Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OOPS I ran ComboFix before i found this forum


  • Please log in to reply
23 replies to this topic

#1 MadMike5

MadMike5

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 14 July 2014 - 02:09 PM

Yep, I am a total idiot :(

 

A few weeks back I came into my computer room too see my main desktop with the dreaded blue screen on it.

 

I tried to reboot it without any luck.

 

Using my laptop I downloaded many different removal tools, I got it running in the end, but....

 

No internet access, can get browsers open sometimes (never directly).

 

I had Avast on the computer with auto update !

 

Kapersky came up with hundreds of different viruses, bit by bit I seem to have got rid of most.

 

If (like Kapersky rescue) it is booting from another kernel, internet access is ok and everything updates.

 

I am running Win7 .

 

If somebody can tell me what to upload from ComboFix I will do so ( I thought I knew where it was but cannot find the log). 

 

Fingers and toes crossed.

 

Mike


Edited by MadMike5, 14 July 2014 - 02:13 PM.


BC AdBot (Login to Remove)

 


m

#2 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 19 July 2014 - 02:02 PM

Welcome to Bleeping Computer MadMike5,

 

Not real clear on your status there right now, since you both posted you had no internet access, then you do have it. Why don't we just take a look at what all is there now.

 

 

The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

 

Download RogueKiller from here to your desktop.

    Close all open programs
    Remember to right click -> run as administrator, and click the downloaded file.
    Wen RogueKiller finises it's opening scan, press the Scan button..
    A RKreport.txt will be created in the same location as the RogueKiller file.
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

-----------

 

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.


Ad eundum quo no duck ante iit

#3 MadMike5

MadMike5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 19 July 2014 - 05:06 PM

Hi Jintan,

 

Thanks for coming back to me :)

 

I have run the scans and attached the text files to this reply as requested.

 

I still cannot access the internet with the infected computer but can with my laptop.

 

I think I may see the problem now but will wait for more knowledgeable people to tell me what to do next.

 

The computer will be left untouched until I receive advice as what to do next. 

 

Thanks again

 

Good luck always

 

Mike

Attached Files



#4 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 20 July 2014 - 05:53 PM

Kinda been a tad busier there than what you already stated, yes?

 

[2014-07-13 06:24:40 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Local\CrashDumps
[2014-07-13 05:54:45 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\Michael\Desktop\TDSSkiller.exe
[2014-07-13 02:48:01 | 000,000,000 | ---D | C] -- D:\Windows\ERUNT
[2014-07-13 02:26:45 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2014-07-13 01:26:42 | 000,000,000 | ---D | C] -- D:\ProgramData\RogueKiller
[2014-07-13 01:18:43 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

 

Go to Start, right click Computer, left click Manage.

 

Click on Device Manager. Click the + sign next to "Network adapters", locate your wireless device, right click it, and select Uninstall. DO NOT agree to delete the files, if offered.

 

Reboot. I will assume you will have Internet access then. Run and "post" (not attach please) new RogueKiller and OTL logs please.


Ad eundum quo no duck ante iit

#5 MadMike5

MadMike5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 21 July 2014 - 09:18 AM

Hi Jintan,

 

I cannot get an extras.txt generated again,, I have tried a few times, also I cannot close Google toolbar notifier "access is denied", I do not know if that is normal.

 

I do not know which is my wireless adapter, I do not use the wireless on this desktop normally anyway, I uninstalled both adapters anyway, still no luck :( .

 

For some reason the time on the computer had altered itself, I corrected this between today's 2 scans.

 

 RogueKiller V9.2.2.0 [Jul 11 2014] by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Michael [Admin rights]
Mode : Scan -- Date : 07/21/2014  18:46:54
 
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] (SVC) Mobile Broadband HL Service -- "D:\ProgramData\MobileBrServ\mbbservice.exe" -service[7] -> STOPPED
 
¤¤¤ Registry Entries : 23 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Mobile Broadband HL Service -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mobile Broadband HL Service -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mobile Broadband HL Service -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.158.1.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_Q_E844\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.72.9.38 194.74.65.69 192.168.1.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.158.1.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_Q_E844\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 194.72.9.38 194.74.65.69 192.168.1.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.158.1.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_D289\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B627CAA-4634-4A97-BA3C-135F376691CA} | DhcpNameServer : 62.69.62.6 62.69.62.7 100.168.1.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_Q_E844\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3977EDBC-F11A-4C7E-83AB-17782C8485BD} | DhcpNameServer : 194.72.9.38 194.74.65.69 192.168.1.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_D289\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B627CAA-4634-4A97-BA3C-135F376691CA} | DhcpNameServer : 62.69.62.6 62.69.62.7 100.168.1.1  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_Q_E844\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3977EDBC-F11A-4C7E-83AB-17782C8485BD} | DhcpNameServer : 194.72.9.38 194.74.65.69 192.168.1.1  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-789336058-2052111302-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_C_CC05\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_L_F872\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_L_F872\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_Q_D4E8\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[D:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHelp20 @ Unknown (\SystemRoot\System32\Drivers\AFPUni.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\SCSIPORT.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\InCDPass @ \Device\INCDPASS_REAL_DEVICE00000000 (\SystemRoot\System32\Drivers\incdrm.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\INCDPASS_REAL_DEVICE00000000 : \Driver\incdrm @ \Device\MrwR00000000 (\SystemRoot\system32\drivers\mssmbios.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: MAXTOR STM3250820AS ATA Device +++++
--- User ---
[MBR] 20ba0320e680d140bdf37f4b0e05906a
[BSP] 1faa7953bc0aa057d7f03688e20c0d12 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238472 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: MAXTOR STM3250820AS ATA Device +++++
--- User ---
[MBR] 1907860b6e02352d0431c823d38755ac
[BSP] 03ba735bad7a26c564862b8581496d02 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 32467 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 66493035 | Size: 206003 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: SAMSUNG HD154UI ATA Device +++++
--- User ---
[MBR] 2a0c7043613c441490ec4429842e3a7b
[BSP] 4a7c67264f69f73e15e27ee917235c15 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 MB
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 206848 | Size: 632978 MB
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1296545792 | Size: 401982 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: Kingston DT 101 G2 USB Device +++++
--- User ---
[MBR] 86f36c7007781bc1013db02c5cde7a13
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 15092 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_07132014_021950.log - RKreport_SCN_07132014_014525.log - RKreport_SCN_07132014_021745.log - RKreport_SCN_07132014_022522.log
RKreport_SCN_07202014_055247.log - RKreport_SCN_07212014_173824.log - RKreport_SCN_07212014_180128.log
 
 

OTL logfile created on: 21-Jul-14 12:37:46 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Michael\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
 
1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.56% Memory free
14.64 Gb Paging File | 13.54 Gb Available in Paging File | 92.48% Paging File free
Paging file location(s): c:\pagefile.sys 1000 4000d:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 31.71 Gb Total Space | 1.01 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 48.99 Gb Free Space | 21.04% Space Free | Partition Type: NTFS
Drive E: | 175.78 Gb Total Space | 64.47 Gb Free Space | 36.68% Space Free | Partition Type: NTFS
Drive F: | 128.45 Gb Total Space | 66.27 Gb Free Space | 51.59% Space Free | Partition Type: NTFS
Drive G: | 270.39 Gb Total Space | 84.53 Gb Free Space | 31.26% Space Free | Partition Type: NTFS
Drive I: | 100.00 Mb Total Space | 29.61 Mb Free Space | 29.61% Space Free | Partition Type: NTFS
Drive J: | 457.73 Gb Total Space | 188.86 Gb Free Space | 41.26% Space Free | Partition Type: NTFS
Drive K: | 100.71 Gb Total Space | 99.58 Gb Free Space | 98.88% Space Free | Partition Type: NTFS
Drive L: | 392.56 Gb Total Space | 180.86 Gb Free Space | 46.07% Space Free | Partition Type: NTFS
Drive Q: | 72.73 Gb Total Space | 5.22 Gb Free Space | 7.17% Space Free | Partition Type: NTFS
Drive R: | 14.73 Gb Total Space | 7.66 Gb Free Space | 51.96% Space Free | Partition Type: FAT32
 
Computer Name: REDTEN | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-07-19 22:13:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Michael\Desktop\OTL.exe
PRC - [2014-07-13 01:18:44 | 000,106,248 | ---- | M] (SurfRight B.V.) -- D:\Program Files\HitmanPro\hmpsched.exe
PRC - [2014-03-31 21:30:31 | 003,854,640 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014-03-31 21:30:31 | 000,050,344 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-12-21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-10-10 23:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2013-08-06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- D:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\taskhost.exe
PRC - [2012-07-12 22:30:59 | 000,123,320 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe
PRC - [2011-12-18 18:51:34 | 000,156,160 | ---- | M] (SEIKO EPSON CORPORATION) -- D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2011-12-18 18:51:34 | 000,125,440 | ---- | M] (SEIKO EPSON CORPORATION) -- D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2011-12-14 13:57:35 | 000,126,392 | R--- | M] (Symantec Corporation) -- D:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe
PRC - [2011-04-22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- D:\Windows\explorer.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- D:\Windows\Explorer.EXE
PRC - [2010-11-20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\AUDIODG.EXE
PRC - [2010-07-04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- D:\Windows\System32\FsUsbExService.Exe
PRC - [2009-07-14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- d:\Program Files\windows defender\MpCmdRun.exe
PRC - [2008-11-09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007-10-12 10:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- D:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007-08-02 15:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- D:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
PRC - [2006-09-28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002-05-21 09:20:08 | 000,040,960 | ---- | M] (H+H Software GmbH) -- D:\Program Files\Virtual CD v4\System\vcdsecs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-11-26 23:57:44 | 019,336,120 | ---- | M] () -- D:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009-04-27 12:55:12 | 000,678,400 | ---- | M] () -- D:\Program Files\IZArc\IZArcCM.dll
MOD - [2007-09-20 18:34:58 | 000,129,024 | ---- | M] () -- D:\Program Files\WinRAR\rarext.dll
MOD - [2006-03-09 19:45:36 | 000,081,920 | R--- | M] () -- D:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
MOD - [2005-08-19 11:31:12 | 000,049,152 | ---- | M] () -- D:\Program Files\Ipswitch\WS_FTP Home\wshosts.dll
MOD - [2005-08-19 11:30:44 | 000,155,648 | ---- | M] () -- D:\Program Files\Ipswitch\WS_FTP Home\wsftplib.dll
MOD - [2005-04-18 10:49:12 | 000,815,104 | R--- | M] () -- D:\Program Files\Ipswitch\WS_FTP Home\LIBEAY32.dll
MOD - [2005-04-18 10:49:12 | 000,155,648 | R--- | M] () -- D:\Program Files\Ipswitch\WS_FTP Home\SSLEAY32.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014-07-13 01:18:44 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Running] -- D:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014-03-31 21:30:31 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014-03-19 12:49:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-03-12 11:38:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-03-06 08:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014-01-16 01:39:44 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- D:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV - [2013-12-21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-10-10 23:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2013-08-06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- D:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012-07-12 22:30:59 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012-06-28 07:19:18 | 000,233,344 | ---- | M] () [Auto | Stopped] -- D:\ProgramData\MobileBrServ\mbbservice.exe -- (Mobile Broadband HL Service)
SRV - [2011-12-18 18:51:34 | 000,156,160 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2011-12-18 18:51:34 | 000,125,440 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2011-12-14 13:57:35 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011-04-22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010-08-16 03:03:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-07-04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- D:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010-03-29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- D:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009-08-24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- D:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe -- (DfSdkS)
SRV - [2009-07-14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\storsvc.dll -- (StorSvc)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\peerdistsvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:15:33 | 000,078,848 | ---- | M] () [Auto | Stopped] -- D:\Windows\System32\ipbusenum.dll -- (IPBusEnum)
SRV - [2008-11-09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-09-07 14:41:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-05-02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007-10-12 10:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- D:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk)
SRV - [2007-08-02 15:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007-08-02 15:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- D:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk)
SRV - [2007-05-31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006-09-28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004-08-27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- D:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR)
SRV - [2004-08-27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- D:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2002-05-21 09:20:08 | 000,040,960 | ---- | M] (H+H Software GmbH) [Auto | Running] -- D:\Program Files\Virtual CD v4\System\vcdsecs.exe -- (VCDSecS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Users\Michael\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014-04-19 07:04:33 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- D:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014-03-31 21:30:42 | 000,067,264 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014-03-31 21:30:41 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- D:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014-03-31 21:30:41 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- D:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014-03-31 21:30:41 | 000,180,760 | ---- | M] () [Kernel | Boot | Running] -- D:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014-03-31 21:30:41 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- D:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014-03-31 21:30:40 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014-03-31 21:30:40 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-12-21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2012-12-21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012-08-23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012-08-23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV - [2012-05-20 09:29:54 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- D:\Windows\System32\DRIVERS\stdriver32.sys -- (stdriver)
DRV - [2012-04-28 04:17:07 | 000,183,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011-08-17 11:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011-08-17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011-08-17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-08-17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011-08-17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011-01-26 11:31:28 | 000,805,888 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\Drivers\SmiUsbGrabber3C.sys -- (SMIGrabber3C)
DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\WinUsb.sys -- (WinUsb)
DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-06-14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Windows\System32\FsUsbExDisk.SYS -- (FsUsbExDisk)
DRV - [2010-04-27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010-04-27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\ss_bbus.sys -- (ss_bbus)
DRV - [2010-04-27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010-03-25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2010-03-24 13:57:44 | 000,204,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - [2010-03-20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - [2009-07-14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009-07-14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009-07-14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- D:\Windows\System32\DRIVERS\serial.sys -- (Serial)
DRV - [2009-07-14 00:12:08 | 000,016,896 | ---- | M] () [Kernel | System | Stopped] -- D:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009-02-24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - [2008-09-06 00:00:00 | 000,044,000 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\Drivers\AFPUni.sys -- (AFPUni)
DRV - [2008-07-22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- D:\Windows\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-05-06 07:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2008-02-29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV - [2008-02-29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV - [2008-02-29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006-11-02 09:57:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\System32\DRIVERS\irsir.sys -- (irsir)
DRV - [2004-12-01 18:54:50 | 000,093,632 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\Drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004-08-27 10:02:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\Windows\System32\DRIVERS\InCDPass.sys -- (InCDPass)
DRV - [2004-08-27 10:02:30 | 000,092,928 | ---- | M] (Ahead Software AG) [File_System | Disabled | Stopped] -- D:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004-08-27 03:02:50 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\Windows\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004-03-10 04:48:08 | 000,108,032 | ---- | M] (Cisco-Linksys LLC) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\DRIVERS\vnetusbl.sys -- (LinksysFVNETusbl(AR)
DRV - [2002-08-20 12:33:42 | 000,049,168 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- D:\Windows\System32\DRIVERS\vcdmpdrv.sys -- (vcdmpdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mdbvi.com/
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-2052111302-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: D:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: D:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: D:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: D:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-07-13 00:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: D:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-13 00:16:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2014-06-11 00:51:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2014-07-13 00:03:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
 
[2010-08-14 00:12:50 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2014-07-13 00:04:07 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\kjgzeo6z.default\extensions
[2014-07-13 00:04:07 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\kjgzeo6z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2014-07-12 23:57:25 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\mozilla firefox\extensions
[2014-07-13 00:03:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014-07-13 00:03:56 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014-07-13 00:03:56 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014-07-12 23:57:24 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\mozilla firefox\browser\extensions
[2014-07-13 00:03:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014-06-11 00:52:09 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014-07-13 00:16:34 | 000,000,000 | ---D | M] (avast! Online Security) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012-08-13 09:25:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2014-07-13 00:03:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- D:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2008-09-04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2013-07-14 09:07:39 | 000,129,176 | ---- | M] (RealPlayer) -- D:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - Extension: RealPlayer HTML5Video Downloader Extension = D:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = D:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13307_0\
CHR - Extension: Chrome In-App Payments service = D:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
 
O1 HOSTS File: ([2014-07-14 22:05:25 | 000,000,027 | ---- | M]) - D:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - D:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-789336058-2052111302-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] D:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EaseUS EPM tray] g:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Everything] D:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] D:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Recordpad] "D:\Program Files\NCH Software\Recordpad\recordpad.exe" -logon File not found
O4 - HKLM..\Run: [rfagent] D:\Program Files\RFA\rfagent.exe (KsL Software)
O4 - HKU\S-1-5-21-789336058-2052111302-839522115-1004..\Run: [Messenger (Yahoo!)] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-789336058-2052111302-839522115-1004..\Run: [mRouterConfig] D:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe (Intuwave Ltd.)
O4 - HKU\S-1-5-21-789336058-2052111302-839522115-1004..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: New Value #1 = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-2052111302-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-2052111302-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-2052111302-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O12 - Plugin for: .UVR - D:\Program Files\Internet Explorer\Plugins\NPUPano.dll (Ulead Systems, Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221127743312 (Reg Error: Key error.)
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} http://91.199.104.31/cab/ActiveQscan.cab (Confirmation)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ukfreetrial.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} http://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx (nvUnifiedControl Control)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.158.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EFC7DC4-11DC-4BCD-A198-0FF7A6A4E714}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7881BDB1-D4A1-4A65-A43A-7532BBE2B620}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{959EBE39-5576-4511-9646-10529A344101}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7E7C3A4-3AE4-4433-8435-269A8CA421AC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - d:\Program Files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: D:\Marta\Emma.jpg
O24 - Desktop BackupWallPaper: D:\Marta\Emma.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-06-02 17:51:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - L:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2014-07-19 21:17:52 | 000,000,016 | -H-- | M] () - R:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010-04-14 22:54:30 | 000,000,166 | ---- | M] () - R:\AUTORUN_.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-07-20 06:17:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Michael\Desktop\OTL.exe
[2014-07-20 06:08:37 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2014-07-14 22:05:38 | 000,000,000 | ---D | C] -- D:\$RECYCLE.BIN
[2014-07-14 21:38:59 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Local\temp
[2014-07-14 20:39:53 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe
[2014-07-14 20:39:53 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe
[2014-07-14 20:39:53 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe
[2014-07-14 20:39:31 | 000,000,000 | ---D | C] -- D:\ComboFix
[2014-07-14 20:37:59 | 000,000,000 | ---D | C] -- D:\Qoobox
[2014-07-14 20:36:42 | 000,000,000 | ---D | C] -- D:\Windows\erdnt
[2014-07-14 20:31:05 | 005,219,590 | R--- | C] (Swearware) -- D:\Users\Michael\Desktop\ComboFix.exe
[2014-07-13 06:24:40 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Local\CrashDumps
[2014-07-13 05:54:45 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\Michael\Desktop\TDSSkiller.exe
[2014-07-13 02:48:01 | 000,000,000 | ---D | C] -- D:\Windows\ERUNT
[2014-07-13 02:26:45 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2014-07-13 01:26:42 | 000,000,000 | ---D | C] -- D:\ProgramData\RogueKiller
[2014-07-13 01:18:43 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014-07-13 01:18:43 | 000,000,000 | ---D | C] -- D:\Program Files\HitmanPro
[2014-07-13 01:17:30 | 000,000,000 | ---D | C] -- D:\ProgramData\HitmanPro
[2014-07-13 00:10:58 | 000,000,000 | ---D | C] -- D:\ProgramData\SUPERAntiSpyware.com
[2014-07-11 12:14:36 | 000,000,000 | ---D | C] -- D:\NBRT
[2014-06-23 15:54:13 | 000,000,000 | ---D | C] -- D:\RescueCD Logs
[2009-04-17 20:00:46 | 000,100,232 | ---- | C] (Microsoft Corporation) -- D:\Users\Michael\DimdimSetup.exe
[8 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[4 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014-07-21 17:35:36 | 000,029,160 | ---- | M] () -- D:\Windows\System32\drivers\TrueSight.sys
[2014-07-21 17:28:34 | 000,025,856 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-07-21 17:28:34 | 000,025,856 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-07-21 17:16:44 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2014-07-21 17:16:36 | 1603,133,440 | -HS- | M] () -- D:\hiberfil.sys
[2014-07-20 06:17:52 | 000,662,400 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2014-07-20 06:17:52 | 000,122,268 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2014-07-19 22:13:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Michael\Desktop\OTL.exe
[2014-07-19 19:20:14 | 000,001,013 | ---- | M] () -- D:\Windows\System32\cleartmp.cmd
[2014-07-14 22:05:25 | 000,000,027 | ---- | M] () -- D:\Windows\System32\drivers\etc\hosts
[2014-07-14 22:01:08 | 000,003,296 | ---- | M] () -- D:\bootsqm.dat
[2014-07-14 12:26:58 | 005,219,590 | R--- | M] (Swearware) -- D:\Users\Michael\Desktop\ComboFix.exe
[2014-07-13 01:18:44 | 000,001,893 | ---- | M] () -- D:\Users\Public\Desktop\HitmanPro.lnk
[2014-07-13 00:17:19 | 000,002,047 | ---- | M] () -- D:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014-07-11 14:12:34 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\Michael\Desktop\TDSSkiller.exe
[2014-06-30 22:35:31 | 000,001,584 | ---- | M] () -- D:\scanc300614
[2014-06-30 10:39:03 | 000,586,648 | ---- | M] () -- D:\kap2
[2014-06-29 16:11:19 | 004,891,910 | ---- | M] () -- D:\kap scann
[8 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[4 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014-07-19 19:20:14 | 000,001,013 | ---- | C] () -- D:\Windows\System32\cleartmp.cmd
[2014-07-14 22:01:08 | 000,003,296 | ---- | C] () -- D:\bootsqm.dat
[2014-07-14 20:39:53 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe
[2014-07-14 20:39:53 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe
[2014-07-14 20:39:53 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe
[2014-07-14 20:39:53 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe
[2014-07-14 20:39:53 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe
[2014-07-13 01:26:50 | 000,029,160 | ---- | C] () -- D:\Windows\System32\drivers\TrueSight.sys
[2014-07-13 01:18:44 | 000,001,893 | ---- | C] () -- D:\Users\Public\Desktop\HitmanPro.lnk
[2014-06-30 22:35:23 | 000,001,584 | ---- | C] () -- D:\scanc300614
[2014-06-30 10:17:25 | 000,586,648 | ---- | C] () -- D:\kap2
[2014-06-29 14:13:09 | 004,891,910 | ---- | C] () -- D:\kap scann
[2014-06-13 04:05:39 | 000,112,128 | ---- | C] () -- D:\Windows\System32\ieUnatt.exe
[2014-03-26 18:13:37 | 000,174,504 | ---- | C] () -- D:\Windows\System32\java.exe
[2014-02-13 22:12:44 | 000,423,936 | ---- | C] () -- D:\Windows\System32\secproc_isv.dll
[2013-09-12 08:21:59 | 000,180,760 | ---- | C] () -- D:\Windows\System32\drivers\aswVmm.sys
[2013-09-12 08:21:58 | 000,049,944 | ---- | C] () -- D:\Windows\System32\drivers\aswRvrt.sys
[2013-09-12 07:06:46 | 000,054,016 | ---- | C] () -- D:\Windows\System32\drivers\cmmhlq.sys
[2013-08-16 20:53:17 | 000,110,592 | ---- | C] () -- D:\Windows\System32\FsUsbExDevice.Dll
[2013-08-16 20:53:17 | 000,036,608 | ---- | C] () -- D:\Windows\System32\FsUsbExDisk.Sys
[2013-02-26 17:09:47 | 000,019,840 | ---- | C] () -- D:\Windows\System32\EuEpmGdi.dll
[2013-02-26 17:09:46 | 002,468,520 | ---- | C] () -- D:\Windows\System32\BootMan.exe
[2013-02-26 17:09:46 | 000,087,112 | ---- | C] () -- D:\Windows\System32\setupempdrv03.exe
[2013-02-26 17:09:46 | 000,014,920 | ---- | C] () -- D:\Windows\System32\epmntdrv.sys
[2013-02-26 17:09:46 | 000,009,160 | ---- | C] () -- D:\Windows\System32\EuGdiDrv.sys
[2013-02-18 16:42:54 | 000,012,800 | ---- | C] () -- D:\Windows\System32\RdpGroupPolicyExtension.dll
[2011-05-28 23:05:56 | 000,004,608 | ---- | C] () -- D:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-02 12:55:05 | 1374,634,238 | ---- | C] () -- D:\Users\Michael\DVD2.uif
[2011-04-02 10:03:45 | 1374,672,721 | ---- | C] () -- D:\Users\Michael\DVD.UIF
[2010-09-21 20:01:14 | 000,000,000 | ---- | C] () -- D:\ProgramData\PKP_DLds.DAT
[2010-09-21 20:01:13 | 000,000,000 | ---- | C] () -- D:\ProgramData\PKP_DLec.DAT
[2010-08-15 22:57:58 | 000,007,625 | ---- | C] () -- D:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2009-10-28 17:36:33 | 000,003,266 | ---- | C] () -- D:\Users\Michael\AppData\Roaming\wklnhst.dat
[2009-10-08 17:26:33 | 000,000,000 | ---- | C] () -- D:\Users\Michael\Halasz Judit
[2009-10-08 16:40:10 | 609,850,281 | ---- | C] () -- D:\Users\Michael\Halasz Judit.uif
[2009-06-16 15:05:47 | 000,000,023 | ---- | C] () -- D:\Users\Michael\presets.ini
[2009-04-17 20:00:46 | 001,939,456 | ---- | C] () -- D:\Users\Michael\Dimdim.msi
[2008-12-08 19:10:57 | 000,000,268 | RH-- | C] () -- D:\Users\Michael\AppData\Roaming\Fonts
[2008-09-12 11:31:52 | 000,000,000 | ---- | C] () -- D:\Users\Michael\AppData\Roaming\WGC_Client Preferences
 
========== ZeroAccess Check ==========
 
[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> D:\Users\Michael\Desktop\PJKbook.pdf:SummaryInformation
@Alternate Data Stream - 150 bytes -> D:\ProgramData\TEMP:CB0AACC9
 
< End of report >
 
 
I look forward to your advice.
 
Thanks
 
Mike


#6 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 21 July 2014 - 05:23 PM

I'm going to need an uninstall list of some type, which that Extras.txt log would have provided. Sorry to delay repairs.

 

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.


Ad eundum quo no duck ante iit

#7 MadMike5

MadMike5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 22 July 2014 - 04:43 AM

Hi Again Jintan,

 

There is no need for sorry's, I am grateful that you are taking the time to help me.

 

Here are the contents from Hijack:-

 

#1 DVD Audio Ripper 1.2.11
µTorrent
3MobileWiFi
Adobe Acrobat 4.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Reader XI (11.0.06)
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
Ashampoo Burning Studio 10 10.0.7
Ashampoo Home Designer Pro
Ashampoo Office 2010
Ashampoo WinOptimizer 7.10
AuctionEasyWords
Avanquest update
avast! Free Antivirus
Bulent's Screen Recorder 4
CDDRV_Installer
CDisplay 1.8
Classic FTP
Compatibility Pack for the 2007 Office system
D3DX10
Data Access Objects (DAO) 3.5
EaseUS Partition Master 9.2.1 Home Edition
EPSON SX440 Series Printer Uninstall
erLT
Everything 1.2.1.371
Express Burn
Express Rip
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HitmanPro 3.7
ImgBurn
ImTOO DVD Ripper Platinum 5
Intel® Graphics Media Accelerator Driver
Ipswitch WS_FTP Home 2006
IZArc 4.0 beta 1
Java 7 Update 51
JTIS
Junk Mail filter update
KhalInstallWrapper
LiveUpdate
Logitech Desktop Messenger
Logitech SetPoint
Magic ISO Maker v5.4 (build 0239)
Magic ISO Maker v5.5 (build 0274)
MagicDisc 2.7.106
MagicMedia
Malwarebytes Anti-Malware version 2.0.1.1004
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1
Microsoft Office 2000 Premium
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Mobile Broadband HL Service
Moneysoft Payroll Manager
Moneysoft Payroll Manager Update
Motorola Driver Installation 3.2.0
Motorola PcSync
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.1.0 (x86 en-GB)
MP3 Encoder v1.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Naviextras Toolbox
Naviextras Toolbox Prerequesities
NCH Toolbox
NEF Codec
Nero Suite
NetObjects Fusion 8
Nikon Message Center
Nokia Connectivity Cable Driver
Norton PC Checkup
OGA Notifier 2.0.0048.0
oggcodecs 0.71.0946
PDF2Web v1.6
PictureProject
Pixillion Image Converter
Prism Video Converter
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
RecordPad Sound Recorder
Red Alert Windows 95
Registry First Aid
Router IP Address 1.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Samsung New PC Studio
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
ScanWiz v1.4
Screencaster Plug-in for IE
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype Click to Call
Skype™ 6.14
SMI Grabber Device
SoundTap Streaming Audio Recorder
SUPERAntiSpyware
Switch Sound File Converter
TalkTalk Assist & Go
Test My Hardware 2.0
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
trueCall Message Centre
Ulead COOL 360 1.0
Ulead Photo Express 4.0 SE
Ulead PhotoImpact 10 SE
Ulead VideoStudio SE DVD
USB Scanner
VideoPad Video Editor
VIMICRO USB PC Camera
Virtual CD v4
WavePad Sound Editor
WebEx
Westwood Chat
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Center
Windows Support Tools
WinRAR archiver
WinZip 17.5
World Gaming Center Version 2.1.2
XP PowerPack V1.00
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
 
 
Thanks again
 
Mike


#8 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 22 July 2014 - 05:15 PM

Why do you have so very many partitions?

Drive C: | 31.71 Gb Total Space | 1.01 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 48.99 Gb Free Space | 21.04% Space Free | Partition Type: NTFS
Drive E: | 175.78 Gb Total Space | 64.47 Gb Free Space | 36.68% Space Free | Partition Type: NTFS
Drive F: | 128.45 Gb Total Space | 66.27 Gb Free Space | 51.59% Space Free | Partition Type: NTFS
Drive G: | 270.39 Gb Total Space | 84.53 Gb Free Space | 31.26% Space Free | Partition Type: NTFS
Drive I: | 100.00 Mb Total Space | 29.61 Mb Free Space | 29.61% Space Free | Partition Type: NTFS
Drive J: | 457.73 Gb Total Space | 188.86 Gb Free Space | 41.26% Space Free | Partition Type: NTFS
Drive K: | 100.71 Gb Total Space | 99.58 Gb Free Space | 98.88% Space Free | Partition Type: NTFS
Drive L: | 392.56 Gb Total Space | 180.86 Gb Free Space | 46.07% Space Free | Partition Type: NTFS
Drive Q: | 72.73 Gb Total Space | 5.22 Gb Free Space | 7.17% Space Free | Partition Type: NTFS
Drive R: | 14.73 Gb Total Space | 7.66 Gb Free Space | 51.96% Space Free | Partition Type: FAT32

------------------

Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan
•Make sure the entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

If it prompts for a reboot, go ahead and agree to it.

---------

Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Ashampoo WinOptimizer 7.10 - Can make system-damaging incorrect changes.

HitmanPro 3.7 - Did what it could, so uninstall it.

Logitech Desktop Messenger - Amazingly enough, Logitech uses this to spy on your system activities. Who knows why.

McAfee Security Scan Plus - Scans only - useless.

Mozilla Maintenance Service - Resource waster.

Google Toolbar for Internet Explorer - Resource waster.

Norton PC Checkup - If expired, unistall it.

Registry First Aid - Fake, scam fixit program. Causes system damage.

Screencaster Plug-in for IE - Vedor no longer exists.

And these resource wasters:

Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update


No idea what this does - can you tell me?


XP PowerPack V1.00

------------

Reboot, and assuming you have Internet access, click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready.  When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start.  This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log please.
 


Edited by Jintan, 22 July 2014 - 05:17 PM.

Ad eundum quo no duck ante iit

#9 MadMike5

MadMike5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 23 July 2014 - 08:30 AM

 Hi Again Jintan,

 

I have so many partitions because over the 30+++ years I have had computers I have got through a few of them and I do not have the time to get rid of all the dross, so nearly everything gets dumped into a new partition on the new one until I get time to sort it.... which I rarely get, I need access to all my history at different times for different reasons. 

 

The XP PowerPack V1.00 was an early anti spam program along with some tools sold by Aldi on CD

 

Here is the delete report, I still cannot boot that computer up.

 

RogueKiller V9.2.2.0 [Jul 11 2014] by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Michael [Admin rights]
Mode : Remove -- Date : 07/23/2014  11:29:03
 
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] (SVC) Mobile Broadband HL Service -- "D:\ProgramData\MobileBrServ\mbbservice.exe" -service[7] -> STOPPED
 
¤¤¤ Registry Entries : 23 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Mobile Broadband HL Service -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mobile Broadband HL Service -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mobile Broadband HL Service -> DELETED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.158.1.1  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_Q_1B2E\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.72.9.38 194.74.65.69 192.168.1.1  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.158.1.1  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_Q_1B2E\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 194.72.9.38 194.74.65.69 192.168.1.1  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.158.1.1  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_3C95\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B627CAA-4634-4A97-BA3C-135F376691CA} | DhcpNameServer : 62.69.62.6 62.69.62.7 100.168.1.1  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_Q_1B2E\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3977EDBC-F11A-4C7E-83AB-17782C8485BD} | DhcpNameServer : 194.72.9.38 194.74.65.69 192.168.1.1  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_3C95\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B627CAA-4634-4A97-BA3C-135F376691CA} | DhcpNameServer : 62.69.62.6 62.69.62.7 100.168.1.1  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_Q_1B2E\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3977EDBC-F11A-4C7E-83AB-17782C8485BD} | DhcpNameServer : 194.72.9.38 194.74.65.69 192.168.1.1  -> REPLACED ()
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-789336058-2052111302-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> REPLACED (1)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_C_A70E\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_L_D55E\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_L_D55E\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_Q_9658\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[D:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHelp20 @ Unknown (\SystemRoot\System32\Drivers\AFPUni.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\SCSIPORT.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\InCDPass @ \Device\INCDPASS_REAL_DEVICE00000000 (\SystemRoot\System32\Drivers\incdrm.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\INCDPASS_REAL_DEVICE00000000 : \Driver\incdrm @ \Device\MrwR00000000 (\SystemRoot\system32\drivers\mssmbios.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: MAXTOR STM3250820AS ATA Device +++++
--- User ---
[MBR] 20ba0320e680d140bdf37f4b0e05906a
[BSP] 1faa7953bc0aa057d7f03688e20c0d12 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238472 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: MAXTOR STM3250820AS ATA Device +++++
--- User ---
[MBR] 1907860b6e02352d0431c823d38755ac
[BSP] 03ba735bad7a26c564862b8581496d02 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 32467 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 66493035 | Size: 206003 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: SAMSUNG HD154UI ATA Device +++++
--- User ---
[MBR] 2a0c7043613c441490ec4429842e3a7b
[BSP] 4a7c67264f69f73e15e27ee917235c15 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 MB
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 206848 | Size: 632978 MB
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1296545792 | Size: 401982 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: Kingston DT 101 G2 USB Device +++++
--- User ---
[MBR] 86f36c7007781bc1013db02c5cde7a13
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 15092 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_07132014_021950.log - RKreport_SCN_07132014_014525.log - RKreport_SCN_07132014_021745.log - RKreport_SCN_07132014_022522.log
RKreport_SCN_07202014_055247.log - RKreport_SCN_07212014_173824.log - RKreport_SCN_07212014_180128.log - RKreport_SCN_07212014_184649.log
RKreport_SCN_07232014_102247.log - RKreport_SCN_07232014_104930.log - RKreport_SCN_07232014_112158.log
 
 
Should I take the drives out and scan them using a docking station, or should I add another drive to that computer with its own operating system and use that to scan the "existing" stuff.
 
Thanks for all your help, it is really appreciated.
 
Good luck always
 
Mike 

Edited by MadMike5, 23 July 2014 - 04:11 PM.


#10 MadMike5

MadMike5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 23 July 2014 - 06:00 PM

I have just tried to turn it on and it did not boot, I tried various things with no luck.

 

I noticed I had some of my partitions were missing during one attempted windows repair, I had a look at the BIOS and saw there was a drive missing, so I checked the connections and the SATA cable on that drive had a plug literally falling apart, I replaced the cable.

 

Now the boot sequence is all screwed up and I have no idea which drive is the boot drive, I think the (Windows) repairs I tried whilst it was disconnected have further screwed things up as almost certainly the drive with screwed plug was the boot drive but it will not boot now.

 

I have tried all permutations but nothing works.

 

I am off to bed as it is midnight and I have a long day tomorrow

 

I think I have really screwed it now

 

Niters

 

Mike



#11 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 23 July 2014 - 06:39 PM

One of these days you know you will have to organize, choose what to offload and save, and just start afresh. Let's keep that option to remove the drive on the back burner though.

 

Uninstall Avast, then reboot.

 

Go to Start - right click Computer, left click manage. Click Device Manager.

 

Click the + symbol next to Network adapters. Locate your network connection, right click it, and select Uninstall. Do not opt to remove any software if offered. Reboot, allow Windows to reload the network drivers, then try Internet access again please.


Ad eundum quo no duck ante iit

#12 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 23 July 2014 - 06:42 PM

Overlooked your last post. With so many installs on so many partitions, who owns the boot manager is a tough question. See my previous post starting, "One of these days...".


Ad eundum quo no duck ante iit

#13 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 24 July 2014 - 06:12 PM

Would you like us to look into ID'ing the boot manager, and trying to make a come back there?


Ad eundum quo no duck ante iit

#14 MadMike5

MadMike5
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 25 July 2014 - 04:21 AM

Hi Jintan,

 

For sure, I would have no idea how to even get into the drive at the moment,  I have disconnected the other 2 drives for now.

 

I await you instructions :)

 

Thanks

 

Mike



#15 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 25 July 2014 - 05:37 PM

Can you tell me from the list at the top of this post which drive is left, and so, what operating systems it has on it?


Ad eundum quo no duck ante iit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users