000,352,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/09/13 17:40:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/10/01 09:09:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/09/28 09:19:57 | 000,038,636 | ---- | C] () -- C:\TDSSKiller.2.8.16.0_28.09.2013_09.00.39_log.zip
    [2013/09/28 08:59:50 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\tdsskiller.zip
    [2013/09/25 10:16:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2013/09/25 10:16:14 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/09/25 10:02:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/09/25 10:02:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/09/25 10:02:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/09/25 10:02:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/09/25 10:02:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/09/23 20:38:23 | 000,922,112 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\RogueKiller.exe
    [2013/09/23 10:56:34 | 001,042,066 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\AdwCleaner.exe
    [2013/09/23 10:53:44 | 000,891,144 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\SecurityCheck.exe
    [2013/09/19 18:49:08 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2013/09/19 11:35:57 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2013/09/19 11:35:56 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\Spybot - Search & Destroy.lnk
    [2013/09/19 11:26:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\MBR.dat
    [2013/09/19 09:50:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Liv\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/09/19 09:50:43 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\NTREGOPT.lnk
    [2013/09/19 09:50:43 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\ERUNT.lnk
    [2013/08/11 17:31:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\New WinRAR archive.rar
    [2013/07/07 12:58:44 | 001,534,507 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\start.plx
    [2013/07/07 12:58:42 | 003,878,400 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Cube.exe
    [2013/07/07 12:58:02 | 000,717,985 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\unins000.exe
    [2013/07/07 12:56:56 | 000,075,421 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\quest-tag.plx
    [2013/07/07 12:56:52 | 000,019,388 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\resource1.dat
    [2013/07/07 12:56:52 | 000,015,864 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\resource2.dat
    [2013/07/07 12:56:52 | 000,011,609 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\cursor.plx
    [2013/07/07 12:56:52 | 000,004,801 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\interface.plx
    [2013/07/07 12:56:52 | 000,002,040 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\unins000.dat
    [2013/07/07 12:56:52 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\options.cfg
    [2013/07/07 12:56:52 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\server.cfg
    [2013/07/07 12:56:28 | 000,210,614 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\logo.bmp
    [2013/04/05 15:04:00 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Liv\Local Settings\Application Data\rbxcsettings.rbx
    [2013/03/31 09:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2013/01/01 15:19:39 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Liv\jagex_cl_runescape_LIVE.dat
    [2012/08/25 15:16:14 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Liv\Local Settings\Application Data\dt.dat
    [2012/05/12 19:47:29 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2012/02/15 21:13:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/09 10:33:35 | 000,038,428 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Comma Separated Values (Windows).ADR
    [2011/01/06 15:16:47 | 000,098,540 | ---- | C] () -- C:\Documents and Settings\Liv\Start Menu.rar
    [2010/05/29 20:00:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Liv\jagex__preferences3.dat
    [2010/02/28 12:56:35 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Liv\jagex_runescape_preferences2.dat
    [2010/02/28 12:54:55 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Liv\jagex_runescape_preferences.dat
    [2008/07/22 12:40:12 | 000,012,978 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Microsoft Access.CAL
    [2008/07/22 12:38:49 | 000,012,977 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Microsoft Excel.CAL
    [2005/10/04 09:35:06 | 134,043,000 | ---- | C] () -- C:\Program Files\Overview.wmv
    [2005/10/04 09:34:20 | 005,417,299 | ---- | C] () -- C:\Program Files\Product Highlights.pdf
    [2005/08/08 09:23:33 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Liv\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/07/25 10:00:16 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Liv\Local Settings\Application Data\fusioncache.dat
    [2005/07/22 12:01:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\dm.ini

    ========== ZeroAccess Check ==========

    [2004/08/11 19:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 10:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 22:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 10:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/07/23 09:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/05/31 21:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2008/11/23 14:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
    [2008/11/23 14:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
    [2011/03/15 08:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2013/03/01 18:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EdAlive
    [2013/06/23 10:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2006/06/19 11:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2009/08/20 18:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
    [2012/04/13 20:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
    [2013/05/15 19:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2005/11/28 10:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
    [2010/07/18 10:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
    [2013/06/23 12:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
    [2008/08/10 11:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2012/05/31 21:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2010/02/27 08:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
    [2010/01/12 20:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\View22
    [2013/09/19 18:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/06/15 22:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2013/10/03 19:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\.minecraft
    [2012/10/11 17:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\.techniclauncher
    [2013/08/07 16:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\ACD Systems
    [2012/05/31 22:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\AVG2012
    [2012/12/14 18:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\backup minecraft
    [2012/12/14 18:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\bacup file for minecraft
    [2010/10/20 09:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/07/26 18:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Digiarty
    [2012/01/31 12:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\ElevatedDiagnostics
    [2011/03/01 08:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\FOG Downloader
    [2008/01/03 22:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\GetRightToGo
    [2006/02/23 13:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Leadertech
    [2012/08/24 14:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Memeo
    [2007/01/16 13:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\MSN Search Toolbar
    [2013/03/21 15:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\MSNInstaller
    [2013/07/12 07:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Opera
    [2013/06/23 12:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Origin
    [2013/08/04 20:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\patch
    [2008/03/04 19:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\SmartDraw
    [2008/11/02 19:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Snapfish
    [2013/03/22 09:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\TuneUp Software
    [2011/07/31 16:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\TuxPaint
    [2013/08/14 17:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Unity
    [2012/08/07 10:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Windows Search

    ========== Purity Check ==========



    < End of report >
  9. 2013-10-05, 17:02 #29
    Robybel
    Robybel is offline
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi mum2_3

    Go in task manager (ctrl-alt-canc)In process Tab
    You Find PEV.exe process
    Select it and stop process

    Next

    • Physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
    • Click on your START button and choose Run. Then copy/paste the entire code in RED (Including the "" marks and the Symbols) into the run box.

      Go to Then Run

      "%userprofile%\desktop\combofix.exe" /killall


    • Click OK and this will start ComboFix in a special way.
    • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply
    Last edited by Robybel; 2013-10-05 at 17:04.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -
  10. 2013-10-08, 05:35 #30
    mum2_3
    mum2_3 is offline
    Member
    Join Date
    Sep 2013
    Posts
    33

    Default

    There is no PEV.exe to delete (checked numerous times, even rebooted and tried again)

    Combofix I get an error saying it is expired and will run in "reduced functionality mode". I tried that and just got the blue screen before it froze computer. Also tried to delete combofix and reinstall. Still got message. untitled.JPG - copy of print screen error
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules