OTL logfile created on: 2/19/2013 8:52:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mugratt\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.93 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 57.68% Memory free 5.86 Gb Paging File | 4.51 Gb Available in Paging File | 76.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.32 Gb Total Space | 90.13 Gb Free Space | 31.26% Space Free | Partition Type: NTFS Computer Name: MUGRATT-PC | User Name: Mugratt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/02/19 20:51:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mugratt\Desktop\OTL.exe PRC - [2013/02/19 09:24:30 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe PRC - [2013/02/05 19:56:08 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013/01/24 22:43:04 | 002,319,504 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2013/01/24 22:42:42 | 007,626,448 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe PRC - [2013/01/24 22:42:42 | 001,430,736 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe PRC - [2013/01/24 22:42:40 | 000,404,688 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/09/11 14:10:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/09/02 14:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe PRC - [2010/05/18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2009/10/02 16:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/10/02 16:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/10/02 14:29:38 | 000,694,816 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009/10/02 14:29:16 | 000,690,720 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/02/19 09:24:29 | 014,717,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_168.dll MOD - [2013/02/05 19:56:07 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2009/10/02 16:48:42 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013/02/19 09:24:30 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/05 19:56:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/24 22:43:04 | 002,319,504 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2013/01/24 22:42:42 | 000,127,184 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth) SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/11 14:10:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2012/04/25 09:52:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/05/18 17:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009/10/02 16:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/10/02 14:29:16 | 000,690,720 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mugratt\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013/01/16 19:51:42 | 000,576,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2013/01/16 19:51:42 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd) DRV - [2012/08/26 07:56:17 | 000,121,248 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012/08/16 23:41:50 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 17:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2009/07/13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 4A 62 61 95 21 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledAddons: %7B580BC2C6-0C1E-4C09-9676-3D2F804C775D%7D:8.9 FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3 FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.3 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={9ED4753E-C1BA-40B0-BD96-0E686ECDF9E4}&Version=3.6.5&Vintage=20120417&Defaultbrowserid=28&Productid=1431&Vendorid=6290&Offerid=6894&searchterm=" FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/05 19:56:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/05 19:56:03 | 000,000,000 | ---D | M] [2012/04/23 16:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mugratt\AppData\Roaming\Mozilla\Extensions [2013/02/19 19:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mugratt\AppData\Roaming\Mozilla\Firefox\Profiles\oy848bhb.default\extensions [2013/01/11 17:32:23 | 000,000,000 | ---D | M] (Glarysoft Toolbar) -- C:\Users\Mugratt\AppData\Roaming\Mozilla\Firefox\Profiles\oy848bhb.default\extensions\{55C81E27-A6E2-40AB-B96F-D7107755F451} [2012/10/18 12:37:13 | 000,000,000 | ---D | M] (JournalReader Class extension for Firefox) -- C:\Users\Mugratt\AppData\Roaming\Mozilla\Firefox\Profiles\oy848bhb.default\extensions\{580BC2C6-0C1E-4C09-9676-3D2F804C775D} [2013/01/20 09:16:56 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Mugratt\AppData\Roaming\Mozilla\Firefox\Profiles\oy848bhb.default\extensions\https-everywhere@eff.org [2012/04/23 16:32:32 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\Mugratt\AppData\Roaming\Mozilla\Firefox\Profiles\oy848bhb.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2013/02/19 19:58:21 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\Mugratt\AppData\Roaming\Mozilla\Firefox\Profiles\oy848bhb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013/02/14 18:35:09 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mugratt\AppData\Roaming\Mozilla\Firefox\Profiles\oy848bhb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/02/05 19:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/02/05 19:56:08 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/06/28 10:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012/08/24 21:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/31 15:43:40 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/02/16 20:08:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TBSB05810 Class) - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files\Glarysoft Toolbar\tbcore3.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files\Glarysoft Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files\Glarysoft Toolbar\tbcore3.dll () O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.10.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F7B1A4E-4259-4D65-BA47-64509A0CC79D}: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2DF1735-261B-4F19-A885-CC3AAF12B69C}: DhcpNameServer = 192.168.2.1 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/02/19 20:51:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mugratt\Desktop\OTL.exe [2013/02/19 20:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2013/02/19 20:10:04 | 000,000,000 | ---D | C] -- C:\Users\Mugratt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013/02/19 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\Mugratt\Desktop\Autoruns [2013/02/19 19:17:39 | 000,000,000 | ---D | C] -- C:\c7d9dd911254c6c9f6d79532193cccee [2013/02/19 17:07:30 | 000,000,000 | ---D | C] -- C:\13095ff7a1b3714f10776e22 [2013/02/19 16:56:33 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2013/02/19 11:21:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/19 11:18:54 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/19 11:09:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/02/19 11:09:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/02/19 11:09:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/02/19 11:04:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/19 09:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2013/02/18 19:47:30 | 000,000,000 | ---D | C] -- C:\ca3ae6b5f5ab6e2d509f2b [2013/02/18 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2013/02/18 17:15:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2 [2013/02/18 16:59:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2.bak [2013/02/18 16:58:15 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013/02/18 16:54:38 | 000,381,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\PsExec.exe [2013/02/18 16:53:49 | 000,000,000 | ---D | C] -- C:\Users\Mugratt\Desktop\pstoool [2013/02/18 16:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/02/18 14:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/02/18 14:14:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013/02/18 12:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2013/02/18 11:55:10 | 019,474,064 | ---- | C] (Panda Security ) -- C:\Users\Mugratt\Desktop\PandaCloudCleaner.exe [2013/02/13 15:18:28 | 000,000,000 | ---D | C] -- C:\VTRoot [2013/02/11 19:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2013/02/11 19:51:17 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space [2013/02/11 19:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2013/02/11 19:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2013/02/11 19:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2013/02/05 19:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/24 22:43:02 | 000,354,752 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll [2013/01/24 22:43:02 | 000,035,488 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll [2013/01/24 22:42:50 | 000,263,888 | ---- | C] (COMODO) -- C:\Windows\System32\cmdvrt32.dll [2013/01/24 22:42:50 | 000,040,656 | ---- | C] (COMODO) -- C:\Windows\System32\cmdkbd32.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/02/19 20:56:23 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2013/02/19 20:51:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mugratt\Desktop\OTL.exe [2013/02/19 20:10:04 | 000,002,973 | ---- | M] () -- C:\Users\Mugratt\Desktop\HiJackThis.lnk [2013/02/19 20:08:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/19 20:02:23 | 000,010,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/19 20:02:23 | 000,010,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/19 20:02:13 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/19 20:02:13 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/19 19:56:54 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013/02/19 19:56:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/19 19:56:27 | 2360,709,120 | -HS- | M] () -- C:\hiberfil.sys [2013/02/19 19:31:18 | 000,545,363 | ---- | M] () -- C:\Users\Mugratt\Desktop\Autoruns.zip [2013/02/19 19:02:48 | 000,000,095 | ---- | M] () -- C:\0.bak [2013/02/19 18:00:01 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2013/02/19 09:47:01 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk [2013/02/19 09:21:16 | 000,333,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/02/18 20:02:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/02/18 16:58:15 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013/02/18 16:51:08 | 000,006,416 | ---- | M] () -- C:\Users\Mugratt\Desktop\BITSWin7.reg [2013/02/18 16:48:26 | 000,689,664 | ---- | M] () -- C:\Users\Mugratt\Desktop\MicrosoftFixit50202.msi [2013/02/18 16:36:26 | 000,001,765 | ---- | M] () -- C:\Users\Mugratt\Desktop\Reset_Windows_Update_Full.bat [2013/02/18 14:04:32 | 002,218,636 | ---- | M] () -- C:\Users\Mugratt\Desktop\tdsskiller.zip [2013/02/18 11:56:18 | 019,474,064 | ---- | M] (Panda Security ) -- C:\Users\Mugratt\Desktop\PandaCloudCleaner.exe [2013/02/16 19:47:38 | 000,000,737 | ---- | M] () -- C:\0 [2013/02/14 03:23:09 | 000,066,510 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat [2013/02/13 21:53:26 | 000,003,581 | ---- | M] () -- C:\Users\Mugratt\Desktop\irelands.m3u [2013/02/11 19:51:38 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk [2013/02/11 18:51:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mugratt\Desktop\TDSSKiller.exe [2013/02/06 15:50:39 | 000,001,031 | ---- | M] () -- C:\Users\Mugratt\Desktop\Glary Utilities.lnk [2013/01/30 16:31:46 | 000,501,308 | ---- | M] () -- C:\Users\Mugratt\AppData\Local\census.cache [2013/01/30 16:31:45 | 000,105,664 | ---- | M] () -- C:\Users\Mugratt\AppData\Local\ars.cache [2013/01/24 22:43:02 | 000,354,752 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll [2013/01/24 22:43:02 | 000,035,488 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll [2013/01/24 22:42:50 | 000,263,888 | ---- | M] (COMODO) -- C:\Windows\System32\cmdvrt32.dll [2013/01/24 22:42:50 | 000,040,656 | ---- | M] (COMODO) -- C:\Windows\System32\cmdkbd32.dll [2013/01/21 13:46:45 | 000,065,263 | R--- | M] () -- C:\Users\Mugratt\Desktop\4271707624_1.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/02/19 20:10:04 | 000,002,973 | ---- | C] () -- C:\Users\Mugratt\Desktop\HiJackThis.lnk [2013/02/19 19:31:09 | 000,545,363 | ---- | C] () -- C:\Users\Mugratt\Desktop\Autoruns.zip [2013/02/19 19:02:48 | 000,000,095 | ---- | C] () -- C:\0.bak [2013/02/19 11:09:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/02/19 11:09:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/02/19 11:09:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/02/19 11:09:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/02/19 11:09:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/02/19 09:47:01 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk [2013/02/19 08:09:54 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/02/19 08:08:52 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/02/18 16:51:05 | 000,006,416 | ---- | C] () -- C:\Users\Mugratt\Desktop\BITSWin7.reg [2013/02/18 16:48:22 | 000,689,664 | ---- | C] () -- C:\Users\Mugratt\Desktop\MicrosoftFixit50202.msi [2013/02/18 16:36:23 | 000,001,765 | ---- | C] () -- C:\Users\Mugratt\Desktop\Reset_Windows_Update_Full.bat [2013/02/18 14:46:41 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/02/18 14:04:22 | 002,218,636 | ---- | C] () -- C:\Users\Mugratt\Desktop\tdsskiller.zip [2013/02/18 12:33:30 | 000,000,737 | ---- | C] () -- C:\0 [2013/02/18 12:26:16 | 000,030,888 | ---- | C] () -- C:\Windows\System32\drivers\DasPtct.SYS [2013/02/14 03:23:09 | 000,066,510 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat [2013/02/13 21:53:26 | 000,003,581 | ---- | C] () -- C:\Users\Mugratt\Desktop\irelands.m3u [2013/02/11 19:51:38 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk [2013/02/11 19:51:32 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2013/01/21 13:46:46 | 000,065,263 | R--- | C] () -- C:\Users\Mugratt\Desktop\4271707624_1.pdf [2012/10/18 12:37:13 | 000,080,702 | ---- | C] () -- C:\Users\Mugratt\AppData\Local\{BD097469-9EA3-CABC-08F9-8E5C6FCE1BAE}.dat [2012/09/13 11:24:18 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012/07/19 18:53:42 | 000,000,107 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012/07/01 20:20:10 | 000,000,017 | ---- | C] () -- C:\Users\Mugratt\AppData\Local\resmon.resmoncfg [2012/06/28 15:33:50 | 000,501,308 | ---- | C] () -- C:\Users\Mugratt\AppData\Local\census.cache [2012/06/28 15:33:33 | 000,105,664 | ---- | C] () -- C:\Users\Mugratt\AppData\Local\ars.cache [2012/06/28 14:10:27 | 000,000,036 | ---- | C] () -- C:\Users\Mugratt\AppData\Local\housecall.guid.cache [2012/06/04 13:51:16 | 000,153,600 | ---- | C] () -- C:\Windows\System32\WS_ContextMenu.dll [2012/05/26 12:14:46 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini [2012/04/26 15:04:54 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012/04/26 15:03:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012/09/04 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\Mugratt\AppData\Roaming\Azureus [2012/12/29 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\Mugratt\AppData\Roaming\DriverCure [2013/02/19 10:54:01 | 000,000,000 | ---D | M] -- C:\Users\Mugratt\AppData\Roaming\GlarySoft [2012/06/04 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\Mugratt\AppData\Roaming\ImgBurn [2012/07/02 12:32:11 | 000,000,000 | ---D | M] -- C:\Users\Mugratt\AppData\Roaming\Leadertech [2012/12/29 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\Mugratt\AppData\Roaming\SpeedyPC Software [2013/02/19 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Mugratt\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >