Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mysterious folders appeared on my D drive (not system one) and I can&#


  • Please log in to reply

#1
EagerToLearn

EagerToLearn

    Member

  • Member
  • PipPip
  • 30 posts

As usual, I have all my system and program files on C and my personal files on D. but almost since installation, I've had a folder that appeared out of the blue in my D partition. It has a weird name (253b04b30c6e1ea8216cf90060e0).

I have tried to delete it and its sub folders but I just can't; my computer keeps sending me the message that I need administrator privileges. Then it tells me I need SYSTEM (in capitals, like that) privileges.
I am the administrator; I have no user accounts on my computer. No one else uses my computer.

The worst part is, every so often I get warnings from my antivirus that a program wants access to internet, and the program is an exe file located in that folder. I'm sure it's a virus. I just can't delete it.

And now there's another weird folder that I can't delete, so now there's two of them. It, too, has a random looking name (7e1441c243de947e8d352ab5ce2211).

How do I get rid of them?


Here's the log from OTL:


OTL logfile created on: 3/21/2013 11:35:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Adicionales\Mis instaladores
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000540a | Country: Estados Unidos | Language: EST | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 5.53 Gb Available Physical Memory | 70.12% Memory free
15.76 Gb Paging File | 13.06 Gb Available in Paging File | 82.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 56.85 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
Drive D: | 833.86 Gb Total Space | 273.84 Gb Free Space | 32.84% Space Free | Partition Type: NTFS

Computer Name: ALFREDOCÓSAR-PC | User Name: Alfredo Cósar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/21 11:19:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Adicionales\Mis instaladores\OTL.exe
PRC - [2013/02/16 19:57:44 | 000,916,480 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2012/01/05 06:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/01/07 12:25:42 | 000,574,720 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Telmex\Antivirus\ApVxdWin.exe
PRC - [2009/09/17 11:17:32 | 000,293,120 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Telmex\Antivirus\pavsrvx86.exe
PRC - [2009/09/07 15:40:04 | 000,198,400 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Telmex\Antivirus\AVENGINE.EXE
PRC - [2009/08/25 12:28:20 | 000,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Telmex\Antivirus\PskSvc.exe
PRC - [2009/08/10 12:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Telmex\Antivirus\PsCtrls.exe
PRC - [2009/08/10 12:45:52 | 000,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Telmex\Antivirus\PavFnSvr.exe
PRC - [2009/07/30 16:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/04/23 11:31:16 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\PROGRAM FILES (X86)\TELMEX\ANTIVIRUS\WebProxy.exe
PRC - [2009/04/17 09:17:28 | 000,173,824 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Telmex\Antivirus\TPSrvWow.exe
PRC - [2009/04/08 09:56:24 | 000,226,560 | ---- | M] (Panda Security International) -- c:\program files (x86)\telmex\antivirus\firewall\PSHOST.EXE
PRC - [2009/03/09 11:46:46 | 000,073,392 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe
PRC - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Telmex\Antivirus\PsImSvc.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/06 09:00:18 | 000,821,248 | ---- | M] () -- C:\Program Files (x86)\Telmex\Antivirus\PLATCTRL.BPL


========== Services (SafeList) ==========

SRV:64bit: - [2011/12/08 11:31:40 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/13 17:32:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/12 17:24:26 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/08 11:37:14 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 11:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/17 11:17:32 | 000,293,120 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Telmex\Antivirus\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/08/25 12:28:20 | 000,028,928 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Telmex\Antivirus\PskSvc.exe -- (PskSvcRetail)
SRV - [2009/08/10 12:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Telmex\Antivirus\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/08/10 12:45:52 | 000,169,216 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Telmex\Antivirus\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/17 09:17:28 | 000,173,824 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Telmex\Antivirus\TPSrvWow.exe -- (TPSrv)
SRV - [2009/04/08 09:56:24 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files (x86)\telmex\antivirus\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/03/09 11:46:46 | 000,073,392 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
SRV - [2008/07/02 13:09:42 | 000,072,448 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Telmex\Antivirus\Gwmsrv64.dll -- (Gwmsrv)
SRV - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Telmex\Antivirus\PsImSvc.exe -- (PSIMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/05 22:36:55 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/01/05 06:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 06:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 06:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/06 06:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/29 04:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/30 22:07:44 | 000,116,744 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\APPFLT64.SYS -- (APPFLT)
DRV:64bit: - [2009/09/09 09:29:18 | 000,214,536 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\n64i1639.sys -- (NETIMFLT01060039)
DRV:64bit: - [2009/08/06 11:29:18 | 000,057,352 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/16 12:33:02 | 000,074,760 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wnmflt64.sys -- (WNMFLT)
DRV:64bit: - [2009/06/16 12:33:00 | 000,170,504 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NETTDI64.SYS -- (NETFLTDI)
DRV:64bit: - [2009/06/16 12:33:00 | 000,078,856 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idsflt64.sys -- (IDSFLT)
DRV:64bit: - [2009/06/16 12:32:58 | 000,082,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\dsaflt64.sys -- (DSAFLT)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/06 15:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2008/03/28 10:25:06 | 000,031,800 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fnetm64.sys -- (FNETMON)
DRV - [2010/10/07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...e={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...e={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ncr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latino.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 7B C8 6E 7B 0D CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...e={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...e={installDate}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...e={installDate}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Telmex\Antivirus\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Telmex\Antivirus\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 190.81.125.5 200.108.96.220 200.108.96.217
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23FD818B-1647-473D-82A2-F4986E8975BB}: DhcpNameServer = 190.81.125.5 200.108.96.220 200.108.96.217
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (Panda Security, S.L.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/21 10:48:53 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{ECB0CF3A-49C9-4282-964A-0BF7D1199E34}
[2013/03/20 21:30:49 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{4351504A-E095-4215-940A-96CEB715D13B}
[2013/03/20 01:19:34 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{3C2D800E-8FD3-4304-A573-F6D8A75DAB65}
[2013/03/19 17:50:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/03/19 17:50:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/03/19 13:19:08 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{C451939D-95E2-47D6-85EB-3EFF17B5B905}
[2013/03/18 22:08:21 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{1600F161-1C6F-4B7E-A06D-8820D45196BB}
[2013/03/18 10:07:51 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{80189BC8-99B4-4824-8B7C-EC8CA93299AF}
[2013/03/17 18:35:43 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{D5DC93BA-FC67-4927-9DA0-1A4CA2B4DE48}
[2013/03/16 12:43:14 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{01729F4E-C581-4959-8584-6E29FF33A4F3}
[2013/03/16 00:42:27 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{A4D5C51E-08CB-44BC-957D-2AD96BE1000D}
[2013/03/15 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{52A9CEAE-C90C-410A-9EFF-519D451D2D0C}
[2013/03/14 23:08:09 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{4B7A14D3-0123-46C0-8DBE-6CDA703C86F9}
[2013/03/14 11:07:39 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{09CD800E-6A13-4BC6-9439-3883DD578964}
[2013/03/13 18:44:59 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{F3B6482A-13FA-41A4-849D-D1683655D9D6}
[2013/03/13 18:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 18:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 18:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 08:39:03 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{F5DE3DDC-7213-43D3-A93C-5D3A74E944A6}
[2013/03/11 19:20:50 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{8563F29B-72C4-4544-9DB1-E4F2CC0C014C}
[2013/03/10 13:56:34 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\Desktop\arreglar impresora
[2013/03/10 13:50:17 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{23CFBCDD-6EBC-47D2-92B2-D48CB4FDCACA}
[2013/03/10 09:16:28 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\Desktop\real time treetrunks
[2013/03/09 15:49:44 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\Media Player Classic
[2013/03/09 12:34:16 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\Sony Corporation
[2013/03/09 12:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013/03/09 12:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Content Transfer
[2013/03/09 12:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2013/03/09 12:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013/03/09 12:25:07 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\Downloaded Installations
[2013/03/09 11:37:35 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{7B0E8D6C-1F52-443A-9BAE-E73C910FF751}
[2013/03/08 22:12:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/03/08 16:37:23 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\Desktop\stopwatches
[2013/03/08 15:46:32 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{B5B067CD-187F-428D-8AC5-4A736AE319C6}
[2013/03/07 21:46:45 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{FD9904DA-2BC5-43DB-92AF-BE0E9AE4F4B5}
[2013/03/06 15:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013/03/06 15:02:41 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\HP
[2013/03/06 15:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/03/06 15:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013/03/06 14:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/03/06 14:34:53 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{4BBB3FE8-37BA-42A4-A145-6F273EE5FC6B}
[2013/03/05 22:05:22 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{E9406420-526F-47BF-B9DC-8036DF31D193}
[2013/03/05 11:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/03/05 09:05:50 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\Documents\Ulead VideoStudio
[2013/03/05 09:03:59 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\Ulead Systems
[2013/03/05 09:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2013/03/05 09:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 11
[2013/03/05 09:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2013/03/05 09:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2013/03/05 09:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ulead Systems
[2013/03/05 09:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2013/03/05 08:29:39 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{21BFA954-846D-498D-972E-170FC628E8CD}
[2013/03/04 18:53:28 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{DE7F112C-E63A-48A6-B2B5-ED6E41ACE7CA}
[2013/03/03 21:45:17 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{87EBD924-1CDE-4E79-BDC8-23CF9D3B4872}
[2013/03/03 11:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[2013/03/03 11:51:35 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\FreeVideoConverter
[2013/03/03 11:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video Converter
[2013/03/03 09:44:52 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{19EC6CCC-0ACE-4733-9235-83317C841B86}
[2013/03/02 17:49:37 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{49BCFA73-F97C-4775-AB05-E8D33BD370FB}
[2013/03/02 05:48:47 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{7370940A-57BE-4BE3-9617-99999044E9F2}
[2013/03/01 16:09:55 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{2500C168-91B4-4885-9069-3E17DEA97B75}
[2013/03/01 00:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013/03/01 00:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp
[2013/03/01 00:03:49 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{7300218B-6ED7-4773-8CC0-6E9D95812D64}
[2013/02/28 21:41:50 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\ProgSense
[2013/02/28 21:41:50 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/02/28 21:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2013/02/28 21:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2013/02/28 21:41:46 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\Orbit
[2013/02/28 21:41:46 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\OpenCandy
[2013/02/28 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{C8DA880A-6CC7-4E97-9723-F4AE0218E964}
[2013/02/27 15:53:21 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{31FDFB55-069C-43E5-B398-0E7757E627F0}
[2013/02/26 15:17:22 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{D71971BD-19BD-4B62-B3F2-2DA3C248B06B}
[2013/02/25 16:01:16 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{3F77370E-CFBC-42B8-9987-61CD3EBC2AC9}
[2013/02/25 00:05:09 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{18D253D7-3F48-4DE8-B0C1-B4277EFD7D38}
[2013/02/24 17:57:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/24 16:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013/02/24 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\Ares
[2013/02/24 16:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2013/02/24 16:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ares
[2013/02/24 15:31:08 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2013/02/24 15:30:51 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\Telmex
[2013/02/24 15:29:35 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\Documents\Updater5
[2013/02/24 15:28:42 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\Adobe
[2013/02/24 15:27:24 | 000,082,952 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\dsaflt64.sys
[2013/02/24 15:27:24 | 000,078,856 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\idsflt64.sys
[2013/02/24 15:27:24 | 000,074,760 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\wnmflt64.sys
[2013/02/24 15:27:18 | 000,170,504 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\NETTDI64.SYS
[2013/02/24 15:27:18 | 000,116,744 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\APPFLT64.SYS
[2013/02/24 15:27:18 | 000,031,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\fnetm64.sys
[2013/02/24 15:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus
[2013/02/24 15:27:15 | 000,046,640 | ---- | C] (Panda Software) -- C:\Windows\SysNative\pavcpl64.cpl
[2013/02/24 15:26:53 | 000,838,400 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavSHook64.dll
[2013/02/24 15:26:53 | 000,545,536 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavSHookWow.dll
[2013/02/24 15:26:53 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\HHActiveX.dll
[2013/02/24 15:26:53 | 000,325,376 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\TpUtil64.dll
[2013/02/24 15:26:53 | 000,214,536 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\n64i1639.sys
[2013/02/24 15:26:53 | 000,201,984 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\TpUtilWow.dll
[2013/02/24 15:26:53 | 000,116,992 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavLspHook64.dll
[2013/02/24 15:26:53 | 000,092,928 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavIpc64.dll
[2013/02/24 15:26:53 | 000,087,296 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavLspHookWow.dll
[2013/02/24 15:26:53 | 000,066,816 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavIpcWow.dll
[2013/02/24 15:26:53 | 000,057,352 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\amm6460.sys
[2013/02/24 15:26:53 | 000,053,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\avldr64.dll
[2013/02/24 15:26:53 | 000,025,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\sysHelper64.dll
[2013/02/24 15:26:53 | 000,025,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\sysHelper32.dll
[2013/02/24 15:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telmex
[2013/02/24 15:26:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
[2013/02/24 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\Telmex
[2013/02/24 15:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Telmex
[2013/02/24 15:26:34 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2013/02/24 12:04:44 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{3E7C4A0D-603E-4A66-B6DC-7B5587DDBC6F}
[2013/02/23 22:28:43 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{21BDD717-299C-45F6-93BD-BB70ABF32B91}
[2013/02/23 02:23:45 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\WinRAR
[2013/02/22 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{A72B1017-B1BE-44C4-B0AA-1E9CFBF87AEF}
[2013/02/22 05:42:52 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{5FF9C10E-FB14-4333-ABCD-69909851D6B6}
[2013/02/21 14:17:13 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{DB03388A-FB79-4010-B5FE-F1A9DE8847A0}
[2013/02/21 14:17:13 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{4E7764E6-108E-4FE4-8E6E-6E9407E65044}
[2013/02/21 01:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/02/20 23:09:55 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\Documents\Corel User Files
[2013/02/20 16:40:57 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{C3290DAB-A047-45E0-87D3-F827F534B33D}
[2013/02/19 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Roaming\Corel
[2013/02/19 21:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12
[2013/02/19 21:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2013/02/19 21:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2013/02/19 15:49:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/19 14:19:55 | 000,000,000 | ---D | C] -- C:\Users\Alfredo Cósar\AppData\Local\{595E2764-6044-4635-AEBE-A118A7134181}
[2013/02/19 14:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/02/19 14:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

========== Files - Modified Within 30 Days ==========

[2013/03/21 11:35:21 | 000,051,272 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\mysterious fodlers.png
[2013/03/21 11:16:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/21 11:03:30 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 11:03:30 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 11:02:11 | 001,416,774 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/03/21 11:02:11 | 000,822,028 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/21 11:02:11 | 000,370,474 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/03/21 11:02:11 | 000,303,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/21 11:02:11 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/21 10:57:37 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck
[2013/03/21 10:57:37 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls
[2013/03/21 10:57:37 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck
[2013/03/21 10:57:37 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG
[2013/03/21 10:57:37 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck
[2013/03/21 10:57:37 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg
[2013/03/21 10:57:37 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck
[2013/03/21 10:57:37 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt
[2013/03/21 10:57:37 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck
[2013/03/21 10:57:37 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg
[2013/03/21 10:57:37 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg.bck
[2013/03/21 10:57:37 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg
[2013/03/21 10:57:37 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck
[2013/03/21 10:57:37 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg
[2013/03/21 10:57:33 | 000,276,816 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck
[2013/03/21 10:57:33 | 000,276,816 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT
[2013/03/21 10:56:33 | 000,000,216 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/03/21 10:56:27 | 000,000,120 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck
[2013/03/21 10:56:27 | 000,000,120 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg
[2013/03/21 10:56:26 | 000,000,076 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck
[2013/03/21 10:56:26 | 000,000,076 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt
[2013/03/21 10:56:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/21 10:56:01 | 2052,726,783 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/21 04:18:29 | 000,190,009 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\voto cruzado BS copia.png
[2013/03/21 04:16:29 | 000,735,520 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\voto cruzado BS.psd
[2013/03/20 08:55:01 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013/03/19 23:03:54 | 000,009,269 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\car-transaprent PNG.png
[2013/03/19 17:48:59 | 029,308,715 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\touring ruta a y b.psd
[2013/03/16 19:48:58 | 001,053,454 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\how to flip mirror view on ulead 11.psd
[2013/03/16 17:09:17 | 000,053,760 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\TryTeens - Alicia (best of HD).VSP
[2013/03/11 20:34:43 | 000,642,556 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\susana brazos cruados.png
[2013/03/10 20:51:06 | 000,228,990 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\alone.png
[2013/03/10 09:15:40 | 000,811,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/08 00:53:28 | 000,449,930 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\marcoturbiocomparado.png
[2013/03/08 00:52:24 | 000,134,589 | ---- | M] () -- C:\Users\Alfredo Cósar\Desktop\evolution of cameras.png
[2013/03/06 15:02:39 | 000,164,753 | ---- | M] () -- C:\Windows\hppins20.dat
[2013/03/06 15:00:55 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/03/05 22:47:24 | 000,164,553 | ---- | M] () -- C:\Windows\hppins20.dat.temp
[2013/03/04 23:45:48 | 931,565,690 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/24 15:28:31 | 000,002,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
[2013/02/24 15:27:29 | 000,000,193 | ---- | M] () -- C:\Windows\SysNative\PavCPL64.dat
[2013/02/22 23:07:23 | 000,000,000 | RHS- | M] () -- C:\winx.ld
[2013/02/22 23:07:22 | 000,204,868 | RHS- | M] () -- C:\grldr
[2013/02/22 02:01:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2013/03/21 11:35:20 | 000,051,272 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\mysterious fodlers.png
[2013/03/21 04:18:18 | 000,190,009 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\voto cruzado BS copia.png
[2013/03/21 02:56:08 | 000,735,520 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\voto cruzado BS.psd
[2013/03/19 23:03:53 | 000,009,269 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\car-transaprent PNG.png
[2013/03/19 00:43:42 | 029,308,715 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\touring ruta a y b.psd
[2013/03/16 19:48:57 | 001,053,454 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\how to flip mirror view on ulead 11.psd
[2013/03/12 13:17:38 | 000,053,760 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\TryTeens - Alicia (best of HD).VSP
[2013/03/11 20:30:05 | 000,642,556 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\susana brazos cruados.png
[2013/03/10 20:51:05 | 000,228,990 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\alone.png
[2013/03/08 00:53:27 | 000,449,930 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\marcoturbiocomparado.png
[2013/03/08 00:52:22 | 000,134,589 | ---- | C] () -- C:\Users\Alfredo Cósar\Desktop\evolution of cameras.png
[2013/03/06 15:00:55 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/03/05 14:53:17 | 000,164,553 | ---- | C] () -- C:\Windows\hppins20.dat.temp
[2013/03/05 14:53:17 | 000,006,259 | ---- | C] () -- C:\Windows\hppmdl20.dat.temp
[2013/03/05 12:23:15 | 000,164,753 | ---- | C] () -- C:\Windows\hppins20.dat
[2013/03/05 12:23:15 | 000,006,259 | ---- | C] () -- C:\Windows\hppmdl20.dat
[2013/03/05 09:01:28 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2013/03/05 09:01:28 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2013/03/05 09:01:28 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2013/03/05 09:01:28 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2013/03/05 09:01:28 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2013/03/05 09:01:28 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2013/02/24 17:57:41 | 931,565,690 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/24 15:42:54 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013/02/24 15:28:31 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
[2013/02/24 15:28:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2013/02/24 15:27:29 | 000,000,193 | ---- | C] () -- C:\Windows\SysNative\PavCPL64.dat
[2013/02/24 15:27:28 | 000,276,816 | ---- | C] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck
[2013/02/24 15:27:28 | 000,276,816 | ---- | C] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT
[2013/02/24 15:27:28 | 000,001,132 | ---- | C] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck
[2013/02/24 15:27:28 | 000,001,132 | ---- | C] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG
[2013/02/22 23:07:23 | 000,000,000 | RHS- | C] () -- C:\winx.ld
[2013/02/22 23:07:22 | 000,204,868 | RHS- | C] () -- C:\grldr
[2013/02/22 02:01:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/02/17 22:53:12 | 000,614,400 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2013/02/17 22:53:12 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/02/17 19:45:48 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/02/17 19:45:47 | 012,978,688 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2013/02/17 19:45:47 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/02/17 19:45:47 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/02/17 19:32:35 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/03 11:52:00 | 000,000,000 | ---D | M] -- C:\Users\Alfredo Cósar\AppData\Roaming\FreeVideoConverter
[2013/02/28 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\Alfredo Cósar\AppData\Roaming\OpenCandy
[2013/03/19 01:47:46 | 000,000,000 | ---D | M] -- C:\Users\Alfredo Cósar\AppData\Roaming\Orbit
[2013/02/28 21:41:50 | 000,000,000 | ---D | M] -- C:\Users\Alfredo Cósar\AppData\Roaming\ProgSense
[2013/02/24 15:26:52 | 000,000,000 | ---D | M] -- C:\Users\Alfredo Cósar\AppData\Roaming\Telmex
[2013/02/17 21:48:39 | 000,000,000 | ---D | M] -- C:\Users\Alfredo Cósar\AppData\Roaming\TuneUp Software
[2013/03/05 10:52:08 | 000,000,000 | ---D | M] -- C:\Users\Alfredo Cósar\AppData\Roaming\Ulead Systems

========== Purity Check ==========



< End of report >


Attached Thumbnails

  • mysterious fodlers.png

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Looks like a Microsoft update to me. We usually see them in c:\ but since you have told it to use the D:\ for data I think that's what it is doing. These should be removed once the update is installed. If not you can take ownership of the folder:

http://technet.micro...y/cc753659.aspx

Then give yourself full control. You might want to submit some of the .exe files to virustotal.com to verify that they are benign.

Ron
  • 0

#3
EagerToLearn

EagerToLearn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts


Now there are more folders.

And I never chose for update folders to be stored in D:\; I have been using C:\ for system files and D:\ for files for years and I've never had these folders in D:\. I don't want them there. I want to delete them and I want them to never appear there again.

I tired the method on the page you linked me to, but it doesn't work. I still can't delete those folders. Here I'm attaching a snapshot of the screen while following the steps. Please check it. Am I doing something wrong?

Also, how do I configure the updates so that they will be stored in C:\ and not in D:\?

Attached Thumbnails

  • scumbag folders.png
  • scumbag folders2.png

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Supposedly Windows Updates will "... always extract to the root of a drive, the one with the most free space." The files are supposed to be deleted after the update is done so it normally won't matter but in your case they seem to want to stick around. (Are the updates installing correctly?)

You should be able to take ownership of the files and delete them. In your attachments the folder is owned by Administrators. Even tho you are an administrator in Win 7 you aren't really an administrator unless you right click on the program and Run As Admin. Try taking ownership for your login.


You might want to turn on Windows Installer logging to see if there is any useful info there. http://support.micro....com/kb/2545723

Also there is a program Windows Repair (All In One)

http://www.tweaking....all_in_one.html

which can often fix problems with Windows Updates.


We can probably delete the files with OTL if you are sure that the files are installing properly.
First we need a list of the files:


Copy the text in the code box:

D:\*.*

Run OTL (Vista or Win 7 => right click and Run As Administrator)


Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP