OTL logfile created on: 2012-09-19 20:18:53 - Run 1 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Administrator\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1021,68 Mb Total Physical Memory | 263,57 Mb Available Physical Memory | 25,80% Memory free 2,25 Gb Paging File | 1,66 Gb Available in Paging File | 73,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 104,85 Gb Total Space | 53,65 Gb Free Space | 51,17% Space Free | Partition Type: NTFS Drive D: | 6,94 Gb Total Space | 5,17 Gb Free Space | 74,47% Space Free | Partition Type: NTFS Drive J: | 7,45 Gb Total Space | 3,77 Gb Free Space | 50,64% Space Free | Partition Type: FAT32 Computer Name: WIN-AAV9A7AI4XM | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-09-19 16:08:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2009-04-11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-05-11 16:48:48 | 003,615,744 | ---- | M] () -- C:\Program Files\VistaCodecPack\filters\ffdshow.ax MOD - [2010-12-29 02:19:12 | 000,045,056 | ---- | M] () -- C:\Windows\System32\ff_acm.acm MOD - [2009-08-11 20:18:28 | 000,497,664 | ---- | M] () -- C:\Windows\System32\ac3filter.acm [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012-09-07 13:59:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-08-15 13:34:55 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011-08-10 22:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL) SRV - [2011-06-06 18:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011-05-31 13:45:56 | 000,260,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PLAY ONLINE\AssistantServices.exe -- (UI Assistant Service) SRV - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2010-11-11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DBAB43E7-DC13-46D4-A41D-109B58E58173}\MpKsl065068bc.sys -- (MpKsl065068bc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ADMINI~1\AppData\Local\Temp\awadraod.sys -- (awadraod) DRV - [2011-09-09 11:50:10 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2011-09-09 11:50:10 | 000,073,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011-09-09 11:50:10 | 000,066,688 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - [2011-09-09 11:50:10 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - [2011-08-16 17:17:20 | 000,195,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011-08-09 01:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST) DRV - [2011-03-26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011-03-26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011-03-26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011-03-26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010-10-24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010-10-24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2009-10-03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-03-13 13:50:18 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2008-11-17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008-04-14 14:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008-01-21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007-06-18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006-11-14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3877301086-2613395833-14043260-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3877301086-2613395833-14043260-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-3877301086-2613395833-14043260-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: player@vividas.com:4.1.3 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012-09-19 15:51:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-07 13:59:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-09-07 13:58:04 | 000,000,000 | ---D | M] [2011-06-21 20:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2012-05-04 15:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mwdwz9w4.default\extensions [2011-07-03 18:50:48 | 000,000,000 | ---D | M] (Vividas player plugin) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\mwdwz9w4.default\extensions\player@vividas.com [2012-09-07 13:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-09-07 13:59:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-11-10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-06-20 15:47:30 | 000,189,088 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll [2012-06-27 14:04:55 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-27 14:04:55 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-27 14:04:55 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-27 14:04:55 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-27 14:04:55 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-27 14:04:55 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-09-18 15:00:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-3877301086-2613395833-14043260-500\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\PLAY ONLINE\UIExec.exe () O4 - HKU\S-1-5-21-3877301086-2613395833-14043260-500..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-3877301086-2613395833-14043260-500..\Run: [Mobile Partner] C:\Program Files\PLAY Web partner\PLAY Web partner File not found O4 - HKU\S-1-5-21-3877301086-2613395833-14043260-500..\Run: [zxxcyqxnzwfqeww] C:\Windows\zxxcyqxn.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3877301086-2613395833-14043260-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3877301086-2613395833-14043260-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3877301086-2613395833-14043260-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://download06.managerzone.com/soccer-3d/PowerLoader.cab (PowerLoader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52136E59-0309-4AE9-8152-0AD66CEAEB6F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67080B80-B14A-481F-A3AF-B9C9EB3C9FE2}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-09-19 16:31:22 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012-09-18 15:02:59 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-09-18 15:02:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp [2012-09-18 15:02:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-09-18 14:52:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-09-18 14:52:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-09-18 14:52:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-09-18 14:28:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-09-18 14:24:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-09-18 14:24:21 | 004,752,534 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe [2012-09-17 22:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ganckfdnzrwzxgd [2012-09-11 21:12:32 | 000,066,688 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys [2012-09-11 21:12:32 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys [2012-09-11 21:12:31 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2012-09-11 21:12:31 | 000,239,488 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2012-09-11 21:12:31 | 000,195,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2012-09-11 21:12:31 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-09-11 21:12:31 | 000,089,856 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-09-11 21:12:31 | 000,073,984 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys [2012-09-11 21:12:31 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2012-09-11 21:12:31 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys [2012-09-11 21:12:31 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-09-07 13:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-09-19 20:16:41 | 001,572,864 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT [2012-09-19 16:32:40 | 001,475,508 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-09-19 16:32:40 | 000,663,170 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-09-19 16:32:40 | 000,588,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-09-19 16:32:40 | 000,127,324 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-09-19 16:32:40 | 000,101,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-09-19 16:08:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012-09-19 15:52:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-09-19 15:51:26 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-09-19 15:51:26 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-09-19 15:51:20 | 000,218,464 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012-09-19 15:51:13 | 000,218,464 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012-09-19 15:51:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-09-19 14:06:44 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\lumwisik.exe [2012-09-18 20:20:17 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012-09-18 20:20:17 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012-09-18 15:00:13 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2012-09-18 15:00:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012-09-18 14:50:36 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif [2012-09-18 14:09:26 | 004,752,534 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe [2012-09-17 23:27:39 | 000,001,100 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d8caps.dat [2012-09-17 23:07:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012-09-17 22:32:15 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-09-17 22:25:08 | 000,078,021 | ---- | M] () -- C:\ProgramData\hsnlfivqhyvqylr [2012-09-17 22:24:08 | 000,084,480 | ---- | M] () -- C:\Windows\zxxcyqxn.exe [2012-09-16 12:48:45 | 000,000,452 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Administrator.job [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-09-19 15:48:53 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\lumwisik.exe [2012-09-18 14:52:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-09-18 14:52:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-09-18 14:52:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-09-18 14:52:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-09-18 14:52:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-09-17 22:25:06 | 000,084,480 | ---- | C] () -- C:\Windows\zxxcyqxn.exe [2012-09-17 22:24:12 | 000,078,021 | ---- | C] () -- C:\ProgramData\hsnlfivqhyvqylr [2011-07-03 14:43:19 | 000,044,032 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-22 07:16:10 | 000,218,464 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011-06-22 07:09:51 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011-06-22 04:19:17 | 000,218,464 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011-06-21 20:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-06-21 17:45:13 | 000,001,100 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d8caps.dat [2011-06-21 17:31:09 | 000,077,248 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT [2011-06-21 17:30:38 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat [2011-06-21 17:30:37 | 000,000,020 | -HS- | C] () -- C:\Users\Administrator\ntuser.ini [2011-06-21 17:30:36 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011-06-21 17:30:36 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011-06-21 17:30:36 | 000,065,536 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011-06-21 17:30:33 | 001,572,864 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT [2011-06-21 17:17:56 | 000,281,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2011-04-27 11:21:38 | 003,268,096 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2011-04-27 00:08:34 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-03-19 11:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-03-19 11:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-12-19 02:06:06 | 000,000,590 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [color=#E56717]========== LOP Check ==========[/color] [2011-10-25 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gadu-Gadu 10 [2012-02-07 18:44:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenFM [2011-08-18 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client [2011-06-21 18:19:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VistaCodecs [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:CE2C623F < End of report >