OTL logfile created on: 8/5/2013 8:00:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.60 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 77.18% Memory free
3.21 Gb Paging File | 2.82 Gb Available in Paging File | 87.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.90 Gb Total Space | 86.48 Gb Free Space | 86.56% Space Free | Partition Type: NTFS
Drive D: | 132.88 Gb Total Space | 132.79 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/08/03 21:59:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2010/11/20 21:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 21:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 21:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/20 21:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/07/14 01:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2013/08/05 18:31:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/11/20 21:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 21:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 21:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008/06/27 01:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ng.msn.com/?rd=1&ucc=NG&dcc=NG&opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 61 62 E9 15 92 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
 
 
O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF8ADBD-D92D-498B-9A82-E9116AE18B99}: DhcpNameServer = 192.168.20.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/08/05 19:22:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/05 19:22:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/05 19:22:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/05 19:21:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/05 19:21:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/05 19:16:33 | 005,099,708 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/08/05 19:01:34 | 000,335,872 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\Windows\System32\drivers\RTL8187.sys
[2013/08/05 18:48:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/08/05 18:36:03 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/05 18:36:03 | 000,000,000 | R--D | C] -- C:\Users\user\Searches
[2013/08/05 18:36:03 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/08/05 18:36:02 | 000,000,000 | -H-D | C] -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/08/05 18:35:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Identities
[2013/08/05 18:35:42 | 000,000,000 | R--D | C] -- C:\Users\user\Contacts
[2013/08/05 18:35:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\VirtualStore
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Temporary Internet Files
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Templates
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Start Menu
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\SendTo
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Recent
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\PrintHood
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\NetHood
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Videos
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Pictures
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Music
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\My Documents
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Local Settings
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\History
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Cookies
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\Application Data
[2013/08/05 18:35:25 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Application Data
[2013/08/05 18:35:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Temp
[2013/08/05 18:35:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft
[2013/08/05 18:35:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2013/08/05 18:35:21 | 000,000,000 | --SD | C] -- C:\Users\user\AppData\Roaming\Microsoft
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Videos
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Saved Games
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Pictures
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Music
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Links
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Favorites
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Downloads
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Documents
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop
[2013/08/05 18:35:21 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/08/05 18:35:21 | 000,000,000 | -H-D | C] -- C:\Users\user\AppData
[2013/08/05 18:31:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/05 18:31:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013/08/05 18:30:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/05 18:30:12 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/08/05 18:01:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/08/05 17:59:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/08/04 21:08:16 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/08/04 20:52:44 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/08/04 20:44:12 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/08/05 19:56:17 | 000,001,407 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/05 19:22:13 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/05 19:22:13 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/05 19:08:33 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/05 19:08:33 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/05 19:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/05 19:00:55 | 1292,034,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/05 18:31:28 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2013/08/05 18:31:28 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2013/08/05 18:22:36 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/05 18:03:28 | 000,116,385 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013/08/04 14:54:06 | 005,099,708 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/08/03 21:59:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/08/05 19:56:17 | 000,001,407 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/05 19:22:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/05 19:22:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/05 19:22:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/05 19:22:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/05 19:22:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/05 18:36:07 | 000,001,413 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/08/05 18:35:23 | 000,000,290 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/08/05 18:35:23 | 000,000,272 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/05 18:03:12 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/08/05 18:02:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/08/05 17:58:32 | 1292,034,048 | -HS- | C] () -- C:\hiberfil.sys
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >