Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Acer laptop virus/malaware infected


  • Please log in to reply

#1
tetley

tetley

    Member

  • Member
  • PipPip
  • 25 posts
Helping to fix a laptop that was quite infected. I think I have the majority of it cleaned up. The virus it had originally changed the majority of the drive to hidden files etc. Microsoft Security Essentials removed the following:

Win32/FakeSysDef
ASX/Wimad.DS

Malwarebytes removed a ton of keyloggers etc. I have run TDDSKiller. Internet Explorer had a bunch of browser redirects etc. Thank you for your assistance.

Here's a copy of the OTL Log:
OTL logfile created on: 3/31/2012 5:45:52 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kathryn\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.99% Memory free
3.98 Gb Paging File | 2.78 Gb Available in Paging File | 69.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 110.84 Gb Free Space | 23.80% Space Free | Partition Type: NTFS

Computer Name: KATHRYN-PC | User Name: Kathryn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/30 21:39:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kathryn\Desktop\OTL.exe
PRC - [2012/02/06 17:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/06 17:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/16 19:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/19 10:04:09 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/11/02 12:19:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/23 20:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2007/08/08 18:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/10/12 20:21:10 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVicPort64.sys -- (TVicPort64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/10/12 20:21:10 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\TVicPort64.sys -- (TVicPort64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 BC 80 AD 11 9F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DCC6EFF5-974A-4DA4-9D0E-5B5A0B7ED513}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.6000
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.367
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/26 13:52:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/26 13:52:26 | 000,000,000 | ---D | M]

[2010/12/19 09:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathryn\AppData\Roaming\Mozilla\Extensions
[2012/03/11 09:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathryn\AppData\Roaming\Mozilla\Firefox\Profiles\upo12062.default\extensions
[2012/03/11 09:40:24 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Kathryn\AppData\Roaming\Mozilla\Firefox\Profiles\upo12062.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
() (No name found) -- C:\USERS\KATHRYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPO12062.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2012/03/31 11:07:01 | 000,000,843 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files (x86)\Media Player Utilities 4.36\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files (x86)\Media Player Utilities 4.36\AMVConverter\grab.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18CD8902-A050-4FE3-8237-FC532CF5AB02}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D95F6152-71DE-4F51-9875-E17FD2F4BFCE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34fcaf93-0b16-11e0-b026-001b386146af}\Shell - "" = AutoRun
O33 - MountPoints2\{34fcaf93-0b16-11e0-b026-001b386146af}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 11:39:01 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{99B3D3D0-8B7C-4D9A-B72A-1E8A980C30AD}
[2012/03/31 11:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/31 11:21:51 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kathryn\Desktop\tdsskiller.exe
[2012/03/31 11:12:23 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\tdsskiller
[2012/03/31 11:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
[2012/03/31 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{EE3C9010-2382-4782-B913-A65D3D34EC52}
[2012/03/30 21:39:26 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Kathryn\Desktop\OTL.exe
[2012/03/30 21:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\RK_Quarantine
[2012/03/30 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\TouchPad_Synaptics_13.2.4.12_W7x86W7x64_A
[2012/03/30 20:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/03/30 20:40:40 | 000,070,656 | ---- | C] (ENE TECHNOLOGY INC.) -- C:\Windows\SysNative\drivers\enecir.sys
[2012/03/30 20:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/30 20:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/30 20:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Acer
[2012/03/30 20:28:26 | 000,000,000 | ---D | C] -- C:\OEM
[2012/03/30 20:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[2012/03/30 20:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2012/03/30 20:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/03/30 20:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/03/30 19:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012/03/30 19:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/03/30 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{0F144771-2E92-477E-9882-75BECEC36A91}
[2012/03/30 19:34:54 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{71EC252A-53B6-4C21-9B10-9D5C16E9E55A}
[2012/03/30 19:25:45 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{36869CCC-EF97-416F-87E9-4B9BE81D189C}
[2012/03/30 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Roaming\Malwarebytes
[2012/03/30 17:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/30 17:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/30 17:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/30 17:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/30 17:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/30 17:29:15 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{D7C2AA00-7CA0-4256-ACF8-54DDD3B2E33D}
[2012/03/30 16:58:02 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{687D8A03-FF68-4BFA-A029-AA2D77AF22CD}
[2012/03/30 16:53:56 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{CC97CFB5-136C-43C3-9D37-6757315E49A6}
[2012/03/30 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{898E71D0-7EDA-44B4-B374-2AD3A3EA1A23}
[2012/03/30 16:29:20 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{27D6CF7A-93D4-4108-ACD5-323F84A300B9}
[2012/03/30 16:10:32 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{605BA886-23F1-43DE-BF84-0E75F32D381E}
[2012/03/30 16:04:50 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{2CFA5AD4-2371-427E-9795-4C0EBE36FDDD}
[2012/03/29 12:49:21 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{852B8AF7-A823-4502-9547-CA07162C4E83}
[2012/03/29 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/03/28 09:49:20 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{ABB25B1E-479B-4ACC-ADB6-1F5A8454BC8E}
[2012/03/28 09:49:07 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{D8F34EF0-33BF-4543-8DF6-210F010F3969}
[2012/03/22 07:55:21 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{46AAF1C6-83DE-401A-8A63-51A223FB3473}
[2012/03/22 07:55:09 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{845D0E49-DDE4-4D2B-AD66-169436C18E5C}
[2012/03/21 16:28:28 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\GAME DOWNLOADS
[2012/03/19 15:08:35 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\mp3 player
[2012/03/17 19:08:47 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{8C03CC93-DD20-4691-B2B6-465C017845F1}
[2012/03/14 03:26:15 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{F1ECE6D4-3ABC-4FC2-AF00-77436BEA5CAC}
[2012/03/14 03:26:02 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{145086C7-5A64-4D26-BC1D-C6D9C48B026F}
[2012/03/11 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\music cell
[2012/03/11 20:00:31 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\pics from cell
[2012/03/11 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\media card
[2012/03/11 09:40:07 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{9E1B5976-55A6-4564-BA8A-E8C2BE44FCCE}
[2010/12/19 10:04:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Kathryn\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/03/31 14:42:25 | 000,017,168 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 14:42:25 | 000,017,168 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 14:38:53 | 000,733,756 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/31 14:38:53 | 000,629,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/31 14:38:53 | 000,108,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/31 14:34:28 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/03/31 14:34:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/31 14:34:09 | 1602,752,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 11:25:17 | 127,731,592 | ---- | M] () -- C:\Users\Kathryn\Desktop\setup_11.0.0.1245.x01_2012_03_31_17_22.exe
[2012/03/31 11:21:59 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kathryn\Desktop\tdsskiller.exe
[2012/03/31 11:00:58 | 000,008,782 | ---- | M] () -- C:\Users\Kathryn\Documents\cc_20120331_110054.reg
[2012/03/30 21:39:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kathryn\Desktop\OTL.exe
[2012/03/30 21:32:57 | 001,261,056 | ---- | M] () -- C:\Users\Kathryn\Desktop\RogueKiller.exe
[2012/03/30 20:41:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_enecir_01009.Wdf
[2012/03/30 20:11:38 | 000,415,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/30 20:00:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/03/30 19:52:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/03/30 19:29:40 | 000,187,532 | ---- | M] () -- C:\Users\Kathryn\Documents\cc_20120330_192929.reg
[2012/03/30 17:57:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/30 17:56:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/29 12:43:03 | 000,000,200 | ---- | M] () -- C:\ProgramData\-dfnS9IsPcT1OQDr
[2012/03/29 12:43:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\-dfnS9IsPcT1OQD
[2012/03/29 12:43:02 | 000,000,671 | ---- | M] () -- C:\Users\Kathryn\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/03/29 12:42:57 | 000,000,256 | ---- | M] () -- C:\ProgramData\dfnS9IsPcT1OQD

========== Files Created - No Company Name ==========

[2012/03/31 11:21:34 | 127,731,592 | ---- | C] () -- C:\Users\Kathryn\Desktop\setup_11.0.0.1245.x01_2012_03_31_17_22.exe
[2012/03/31 11:00:57 | 000,008,782 | ---- | C] () -- C:\Users\Kathryn\Documents\cc_20120331_110054.reg
[2012/03/30 21:33:02 | 001,261,056 | ---- | C] () -- C:\Users\Kathryn\Desktop\RogueKiller.exe
[2012/03/30 20:41:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_enecir_01009.Wdf
[2012/03/30 20:00:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/03/30 19:52:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/03/30 19:29:35 | 000,187,532 | ---- | C] () -- C:\Users\Kathryn\Documents\cc_20120330_192929.reg
[2012/03/30 17:57:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/30 17:56:46 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/29 12:43:03 | 000,000,200 | ---- | C] () -- C:\ProgramData\-dfnS9IsPcT1OQDr
[2012/03/29 12:43:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\-dfnS9IsPcT1OQD
[2012/03/29 12:43:02 | 000,000,671 | ---- | C] () -- C:\Users\Kathryn\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/03/29 12:42:55 | 000,000,256 | ---- | C] () -- C:\ProgramData\dfnS9IsPcT1OQD
[2012/03/20 11:13:22 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/03/11 20:13:31 | 000,148,036 | ---- | C] () -- C:\Users\Kathryn\Documents\_invoice.pdf
[2011/11/25 20:25:47 | 000,007,609 | ---- | C] () -- C:\Users\Kathryn\AppData\Local\resmon.resmoncfg
[2011/10/26 13:41:13 | 000,202,529 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/10/26 13:41:13 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011/04/03 16:54:39 | 000,069,120 | ---- | C] () -- C:\Users\Kathryn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 22:34:09 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/02 21:08:50 | 000,735,110 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/24 01:09:51 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2010/12/24 01:09:51 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2010/12/24 01:09:46 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2010/12/24 01:09:45 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2010/12/24 01:09:45 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2010/12/24 01:09:45 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2010/12/19 10:04:09 | 000,099,384 | ---- | C] () -- C:\Users\Kathryn\AppData\Roaming\inst.exe
[2010/12/19 10:04:09 | 000,007,859 | ---- | C] () -- C:\Users\Kathryn\AppData\Roaming\pcouffin.cat
[2010/12/19 10:04:09 | 000,001,167 | ---- | C] () -- C:\Users\Kathryn\AppData\Roaming\pcouffin.inf
[2010/12/19 09:49:07 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIBUN4.dll
[2010/12/19 09:47:38 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTICDMK7.dll
[2010/12/19 09:47:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIMPEG2.dll
[2010/12/19 09:47:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIMP3.dll
[2010/12/19 09:47:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIFCD3.dll
[2010/12/19 09:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2012/02/16 21:14:54 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\.minecraft
[2012/03/30 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Azureus
[2012/02/20 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\BitZipper
[2011/05/03 21:41:34 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\DriverFinder
[2011/01/12 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Foxit Software
[2011/08/21 14:26:58 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\FrostWire
[2011/04/26 23:33:53 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\NCH Swift Sound
[2010/12/19 10:00:57 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Outertech
[2011/11/13 15:52:56 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Research In Motion
[2012/03/30 22:55:36 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\uTorrent
[2010/12/19 10:04:23 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Vso
[2010/12/20 13:17:17 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Windows Live Writer
[2012/03/31 14:34:28 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2012/01/23 04:18:17 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
tetley

tetley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Just thought I'd add an updated OTL report. I think I have this clean now. Just need someone to confirm it.

OTL logfile created on: 4/1/2012 3:47:30 PM - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kathryn\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.74% Memory free
3.98 Gb Paging File | 2.89 Gb Available in Paging File | 72.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 112.94 Gb Free Space | 24.25% Space Free | Partition Type: NTFS

Computer Name: KATHRYN-PC | User Name: Kathryn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/01 15:46:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kathryn\Desktop\OTL.exe
PRC - [2012/02/06 17:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/06 17:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/16 19:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/19 10:04:09 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/11/02 12:19:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/23 20:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/02/01 13:52:28 | 000,191,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2007/08/08 18:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/10/12 20:21:10 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVicPort64.sys -- (TVicPort64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/10/12 20:21:10 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\TVicPort64.sys -- (TVicPort64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 BC 80 AD 11 9F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DCC6EFF5-974A-4DA4-9D0E-5B5A0B7ED513}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.6000
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.367
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/26 13:52:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/26 13:52:26 | 000,000,000 | ---D | M]

[2010/12/19 09:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathryn\AppData\Roaming\Mozilla\Extensions
[2012/03/11 09:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathryn\AppData\Roaming\Mozilla\Firefox\Profiles\upo12062.default\extensions
[2012/03/11 09:40:24 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Kathryn\AppData\Roaming\Mozilla\Firefox\Profiles\upo12062.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
() (No name found) -- C:\USERS\KATHRYN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPO12062.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/12 12:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2012/03/31 11:07:01 | 000,000,843 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files (x86)\Media Player Utilities 4.36\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files (x86)\Media Player Utilities 4.36\AMVConverter\grab.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18CD8902-A050-4FE3-8237-FC532CF5AB02}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D95F6152-71DE-4F51-9875-E17FD2F4BFCE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34fcaf93-0b16-11e0-b026-001b386146af}\Shell - "" = AutoRun
O33 - MountPoints2\{34fcaf93-0b16-11e0-b026-001b386146af}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 15:46:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Kathryn\Desktop\OTL.exe
[2012/04/01 14:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2012/04/01 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{4955F9D7-72E0-4822-B81C-A9B3A4648CF7}
[2012/04/01 14:10:20 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{6954F2EC-4CAE-4A14-8AC4-9FDFC757E0B4}
[2012/04/01 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{24ABEA6F-A3AB-4ABE-9E53-98A72461FFB1}
[2012/04/01 11:21:47 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{ED5B952E-E2D0-4DC9-83F5-791CF5E03153}
[2012/03/31 11:39:01 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{99B3D3D0-8B7C-4D9A-B72A-1E8A980C30AD}
[2012/03/31 11:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/31 11:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
[2012/03/31 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{EE3C9010-2382-4782-B913-A65D3D34EC52}
[2012/03/30 20:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/03/30 20:40:40 | 000,070,656 | ---- | C] (ENE TECHNOLOGY INC.) -- C:\Windows\SysNative\drivers\enecir.sys
[2012/03/30 20:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/30 20:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/30 20:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Acer
[2012/03/30 20:28:26 | 000,000,000 | ---D | C] -- C:\OEM
[2012/03/30 20:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[2012/03/30 20:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2012/03/30 20:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/03/30 20:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/03/30 19:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012/03/30 19:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/03/30 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{0F144771-2E92-477E-9882-75BECEC36A91}
[2012/03/30 19:34:54 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{71EC252A-53B6-4C21-9B10-9D5C16E9E55A}
[2012/03/30 19:25:45 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{36869CCC-EF97-416F-87E9-4B9BE81D189C}
[2012/03/30 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Roaming\Malwarebytes
[2012/03/30 17:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/30 17:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/30 17:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/30 17:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/30 17:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/30 17:29:15 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{D7C2AA00-7CA0-4256-ACF8-54DDD3B2E33D}
[2012/03/30 16:58:02 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{687D8A03-FF68-4BFA-A029-AA2D77AF22CD}
[2012/03/30 16:53:56 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{CC97CFB5-136C-43C3-9D37-6757315E49A6}
[2012/03/30 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{898E71D0-7EDA-44B4-B374-2AD3A3EA1A23}
[2012/03/30 16:29:20 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{27D6CF7A-93D4-4108-ACD5-323F84A300B9}
[2012/03/30 16:10:32 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{605BA886-23F1-43DE-BF84-0E75F32D381E}
[2012/03/30 16:04:50 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{2CFA5AD4-2371-427E-9795-4C0EBE36FDDD}
[2012/03/29 12:49:21 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{852B8AF7-A823-4502-9547-CA07162C4E83}
[2012/03/29 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/03/28 09:49:20 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{ABB25B1E-479B-4ACC-ADB6-1F5A8454BC8E}
[2012/03/28 09:49:07 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{D8F34EF0-33BF-4543-8DF6-210F010F3969}
[2012/03/22 07:55:21 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{46AAF1C6-83DE-401A-8A63-51A223FB3473}
[2012/03/22 07:55:09 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{845D0E49-DDE4-4D2B-AD66-169436C18E5C}
[2012/03/21 16:28:28 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\GAME DOWNLOADS
[2012/03/19 15:08:35 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\mp3 player
[2012/03/17 19:08:47 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{8C03CC93-DD20-4691-B2B6-465C017845F1}
[2012/03/14 03:26:15 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{F1ECE6D4-3ABC-4FC2-AF00-77436BEA5CAC}
[2012/03/14 03:26:02 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{145086C7-5A64-4D26-BC1D-C6D9C48B026F}
[2012/03/11 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\music cell
[2012/03/11 20:00:31 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\pics from cell
[2012/03/11 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\Desktop\media card
[2012/03/11 09:40:07 | 000,000,000 | ---D | C] -- C:\Users\Kathryn\AppData\Local\{9E1B5976-55A6-4564-BA8A-E8C2BE44FCCE}
[2010/12/19 10:04:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Kathryn\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/04/01 15:47:13 | 000,017,168 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/01 15:47:13 | 000,017,168 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/01 15:46:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kathryn\Desktop\OTL.exe
[2012/04/01 14:28:48 | 000,733,756 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/01 14:28:48 | 000,629,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/01 14:28:48 | 000,108,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/01 14:24:33 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/04/01 14:24:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/01 14:24:14 | 1602,752,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 11:00:58 | 000,008,782 | ---- | M] () -- C:\Users\Kathryn\Documents\cc_20120331_110054.reg
[2012/03/30 20:41:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_enecir_01009.Wdf
[2012/03/30 20:11:38 | 000,415,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/30 20:00:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/03/30 19:52:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/03/30 19:29:40 | 000,187,532 | ---- | M] () -- C:\Users\Kathryn\Documents\cc_20120330_192929.reg
[2012/03/30 17:57:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/30 17:56:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/29 12:43:03 | 000,000,200 | ---- | M] () -- C:\ProgramData\-dfnS9IsPcT1OQDr
[2012/03/29 12:43:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\-dfnS9IsPcT1OQD
[2012/03/29 12:43:02 | 000,000,671 | ---- | M] () -- C:\Users\Kathryn\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/03/29 12:42:57 | 000,000,256 | ---- | M] () -- C:\ProgramData\dfnS9IsPcT1OQD

========== Files Created - No Company Name ==========

[2012/03/31 11:00:57 | 000,008,782 | ---- | C] () -- C:\Users\Kathryn\Documents\cc_20120331_110054.reg
[2012/03/30 20:41:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_enecir_01009.Wdf
[2012/03/30 20:00:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/03/30 19:52:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/03/30 19:29:35 | 000,187,532 | ---- | C] () -- C:\Users\Kathryn\Documents\cc_20120330_192929.reg
[2012/03/30 17:57:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/30 17:56:46 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/29 12:43:03 | 000,000,200 | ---- | C] () -- C:\ProgramData\-dfnS9IsPcT1OQDr
[2012/03/29 12:43:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\-dfnS9IsPcT1OQD
[2012/03/29 12:43:02 | 000,000,671 | ---- | C] () -- C:\Users\Kathryn\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/03/29 12:42:55 | 000,000,256 | ---- | C] () -- C:\ProgramData\dfnS9IsPcT1OQD
[2012/03/20 11:13:22 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/03/11 20:13:31 | 000,148,036 | ---- | C] () -- C:\Users\Kathryn\Documents\_invoice.pdf
[2011/11/25 20:25:47 | 000,007,609 | ---- | C] () -- C:\Users\Kathryn\AppData\Local\resmon.resmoncfg
[2011/10/26 13:41:13 | 000,202,529 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/10/26 13:41:13 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011/04/03 16:54:39 | 000,069,120 | ---- | C] () -- C:\Users\Kathryn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 22:34:09 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/02 21:08:50 | 000,735,110 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/24 01:09:51 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2010/12/24 01:09:51 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2010/12/24 01:09:46 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2010/12/24 01:09:45 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2010/12/24 01:09:45 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2010/12/24 01:09:45 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2010/12/19 10:04:09 | 000,099,384 | ---- | C] () -- C:\Users\Kathryn\AppData\Roaming\inst.exe
[2010/12/19 10:04:09 | 000,007,859 | ---- | C] () -- C:\Users\Kathryn\AppData\Roaming\pcouffin.cat
[2010/12/19 10:04:09 | 000,001,167 | ---- | C] () -- C:\Users\Kathryn\AppData\Roaming\pcouffin.inf
[2010/12/19 09:49:07 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIBUN4.dll
[2010/12/19 09:47:38 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTICDMK7.dll
[2010/12/19 09:47:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIMPEG2.dll
[2010/12/19 09:47:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIMP3.dll
[2010/12/19 09:47:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIFCD3.dll
[2010/12/19 09:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2012/02/16 21:14:54 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\.minecraft
[2012/03/30 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Azureus
[2012/02/20 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\BitZipper
[2011/05/03 21:41:34 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\DriverFinder
[2011/01/12 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Foxit Software
[2011/08/21 14:26:58 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\FrostWire
[2011/04/26 23:33:53 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\NCH Swift Sound
[2010/12/19 10:00:57 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Outertech
[2011/11/13 15:52:56 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Research In Motion
[2012/03/30 22:55:36 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\uTorrent
[2010/12/19 10:04:23 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Vso
[2010/12/20 13:17:17 | 000,000,000 | ---D | M] -- C:\Users\Kathryn\AppData\Roaming\Windows Live Writer
[2012/04/01 14:24:33 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2012/01/23 04:18:17 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP