Computer Cleanup

Robybel · Sep 30, 2013

Hi mum2_3

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

mum2_3 · Oct 1, 2013

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.30.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Liv :: LIV [administrator]

Protection: Enabled

1/10/2013 9:17:35 AM
mbam-log-2013-10-01 (09-17-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276253
Time elapsed: 50 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E596DF5F-4239-4D40-8367-EBADF0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Liv\Desktop\JRT.exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv\Application Data\Server.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

Robybel · Oct 1, 2013

Hi mum2_3

Try this

Physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire code in RED (Including the "" marks and the Symbols) into the run box.

Go to

Then Run

"%userprofile%\desktop\combofix.exe" /killall
Click OK and this will start ComboFix in a special way.
When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply

mum2_3 · Oct 2, 2013

Works as far as the blue screen but nothing appears on it

Robybel · Oct 2, 2013

Hi mum2_3

Thanks for your patience, I am trying to solve your problem. :sad:

Try this:

Physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire code in RED (Including the "" marks and the Symbols) into the run box.

Go to

Then Run

Combofix /nombr
Click OK and this will start ComboFix in a special way.
When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply

mum2_3 · Oct 4, 2013

Stuck on 49 :-(

Robybel · Oct 4, 2013

Ok mum2_3

Re-Run OTL

Open OTL again and click the Quick Scan button
Post the OTL.txt log it produces in your next reply.

mum2_3 · Oct 5, 2013

OTL logfile created on: 5/10/2013 10:40:47 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Liv\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1022.07 Mb Total Physical Memory | 314.97 Mb Available Physical Memory | 30.82% Memory free
3.90 Gb Paging File | 3.11 Gb Available in Paging File | 79.73% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 97.51 Gb Free Space | 65.46% Space Free | Partition Type: NTFS

Computer Name: LIV | User Name: Liv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Liv\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\108Mbps Wireless Network USB Dongle\WLANPRO.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\SDL2.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\Program Files\108Mbps Wireless Network USB Dongle\WLANPRO.exe ()

========== Services (SafeList) ==========

SRV - (vToolbarUpdater15.5.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe File not found
SRV - (SpyroService) -- C:\Program Files\FS\Spyro Portal\FlashPortal.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (dump_wmimmc) -- C:\Program Files\OGPlanet\NeoOnline\GameGuard\dump_wmimmc.sys File not found
DRV - (cpuz132) -- C:\DOCUME~1\Liv\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Liv\LOCALS~1\Temp\catchme.sys File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (drmkaud) -- C:\WINDOWS\system32\drivers\drmkaud.sys ()
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 4D 7C 01 53 BF CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{2BCD1EE9-4AA0-488A-9AE5-2294CF49F5E2}: "URL" = http://www.bing.com/search?FORM=IE8SRC&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Liv\Local Settings\Application Data\RobloxVersions\version-394f11f19cd64b1a\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/05/15 19:22:06 | 000,000,000 | ---D | M]

========== Chrome ==========

O1 HOSTS File: ([2013/09/25 09:45:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\108Mbps Wireless Network USB Dongle Configuration Utility.lnk = C:\Program Files\108Mbps Wireless Network USB Dongle\WLANPRO.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reg.lnk = C:\Program Files\108Mbps Wireless Network USB Dongle\Reg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Liv\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3_9_177/View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEAC92F2-B27F-4F57-BAFD-FFF6E3FC3744}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFD98FEF-C2EC-4562-9DEE-30AF1B6D7740}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Liv\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Liv\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/23 16:39:12 | 000,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/03 18:41:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/10/03 10:08:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/10/01 09:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\Application Data\Malwarebytes
[2013/10/01 09:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/01 09:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/10/01 09:09:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/01 09:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/01 09:07:12 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Liv\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/30 08:45:01 | 005,130,789 | R--- | C] (Swearware) -- C:\Documents and Settings\Liv\Desktop\ComboFix.exe
[2013/09/25 10:16:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/25 10:02:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/25 10:02:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/25 10:02:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/25 10:02:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/25 09:59:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/25 09:43:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/24 09:26:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Liv\Desktop\OTL.exe
[2013/09/23 20:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\Desktop\RK_Quarantine
[2013/09/23 11:00:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/23 10:57:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/23 10:47:11 | 000,760,937 | ---- | C] (Farbar) -- C:\Documents and Settings\Liv\Desktop\MiniToolBox.exe
[2013/09/19 18:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2013/09/19 18:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\Local Settings\Application Data\WinZip
[2013/09/19 18:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\My Documents\Add-in Express
[2013/09/19 18:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/09/19 13:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liv\Local Settings\Application Data\Sun
[2013/09/19 11:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2013/09/19 09:52:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Liv\Start Menu\Programs\Administrative Tools
[2013/09/19 09:52:15 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Liv\Desktop\dds.scr
[2013/09/19 09:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/09/19 09:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/09/19 09:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/09/19 09:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/07/07 12:58:44 | 005,022,720 | ---- | C] (Privax Ltd) -- C:\Documents and Settings\Liv\Application Data\CubeLauncher.exe
[2013/07/07 12:58:36 | 000,252,400 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Liv\Application Data\vccorlib110.dll
[2013/07/07 12:58:34 | 000,535,008 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Liv\Application Data\msvcp110.dll
[2013/07/07 12:58:28 | 000,875,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Liv\Application Data\msvcr110.dll
[2006/07/18 14:12:08 | 000,908,800 | ---- | C] (Foxit Software Company) -- C:\Program Files\PDFEdit.exE
[2006/03/13 11:27:52 | 004,789,792 | ---- | C] (Google Inc.) -- C:\Program Files\picasa2-current.exe
[2006/02/23 13:59:32 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Liv\MSSSerif120.fon
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/05 10:05:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/05 09:09:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/05 09:09:18 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/10/05 08:40:37 | 139,104,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/10/05 06:55:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/05 06:55:43 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/04 17:34:28 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{69704788-5D88-4C51-BF94-32258AD6E79D}.job
[2013/10/04 17:28:53 | 000,443,761 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/10/01 09:09:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/01 09:07:14 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Liv\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/30 08:45:01 | 005,130,789 | R--- | M] (Swearware) -- C:\Documents and Settings\Liv\Desktop\ComboFix.exe
[2013/09/28 09:19:57 | 000,038,636 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_28.09.2013_09.00.39_log.zip
[2013/09/28 08:59:50 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\tdsskiller.zip
[2013/09/27 14:53:13 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\ROBLOX Player.lnk
[2013/09/27 14:53:13 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\ROBLOX Studio 2013.lnk
[2013/09/25 10:16:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/09/25 09:45:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/09/24 09:26:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liv\Desktop\OTL.exe
[2013/09/23 20:38:43 | 000,922,112 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\RogueKiller.exe
[2013/09/23 10:56:45 | 001,042,066 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\AdwCleaner.exe
[2013/09/23 10:53:55 | 000,891,144 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\SecurityCheck.exe
[2013/09/23 10:47:13 | 000,760,937 | ---- | M] (Farbar) -- C:\Documents and Settings\Liv\Desktop\MiniToolBox.exe
[2013/09/19 18:49:08 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2013/09/19 18:49:08 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/09/19 13:05:19 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\Microsoft Word 2010.lnk
[2013/09/19 11:35:57 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Liv\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/09/19 11:35:57 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\Spybot - Search & Destroy.lnk
[2013/09/19 11:26:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\MBR.dat
[2013/09/19 09:52:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Liv\Desktop\dds.scr
[2013/09/19 09:50:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Liv\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/09/19 09:50:43 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\NTREGOPT.lnk
[2013/09/19 09:50:43 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Liv\Desktop\ERUNT.lnk
[2013/09/13 17:53:16 | 000,352,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/13 17:40:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/01 09:09:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/28 09:19:57 | 000,038,636 | ---- | C] () -- C:\TDSSKiller.2.8.16.0_28.09.2013_09.00.39_log.zip
[2013/09/28 08:59:50 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\tdsskiller.zip
[2013/09/25 10:16:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/09/25 10:16:14 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/25 10:02:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/25 10:02:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/25 10:02:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/25 10:02:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/25 10:02:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/23 20:38:23 | 000,922,112 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\RogueKiller.exe
[2013/09/23 10:56:34 | 001,042,066 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\AdwCleaner.exe
[2013/09/23 10:53:44 | 000,891,144 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\SecurityCheck.exe
[2013/09/19 18:49:08 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2013/09/19 11:35:57 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/09/19 11:35:56 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\Spybot - Search & Destroy.lnk
[2013/09/19 11:26:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\MBR.dat
[2013/09/19 09:50:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Liv\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/09/19 09:50:43 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\NTREGOPT.lnk
[2013/09/19 09:50:43 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Liv\Desktop\ERUNT.lnk
[2013/08/11 17:31:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\New WinRAR archive.rar
[2013/07/07 12:58:44 | 001,534,507 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\start.plx
[2013/07/07 12:58:42 | 003,878,400 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Cube.exe
[2013/07/07 12:58:02 | 000,717,985 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\unins000.exe
[2013/07/07 12:56:56 | 000,075,421 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\quest-tag.plx
[2013/07/07 12:56:52 | 000,019,388 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\resource1.dat
[2013/07/07 12:56:52 | 000,015,864 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\resource2.dat
[2013/07/07 12:56:52 | 000,011,609 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\cursor.plx
[2013/07/07 12:56:52 | 000,004,801 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\interface.plx
[2013/07/07 12:56:52 | 000,002,040 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\unins000.dat
[2013/07/07 12:56:52 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\options.cfg
[2013/07/07 12:56:52 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\server.cfg
[2013/07/07 12:56:28 | 000,210,614 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\logo.bmp
[2013/04/05 15:04:00 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Liv\Local Settings\Application Data\rbxcsettings.rbx
[2013/03/31 09:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/01/01 15:19:39 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Liv\jagex_cl_runescape_LIVE.dat
[2012/08/25 15:16:14 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Liv\Local Settings\Application Data\dt.dat
[2012/05/12 19:47:29 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/15 21:13:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/09 10:33:35 | 000,038,428 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Comma Separated Values (Windows).ADR
[2011/01/06 15:16:47 | 000,098,540 | ---- | C] () -- C:\Documents and Settings\Liv\Start Menu.rar
[2010/05/29 20:00:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Liv\jagex__preferences3.dat
[2010/02/28 12:56:35 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Liv\jagex_runescape_preferences2.dat
[2010/02/28 12:54:55 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Liv\jagex_runescape_preferences.dat
[2008/07/22 12:40:12 | 000,012,978 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Microsoft Access.CAL
[2008/07/22 12:38:49 | 000,012,977 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\Microsoft Excel.CAL
[2005/10/04 09:35:06 | 134,043,000 | ---- | C] () -- C:\Program Files\Overview.wmv
[2005/10/04 09:34:20 | 005,417,299 | ---- | C] () -- C:\Program Files\Product Highlights.pdf
[2005/08/08 09:23:33 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Liv\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/25 10:00:16 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Liv\Local Settings\Application Data\fusioncache.dat
[2005/07/22 12:01:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Liv\Application Data\dm.ini

========== ZeroAccess Check ==========

[2004/08/11 19:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 10:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 22:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 10:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/23 09:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/31 21:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/11/23 14:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2008/11/23 14:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/03/15 08:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/01 18:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EdAlive
[2013/06/23 10:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2006/06/19 11:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/20 18:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2012/04/13 20:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2013/05/15 19:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2005/11/28 10:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2010/07/18 10:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2013/06/23 12:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2008/08/10 11:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/31 21:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/02/27 08:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2010/01/12 20:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\View22
[2013/09/19 18:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/06/15 22:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/10/03 19:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\.minecraft
[2012/10/11 17:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\.techniclauncher
[2013/08/07 16:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\ACD Systems
[2012/05/31 22:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\AVG2012
[2012/12/14 18:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\backup minecraft
[2012/12/14 18:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\bacup file for minecraft
[2010/10/20 09:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/26 18:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Digiarty
[2012/01/31 12:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\ElevatedDiagnostics
[2011/03/01 08:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\FOG Downloader
[2008/01/03 22:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\GetRightToGo
[2006/02/23 13:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Leadertech
[2012/08/24 14:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Memeo
[2007/01/16 13:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\MSN Search Toolbar
[2013/03/21 15:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\MSNInstaller
[2013/07/12 07:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Opera
[2013/06/23 12:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Origin
[2013/08/04 20:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\patch
[2008/03/04 19:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\SmartDraw
[2008/11/02 19:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Snapfish
[2013/03/22 09:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\TuneUp Software
[2011/07/31 16:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\TuxPaint
[2013/08/14 17:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Unity
[2012/08/07 10:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liv\Application Data\Windows Search

========== Purity Check ==========

< End of report >

Robybel · Oct 5, 2013

Hi mum2_3

Go in task manager (ctrl-alt-canc)In process Tab
You Find PEV.exe process
Select it and stop process

Next

Physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire code in RED (Including the "" marks and the Symbols) into the run box.

Go to

Then Run

"%userprofile%\desktop\combofix.exe" /killall
Click OK and this will start ComboFix in a special way.
When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply

mum2_3 · Oct 8, 2013

There is no PEV.exe to delete (checked numerous times, even rebooted and tried again)

Combofix I get an error saying it is expired and will run in "reduced functionality mode". I tried that and just got the blue screen before it froze computer. Also tried to delete combofix and reinstall. Still got message.

- copy of print screen error

Dakeyras · Oct 8, 2013

Hi.

Robybel is currently unavailable and I will be assisting you for the time being...

Please acknowledge this post and then we will go from there, thank you.

mum2_3 · Oct 9, 2013

Thanks for the help Dakeyras

Dakeyras · Oct 9, 2013

Hi.

Thanks for the help Dakeyras

Acknowledged and you're welcome!

I see this machine has had some problems running ComboFix successfully, this in itself is not necessarily a bad thing and or the root cause malicious.

Anyway lets proceed as follows shall we...

TFC(Temp File Cleaner):

Please download TFC to the desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
Click the Start button in the bottom left of TFC.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

I advise you keep TFC on the desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.

Boot.ini Check:

I would like to review the current state of the Boot.ini file to check if it is corrupted or not as follows:

Open Notepad.
Copy and Paste everything from the Code Box below into Notepad:

Code:

@echo off
xcopy C:\boot.ini "%userprofile%\desktop\" /h
attrib -s -h "%userprofile%\desktop\boot.ini"
ren "%userprofile%\desktop\boot.ini" bootini.txt
del %0

Go to File >> Save As
Save File name as Look.bat
Change Save as Type to All Files and save the file to the Desktop.
It should look like this:

Now double click on the desktop Look.bat to run the batch file. It will self-delete when completed and produce a notepad text file named bootini that should now be on the desktop.

Check Hard Disk For Errors:

Clcik on Start >> Run... then copy/paste the following command into the box and press OK:

Code:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear the desktop.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 32-Bit to the desktop.

Double-click on FRST.exe to start FRST.
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

How is the computer performing now, any further symptoms and or problems encountered?
Boot.ini Check Log(bootini.txt).
Check Hard Disk For Errors Log(checkhd.txt).
Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

mum2_3 · Oct 11, 2013

TFC wouldnt work. I tried it twice and each time it frozen the whole system while it was 'shutting down processes' so right at the beginning. I left the computer for a few hours and it was still frozen so I dont think that it was just slow.

Wasnt sure if you wanted me to continue with the other things. Will await your response.

Dakeyras · Oct 11, 2013

Hi.

TFC wouldnt work. I tried it twice and each time it frozen the whole system while it was 'shutting down processes' so right at the beginning. I left the computer for a few hours and it was still frozen so I dont think that it was just slow.

Acknowledged...the machine certainly does not want to play nice eh, not to worry these things can occur from time to time.

OK try running TFC in Safe Mode, How to boot into Safe Mode:

Restart the computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

If any problems refer to this tutorial.

Note: In the event TFC will still not work correctly in Safe Mode either, merely reboot the machine back into Normal Mode and continue with my prior instructions from Boot.ini Check onwards, thank you.

Dakeyras · Oct 14, 2013

Due to the lack of feedback this Topic is closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

Computer Cleanup

Robybel

Malware Team: Emeritus

mum2_3

New member

Robybel

Malware Team: Emeritus

mum2_3

New member

Robybel

Malware Team: Emeritus

mum2_3

New member

Robybel

Malware Team: Emeritus

mum2_3

New member

Robybel

Malware Team: Emeritus

mum2_3

New member

Dakeyras

Security Expert-Emeritus

mum2_3

New member

Dakeyras

Security Expert-Emeritus

mum2_3

New member

Dakeyras

Security Expert-Emeritus

Dakeyras

Security Expert-Emeritus