Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect problems with Google


  • This topic is locked This topic is locked
38 replies to this topic

#1 FAB1

FAB1

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 16 July 2012 - 07:07 PM

Picked up a virus that blocks Google and some other sites, still have functionality on most webpages except for
sign-in pages.

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
Run by Granny at 20:05:31 on 2012-07-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1419 [GMT -4:00]
.
AV: avast! antivirus 4.8.1201 [VPS 111231-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Office_07\Office12\GrooveMonitor.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.snip.pl/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\office~1\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: HDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\hughesnet download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\office~1\office12\GRA8E1~1.DLL
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFREE.EXE"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [VTtrayp] VTtrayp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LaunchApp] Alaunch
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [GrooveMonitor] "c:\program files\office_07\office12\GrooveMonitor.exe"
mRun: [eRecoveryService] c:\program files\acer\erecovery\Monitor.exe
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
mRun: [HP KEYBOARDg] "c:\program files\hewlett-packard\hp wireless elite keyboard\HPKEYBOARDg.EXE"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\granny\startm~1\programs\startup\hughes~1.lnk - c:\program files\hughesnetstatusmeter\hughesnetstatusmeter\HughesNetStatusMeter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicks~1.lnk - c:\program files\plustek\opticfilm 7200\QuickScan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Download all with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlall.htm
IE: Download selected with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlselected.htm
IE: Download video with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlfvideo.htm
IE: Download with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\office~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office~1\office12\REFIEBAR.DLL
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by138fd.bay138.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180561501906
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 67.142.161.12 67.142.161.13
TCP: Interfaces\{D6F3EA6C-8939-48C3-9734-5ED7B8680E6C} : DhcpNameServer = 67.142.161.12 67.142.161.13
Filter: text/html - {e5b67942-2664-41b8-bc7a-9755e512a7cb} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\office~1\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\office~1\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\granny\application data\mozilla\firefox\profiles\bkxy2luo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - component: c:\documents and settings\granny\application data\mozilla\firefox\profiles\bkxy2luo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\hughesnet download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-22 78416]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-5-29 144760]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-20 91456]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-5-29 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-5-29 349560]
R3 slnt;Realtek RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2011-4-27 17999]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253600]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-8-20 25856]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-8-20 6016]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2010-3-28 39048]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-8-20 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-8-20 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-8-20 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-8-20 9472]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
.
=============== Created Last 30 ================
.
2012-07-15 15:16:15 -------- d-----w- c:\documents and settings\granny\local settings\application data\Sun
2012-07-15 15:15:07 -------- d-----w- c:\program files\Oracle
2012-07-15 15:14:58 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-15 15:14:58 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 19:18:14 -------- d-sh--w- C:\FOUND.011
.
==================== Find3M ====================
.
2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2009-02-25 00:04:02 18087936 ----a-w- c:\program files\FLV PlayerRCSetup.exe
.
============= FINISH: 20:05:55.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:52 AM

Posted 16 July 2012 - 08:50 PM

Please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 FAB1

FAB1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 16 July 2012 - 09:37 PM

Hi Catbtye - I am in the process of following your instructions, still loading definitions. When I scan will it matter if Avast is activated or not? It is On now.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:52 AM

Posted 16 July 2012 - 09:54 PM

it should be disabled

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 FAB1

FAB1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 16 July 2012 - 10:11 PM

Hi Here are the logs - But TDDKIller didnt find anything



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 22:29:21
-----------------------------
22:29:21.395 OS Version: Windows 5.1.2600 Service Pack 3
22:29:21.395 Number of processors: 1 586 0x1C00
22:29:21.395 ComputerName: ACER2 UserName:
22:29:21.817 Initialize success
22:43:25.989 AVAST engine defs: 12071601
22:45:28.911 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
22:45:28.911 Disk 0 Vendor: WDC_WD800BB-22JHC0 05.01C05 Size: 76319MB BusType: 3
22:45:28.926 Disk 0 MBR read successfully
22:45:28.926 Disk 0 MBR scan
22:45:28.973 Disk 0 unknown MBR code
22:45:28.973 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 3004 MB offset 63
22:45:29.005 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 36460 MB offset 6152895
22:45:29.005 Disk 0 Partition - 00 0F Extended LBA 36852 MB offset 80823015
22:45:29.036 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 36852 MB offset 80823078
22:45:29.036 Disk 0 scanning sectors +156296385
22:45:29.083 Disk 0 scanning C:\WINDOWS\system32\drivers
22:45:44.676 Service scanning
22:46:05.442 Modules scanning
22:46:09.536 Disk 0 trace - called modules:
22:46:09.551 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
22:46:09.567 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa4bab8]
22:46:09.567 3 CLASSPNP.SYS[ba8e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x8a9f39e8]
22:46:09.583 5 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8aa4cd98]
22:46:09.942 AVAST engine scan C:\WINDOWS
22:46:16.020 AVAST engine scan C:\WINDOWS\system32
22:49:27.817 AVAST engine scan C:\WINDOWS\system32\drivers
22:49:45.520 AVAST engine scan C:\Documents and Settings\Granny
22:52:06.317 AVAST engine scan C:\Documents and Settings\All Users
22:52:15.848 Scan finished successfully
23:03:39.223 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Granny\Desktop\MBR.dat"
23:03:39.223 The log file has been saved successfully to "C:\Documents and Settings\Granny\Desktop\aswMBR_log.txt"

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:52 AM

Posted 16 July 2012 - 10:12 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 FAB1

FAB1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 16 July 2012 - 11:12 PM

Combo fix Bleeped out on me.

It seems to stall while deleting some things and the icons on the desktop
disappeared and nothing for a long time. I waited 20 mins and did a soft reboot. But i didnt get a log. I did not re-run it.

Sites are still not accessible.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:52 AM

Posted 17 July 2012 - 10:13 AM

Please delete the copy of ComboFix that you have on your desktop and download a fresh copy but rename it to svchost.exe before saving it.

Now boot into safe mode and run it

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 FAB1

FAB1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 17 July 2012 - 03:57 PM

Ok Im back - followed the last instructions and got pretty much same results with svchost.exe in Safe Mode.

It got to step #50 said it was deleting some files and froze there - no logs.

Combofix also warned me I had avast scanners running when I had turned them off, not sure why.
In Safe mode I didnt see Avast tray icon but the resident scanners were disabled. What else could
be blocking it?

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:52 AM

Posted 17 July 2012 - 04:04 PM

Let's try a different tool

please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 FAB1

FAB1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 17 July 2012 - 06:24 PM

OTL logfile created on: 7/17/2012 7:11:49 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Granny\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 78.32% Memory free
2.44 Gb Paging File | 2.06 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.60 Gb Total Space | 7.59 Gb Free Space | 21.32% Space Free | Partition Type: FAT32
Drive D: | 35.98 Gb Total Space | 0.89 Gb Free Space | 2.47% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: ACER2 | User Name: Granny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/16 21:01:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Granny\Desktop\OTL.exe
PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011/10/31 13:34:04 | 000,142,336 | ---- | M] () -- C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\SONY\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/07/23 16:25:26 | 000,701,592 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
PRC - [2008/05/15 19:19:32 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/05/15 19:19:24 | 000,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/05/15 19:06:58 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/08 13:30:48 | 000,290,816 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office_07\Office12\GrooveMonitor.exe
PRC - [2005/06/20 09:03:24 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Program Files\acer\eRecovery\Monitor.exe
PRC - [2005/06/08 08:31:32 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/13 12:57:00 | 000,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/05/13 12:57:00 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/03/17 11:10:32 | 000,536,576 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
PRC - [2004/07/21 16:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/06/04 03:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE


========== Modules (No Company Name) ==========

MOD - [2012/07/16 16:44:40 | 004,772,768 | ---- | M] () -- c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2011/10/31 13:34:04 | 000,142,336 | ---- | M] () -- C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
MOD - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/11/08 14:48:42 | 000,294,912 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\ScndrvU.drv
MOD - [2007/06/08 13:30:48 | 000,290,816 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
MOD - [2007/06/03 03:05:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2007/06/03 03:04:14 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2004/04/06 18:45:46 | 000,040,960 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\DetectSession.dll
MOD - [2001/02/13 15:46:50 | 000,098,304 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\plkcom32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/09 16:55:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\SONY\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2008/07/06 12:38:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/05/15 19:19:24 | 000,144,760 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/05/15 19:19:00 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/05/15 19:17:00 | 000,349,560 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/05/15 19:06:58 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Office_07\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Granny\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/11/23 08:43:30 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (androidusb)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/05/15 19:20:32 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/05/15 19:18:34 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/05/15 19:16:06 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/05/15 19:15:30 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/05/15 19:14:12 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/05/15 19:13:26 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/09/05 01:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/10 05:46:28 | 000,017,999 | R--- | M] (Silan Micro-Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slnt.sys -- (slnt)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 15:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/01/23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/02/26 17:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/12 03:08:44 | 001,124,097 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/08 08:31:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/24 21:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2005/03/23 20:00:58 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.snip.pl/
IE - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.1
FF - prefs.js..extensions.enabledItems: {b4ccac04-ec4f-41fc-8ba6-30b69b6a26a7}:1.1.1
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.5
FF - prefs.js..extensions.enabledItems: hughesnetdownloadmanager@hughesnet.net:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\YAHOO!\COMMON\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/14 23:24:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/17 23:43:18 | 000,000,000 | ---D | M]

[2009/08/17 23:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Extensions
[2009/08/17 23:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions
[2009/12/24 15:01:54 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2011/01/15 18:14:36 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/02/10 19:54:40 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{b4ccac04-ec4f-41fc-8ba6-30b69b6a26a7}
[2011/06/12 07:10:34 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2011/05/25 21:06:12 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/31 22:18:34 | 000,001,457 | ---- | M] () -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\searchplugins\100-search-engines.xml
[2012/07/14 23:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 18:20:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office_07\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\HughesNet Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office_07\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP KEYBOARDg] C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTtrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Granny\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office_07\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office_07\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by138fd.bay138.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180561501906 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.161.12 67.142.161.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6F3EA6C-8939-48C3-9734-5ED7B8680E6C}: DhcpNameServer = 67.142.161.12 67.142.161.13
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office_07\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\nudocs\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: D:\nudocs\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office_07\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/04 20:26:22 | 000,000,200 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 16:32:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/17 16:15:16 | 004,579,127 | R--- | C] (Swearware) -- C:\Documents and Settings\Granny\Desktop\ComboFix.exe
[2012/07/16 23:28:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/16 23:28:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/16 23:28:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/16 23:28:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/16 23:28:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 23:04:39 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Granny\Desktop\TDSSKiller.exe
[2012/07/16 22:27:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Granny\Desktop\aswMBR.exe
[2012/07/16 22:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/16 21:00:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Granny\Desktop\OTL.exe
[2012/07/15 11:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Granny\Local Settings\Application Data\Sun
[2012/07/15 11:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/15 11:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/15 11:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Granny\Application Data\Oracle
[2012/07/15 11:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/07/15 10:17:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Granny\Desktop\dds.scr
[2012/07/05 15:18:14 | 000,000,000 | -HSD | C] -- C:\FOUND.011
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 18:52:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/17 16:49:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/07/17 16:49:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/17 16:48:58 | 2079,903,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 16:16:26 | 004,579,127 | R--- | M] (Swearware) -- C:\Documents and Settings\Granny\Desktop\ComboFix.exe
[2012/07/16 23:03:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Granny\Desktop\MBR.dat
[2012/07/16 22:40:56 | 002,115,791 | ---- | M] () -- C:\Documents and Settings\Granny\Desktop\tdsskiller.zip
[2012/07/16 22:28:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Granny\Desktop\aswMBR.exe
[2012/07/16 21:01:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Granny\Desktop\OTL.exe
[2012/07/15 15:33:44 | 002,943,631 | ---- | M] () -- C:\Documents and Settings\Granny\My Documents\PioneerQC800AOwners.pdf
[2012/07/15 15:33:26 | 002,589,792 | ---- | M] () -- C:\Documents and Settings\Granny\My Documents\PioneerQM800AOwners.pdf
[2012/07/15 10:17:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Granny\Desktop\dds.scr
[2012/07/14 23:24:20 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Granny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/09 12:48:10 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Granny\Desktop\TDSSKiller.exe
[2012/06/22 00:58:10 | 002,686,532 | ---- | M] () -- C:\Documents and Settings\Granny\My Documents\OracleDelphiMKIII_e.pdf
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 16:48:57 | 2079,903,744 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/16 23:28:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/16 23:28:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/16 23:28:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/16 23:28:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/16 23:28:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/16 23:03:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Granny\Desktop\MBR.dat
[2012/07/16 22:34:54 | 002,115,791 | ---- | C] () -- C:\Documents and Settings\Granny\Desktop\tdsskiller.zip
[2012/07/15 15:33:42 | 002,943,631 | ---- | C] () -- C:\Documents and Settings\Granny\My Documents\PioneerQC800AOwners.pdf
[2012/07/15 15:33:25 | 002,589,792 | ---- | C] () -- C:\Documents and Settings\Granny\My Documents\PioneerQM800AOwners.pdf
[2012/07/14 23:24:19 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Granny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/22 00:58:08 | 002,686,532 | ---- | C] () -- C:\Documents and Settings\Granny\My Documents\OracleDelphiMKIII_e.pdf
[2011/06/08 11:10:09 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Granny\Application Data\burnaware.ini
[2010/11/04 19:42:57 | 000,045,682 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2010/10/03 11:21:56 | 000,000,167 | -H-- | C] () -- C:\Documents and Settings\Granny\udownload.dat
[2009/02/24 19:46:11 | 018,087,936 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2008/07/06 12:35:08 | 000,748,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/03/24 17:44:38 | 000,020,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4
[2008/01/06 22:22:50 | 000,000,129 | -H-- | C] () -- C:\Documents and Settings\Granny\Local Settings\Application Data\fusioncache.dat
[2007/10/12 23:10:33 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\Granny\presets.ini
[2007/05/31 16:38:47 | 000,147,456 | -H-- | C] () -- C:\Documents and Settings\Granny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2007/06/01 19:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/03/24 17:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2008/07/06 12:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/08/22 20:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/11/26 10:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/16 15:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2007/05/29 23:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Leadertech
[2007/05/31 21:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Canon
[2007/06/24 11:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\uTorrent
[2007/09/30 08:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\ICAClient
[2008/01/06 09:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Ulead Systems
[2008/03/05 00:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Jasc
[2008/03/23 11:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\com.codeode
[2008/03/24 17:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Lasersoft Imaging
[2008/07/06 12:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Autodesk
[2008/10/12 16:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\foobar2000
[2009/11/26 10:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Multi File Downloader
[2011/06/11 09:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.1
[2011/07/22 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Odpue
[2011/09/15 18:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\HughesNet Download Manager
[2011/09/16 15:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\ImgBurn
[2012/07/15 11:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Oracle
[2007/06/03 12:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pappy\Application Data\uTorrent
[2007/06/03 12:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pappy\Application Data\Ulead Systems

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ERDNT\cache\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD800BB-22JHC0
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 3.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 36.00GB
Starting Offset: 3150282240
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 36.00GB
Starting Offset: 41381383680
Hidden sectors: 0


< End of report >




OTL logfile created on: 7/17/2012 7:11:49 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Granny\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 78.32% Memory free
2.44 Gb Paging File | 2.06 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.60 Gb Total Space | 7.59 Gb Free Space | 21.32% Space Free | Partition Type: FAT32
Drive D: | 35.98 Gb Total Space | 0.89 Gb Free Space | 2.47% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: ACER2 | User Name: Granny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/16 21:01:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Granny\Desktop\OTL.exe
PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011/10/31 13:34:04 | 000,142,336 | ---- | M] () -- C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\SONY\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/07/23 16:25:26 | 000,701,592 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
PRC - [2008/05/15 19:19:32 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/05/15 19:19:24 | 000,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/05/15 19:06:58 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/08 13:30:48 | 000,290,816 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office_07\Office12\GrooveMonitor.exe
PRC - [2005/06/20 09:03:24 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Program Files\acer\eRecovery\Monitor.exe
PRC - [2005/06/08 08:31:32 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/13 12:57:00 | 000,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/05/13 12:57:00 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/03/17 11:10:32 | 000,536,576 | ---- | M] (Panicware, Inc.) -- C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
PRC - [2004/07/21 16:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/06/04 03:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE


========== Modules (No Company Name) ==========

MOD - [2012/07/16 16:44:40 | 004,772,768 | ---- | M] () -- c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2011/10/31 13:34:04 | 000,142,336 | ---- | M] () -- C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
MOD - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/11/08 14:48:42 | 000,294,912 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\ScndrvU.drv
MOD - [2007/06/08 13:30:48 | 000,290,816 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
MOD - [2007/06/03 03:05:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2007/06/03 03:04:14 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2004/04/06 18:45:46 | 000,040,960 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\DetectSession.dll
MOD - [2001/02/13 15:46:50 | 000,098,304 | ---- | M] () -- C:\Program Files\Plustek\OpticFilm 7200\plkcom32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/09 16:55:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\SONY\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2008/07/06 12:38:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/05/15 19:19:24 | 000,144,760 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/05/15 19:19:00 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/05/15 19:17:00 | 000,349,560 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/05/15 19:06:58 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Office_07\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Granny\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/11/23 08:43:30 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (androidusb)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/05/15 19:20:32 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/05/15 19:18:34 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/05/15 19:16:06 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/05/15 19:15:30 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/05/15 19:14:12 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/05/15 19:13:26 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/09/05 01:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/10 05:46:28 | 000,017,999 | R--- | M] (Silan Micro-Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slnt.sys -- (slnt)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 15:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/01/23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/02/26 17:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/12 03:08:44 | 001,124,097 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/08 08:31:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/24 21:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2005/03/23 20:00:58 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.snip.pl/
IE - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.1
FF - prefs.js..extensions.enabledItems: {b4ccac04-ec4f-41fc-8ba6-30b69b6a26a7}:1.1.1
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.5
FF - prefs.js..extensions.enabledItems: hughesnetdownloadmanager@hughesnet.net:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\YAHOO!\COMMON\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/14 23:24:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/17 23:43:18 | 000,000,000 | ---D | M]

[2009/08/17 23:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Extensions
[2009/08/17 23:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions
[2009/12/24 15:01:54 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2011/01/15 18:14:36 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/02/10 19:54:40 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{b4ccac04-ec4f-41fc-8ba6-30b69b6a26a7}
[2011/06/12 07:10:34 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2011/05/25 21:06:12 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/31 22:18:34 | 000,001,457 | ---- | M] () -- C:\Documents and Settings\Granny\Application Data\Mozilla\Firefox\Profiles\bkxy2luo.default\searchplugins\100-search-engines.xml
[2012/07/14 23:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 18:20:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office_07\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\HughesNet Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office_07\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP KEYBOARDg] C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTtrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Granny\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2783849547-1727397312-1731493430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office_07\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office_07\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by138fd.bay138.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180561501906 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.161.12 67.142.161.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6F3EA6C-8939-48C3-9734-5ED7B8680E6C}: DhcpNameServer = 67.142.161.12 67.142.161.13
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office_07\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\nudocs\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: D:\nudocs\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office_07\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/04 20:26:22 | 000,000,200 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 16:32:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/17 16:15:16 | 004,579,127 | R--- | C] (Swearware) -- C:\Documents and Settings\Granny\Desktop\ComboFix.exe
[2012/07/16 23:28:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/16 23:28:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/16 23:28:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/16 23:28:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/16 23:28:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 23:04:39 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Granny\Desktop\TDSSKiller.exe
[2012/07/16 22:27:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Granny\Desktop\aswMBR.exe
[2012/07/16 22:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/16 21:00:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Granny\Desktop\OTL.exe
[2012/07/15 11:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Granny\Local Settings\Application Data\Sun
[2012/07/15 11:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/15 11:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/15 11:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Granny\Application Data\Oracle
[2012/07/15 11:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/07/15 10:17:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Granny\Desktop\dds.scr
[2012/07/05 15:18:14 | 000,000,000 | -HSD | C] -- C:\FOUND.011
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 18:52:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/17 16:49:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/07/17 16:49:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/17 16:48:58 | 2079,903,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 16:16:26 | 004,579,127 | R--- | M] (Swearware) -- C:\Documents and Settings\Granny\Desktop\ComboFix.exe
[2012/07/16 23:03:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Granny\Desktop\MBR.dat
[2012/07/16 22:40:56 | 002,115,791 | ---- | M] () -- C:\Documents and Settings\Granny\Desktop\tdsskiller.zip
[2012/07/16 22:28:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Granny\Desktop\aswMBR.exe
[2012/07/16 21:01:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Granny\Desktop\OTL.exe
[2012/07/15 15:33:44 | 002,943,631 | ---- | M] () -- C:\Documents and Settings\Granny\My Documents\PioneerQC800AOwners.pdf
[2012/07/15 15:33:26 | 002,589,792 | ---- | M] () -- C:\Documents and Settings\Granny\My Documents\PioneerQM800AOwners.pdf
[2012/07/15 10:17:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Granny\Desktop\dds.scr
[2012/07/14 23:24:20 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Granny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/09 12:48:10 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Granny\Desktop\TDSSKiller.exe
[2012/06/22 00:58:10 | 002,686,532 | ---- | M] () -- C:\Documents and Settings\Granny\My Documents\OracleDelphiMKIII_e.pdf
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 16:48:57 | 2079,903,744 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/16 23:28:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/16 23:28:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/16 23:28:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/16 23:28:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/16 23:28:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/16 23:03:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Granny\Desktop\MBR.dat
[2012/07/16 22:34:54 | 002,115,791 | ---- | C] () -- C:\Documents and Settings\Granny\Desktop\tdsskiller.zip
[2012/07/15 15:33:42 | 002,943,631 | ---- | C] () -- C:\Documents and Settings\Granny\My Documents\PioneerQC800AOwners.pdf
[2012/07/15 15:33:25 | 002,589,792 | ---- | C] () -- C:\Documents and Settings\Granny\My Documents\PioneerQM800AOwners.pdf
[2012/07/14 23:24:19 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Granny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/22 00:58:08 | 002,686,532 | ---- | C] () -- C:\Documents and Settings\Granny\My Documents\OracleDelphiMKIII_e.pdf
[2011/06/08 11:10:09 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Granny\Application Data\burnaware.ini
[2010/11/04 19:42:57 | 000,045,682 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2010/10/03 11:21:56 | 000,000,167 | -H-- | C] () -- C:\Documents and Settings\Granny\udownload.dat
[2009/02/24 19:46:11 | 018,087,936 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2008/07/06 12:35:08 | 000,748,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/03/24 17:44:38 | 000,020,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4
[2008/01/06 22:22:50 | 000,000,129 | -H-- | C] () -- C:\Documents and Settings\Granny\Local Settings\Application Data\fusioncache.dat
[2007/10/12 23:10:33 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\Granny\presets.ini
[2007/05/31 16:38:47 | 000,147,456 | -H-- | C] () -- C:\Documents and Settings\Granny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2007/06/01 19:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/03/24 17:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2008/07/06 12:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/08/22 20:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/11/26 10:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/16 15:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2007/05/29 23:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Leadertech
[2007/05/31 21:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Canon
[2007/06/24 11:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\uTorrent
[2007/09/30 08:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\ICAClient
[2008/01/06 09:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Ulead Systems
[2008/03/05 00:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Jasc
[2008/03/23 11:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\com.codeode
[2008/03/24 17:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Lasersoft Imaging
[2008/07/06 12:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Autodesk
[2008/10/12 16:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\foobar2000
[2009/11/26 10:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Multi File Downloader
[2011/06/11 09:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.1
[2011/07/22 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Odpue
[2011/09/15 18:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\HughesNet Download Manager
[2011/09/16 15:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\ImgBurn
[2012/07/15 11:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Granny\Application Data\Oracle
[2007/06/03 12:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pappy\Application Data\uTorrent
[2007/06/03 12:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pappy\Application Data\Ulead Systems

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ERDNT\cache\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD800BB-22JHC0
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 3.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 36.00GB
Starting Offset: 3150282240
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 36.00GB
Starting Offset: 41381383680
Hidden sectors: 0


< End of report >

#12 FAB1

FAB1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 17 July 2012 - 06:33 PM

Did I post the same log twice??

I didnt see a file named "Extras" just OTL

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:52 AM

Posted 17 July 2012 - 06:41 PM

please see if there is a log located at C:\ComboFix.txt

please run the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 FAB1

FAB1
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 17 July 2012 - 06:58 PM

Okay I was able to dl Malwarebytes. ; )

No combofix log in that location.

the ESET files take a long time to dl - I might be awhile doing that.

Edited by FAB1, 17 July 2012 - 07:04 PM.


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:52 AM

Posted 17 July 2012 - 07:07 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users