Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TrojanDownloader:Win32/Brantall.D [Solved]

Started by pomognetemi , Nov 16 2013 08:34 PM

  • This topic is locked This topic is locked

#1
pomognetemi
Posted 16 November 2013 - 08:34 PM

pomognetemi

    Member

  • Member
  • PipPip
  • 59 posts
Hello,

I was redirected here from Operating Systems forum.
The technician leading the recovery of my computer system there went through a long process with me trying to solve the issues.
Meanwhile I happened to download a Trojan Downloader:Win32/Brantall.D and was asked to come to this forum and check for any malware issues.
(The link to the topic in Operating Sysytems forum http://www.geekstogo...-7-cannot-load/ and my system specification: http://speccy.pirifo...7IzxmpmZ58VecQ1)

How I downloaded the Trojan Downloader:

I was asked to download Speedfan from this website:
http://www.filehippo...nload_speedfan/
When I opened it, it was not very clear which download button to use. There was a "Download", and another "Sign up Free trial" button right next to it. I took this to mean that there is a free and a paid version of Speedfan and I clicked on "Free trial ". This took me to a place to open a free account (asking also for credit card details) for downloading games, movies etc. So, I decided to try another website.
[This happens sometimes when I browse the internet - I get to websites so integrated with ads, that it is practically impossible to tell what action will download something useful and how to avoid unwanted consequences. Do I have any security issues with my browser?]
I chose another website and started downloading "Speedfan". There was something wrong in the downloading process - it took a very long time and didn't finish - so I checked the Event Viewer and found this warning:

Microsoft Antimalware has detected malware or other potentially unwanted software.
Name: TrojanDownloader:Win32/Brantall.D
ID: 2147684061
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\BUBETO\AppData\Local\Temp\udDownload.tmp
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: SETH-PC\BUBETO
Process Name: D:\SoftonicDownloader_for_speedfan.exe
Signature Version: AV: 1.161.1829.0, AS: 1.161.1829.0, NIS: 109.17.0.0
Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0

I restored the system to a previous point (before downloading Speedfan). Then I ran Microsoft Security Essentials.

The problem with the computer right now is that sometimes it starts OK and sometimes it doesn't go past Windows logo - I get a black screen. In such cases I press the re-start button, confirm the "Start normally" mode and Windows loads, or turn the computer off, then on again from the power button and it starts. This was my initial complaint when I started the topic in the Operating Systems Forum.
The same happens (again from time to time) when I have to re-start the computer from inside Windows - I can't get past Windows logo and get a black screen.

I had also problems with the Microsoft wireless keyboard and mouse - I removed them both and now use wired ones.
On and off the Microsoft webcam creates problems (such that the system can't start; I am told to remove the webcam and when I do the computer starts), or I get the same printer error in the events viewer(HP printer).

I have some repeating errors in the Event Viewer (some of these logs are copied in posts #76, 77 and 79 on page 6 of the previous thread http://www.geekstogo...-7-cannot-load/ ).

There were some previous issues with RegSERVO (DealPly ?), but that was before I re-installed Windows.

I attach the OTL test results.

Thank you in advance for your help.

OTL logfile created on: 17/11/2013 1:31:39 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BUBETO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.12% Memory free
8.00 Gb Paging File | 6.77 Gb Available in Paging File | 84.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 34.19 Gb Free Space | 56.98% Space Free | Partition Type: NTFS
Drive D: | 693.24 Gb Total Space | 684.48 Gb Free Space | 98.74% Space Free | Partition Type: NTFS

Computer Name: SETH-PC | User Name: BUBETO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\BUBETO\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe (Paramount Software UK Ltd)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.nz/?oc...=UP76&dt=110613
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msn.co.nz/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-NZ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 92 F6 2A 00 D9 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7WQIB_enNZ561
IE - HKCU\..\SearchScopes\{72CA6EA9-07F8-491A-9E13-DF5F4F715FB4}: "URL" = http://www.google.co...1I7WQIB_enNZ561
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/11/08 17:20:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/11/08 17:20:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/11 10:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56318B64-22E0-43CE-9CA3-24FD98990823}: DhcpNameServer = 192.168.1.254 192.168.0.2
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/17 13:29:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BUBETO\Desktop\OTL.exe
[2013/11/16 16:04:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/11/16 16:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2013/11/16 16:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2013/11/16 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/11/16 15:54:18 | 000,531,658 | ---- | C] (Igor Pavlov) -- C:\Users\BUBETO\Desktop\mb_bios_ga-g31m-es2l_2.x_ff.exe
[2013/11/15 22:13:47 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Desktop\OTL results
[2013/11/15 21:05:49 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013/11/15 15:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2013/11/15 15:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2013/11/15 15:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2013/11/15 14:54:35 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Skype
[2013/11/15 14:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/11/15 14:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/15 14:54:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/11/15 14:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/11/15 14:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/15 14:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/11/15 14:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/15 14:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/15 14:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/12 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/11/12 15:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/11/11 20:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2013/11/11 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/11/10 11:18:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/10 00:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/11/08 17:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2013/11/08 17:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013/11/08 17:27:28 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\HP
[2013/11/08 17:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2013/11/08 17:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2013/11/08 17:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/11/08 17:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/11/08 17:20:42 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\HpUpdate
[2013/11/08 17:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2013/11/08 17:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013/11/08 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/11/08 17:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/11/08 17:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/11/08 17:17:05 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/11/08 17:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/11/08 10:12:36 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\ElevatedDiagnostics
[2013/11/08 09:58:40 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Programs
[2013/11/07 09:30:47 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Documents\Reflect
[2013/11/07 09:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
[2013/11/07 08:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/11/07 08:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2013/11/07 07:45:15 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Innovative Solutions
[2013/11/07 07:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2013/11/07 07:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2013/11/06 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/06 21:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/06 11:54:45 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Google
[2013/11/06 11:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/11/06 11:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/11/06 11:53:32 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Google
[2013/11/06 11:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/11/06 11:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/06 11:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/11/06 11:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/11/06 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Adobe
[2013/11/05 15:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/11/05 15:37:32 | 000,000,000 | ---D | C] -- C:\Programs Files
[2013/11/05 14:44:55 | 000,000,000 | ---D | C] -- C:\PROGRAMS
[2013/11/05 14:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2013/11/05 14:17:53 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Downloads
[2013/11/05 13:37:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/11/05 13:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/11/05 06:19:17 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/11/05 06:19:02 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/11/04 20:58:24 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Microsoft Games
[2013/11/04 15:44:18 | 000,000,000 | ---D | C] -- C:\boot
[2013/11/04 15:35:41 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/11/04 14:45:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/11/04 14:45:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/11/04 13:51:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/11/04 13:38:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/11/04 08:58:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/11/04 08:42:28 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/11/04 07:14:28 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Diagnostics
[2013/11/03 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Macromedia
[2013/11/03 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Adobe
[2013/11/03 13:05:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/11/03 13:05:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/11/03 12:12:40 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/03 12:12:40 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Searches
[2013/11/03 12:12:40 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/03 12:12:40 | 000,000,000 | -H-D | C] -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/03 12:12:32 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Identities
[2013/11/03 12:12:31 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Contacts
[2013/11/03 12:12:29 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\VirtualStore
[2013/11/03 12:12:25 | 000,000,000 | --SD | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Videos
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Saved Games
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Pictures
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Music
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Links
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Documents
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Desktop
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\AppData\Local\Temporary Internet Files
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Templates
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Start Menu
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\SendTo
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Recent
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\PrintHood
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\NetHood
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Documents\My Videos
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Documents\My Pictures
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Documents\My Music
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\My Documents
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Local Settings
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\AppData\Local\History
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Cookies
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Application Data
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\AppData\Local\Application Data
[2013/11/03 12:12:25 | 000,000,000 | -H-D | C] -- C:\Users\BUBETO\AppData
[2013/11/03 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Temp
[2013/11/03 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Microsoft
[2013/11/03 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Media Center Programs
[2013/11/03 12:12:14 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/03 12:02:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/11/03 11:59:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/11/03 11:00:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/17 13:30:37 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 13:30:37 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 13:29:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BUBETO\Desktop\OTL.exe
[2013/11/17 13:27:30 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/17 13:27:30 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/17 13:27:30 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/17 13:23:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/17 13:22:58 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/17 13:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/17 11:03:16 | 000,363,609 | ---- | M] () -- C:\Users\BUBETO\Desktop\ANZ Dispute Form.pdf
[2013/11/16 16:15:29 | 000,151,012 | ---- | M] () -- C:\Users\BUBETO\Desktop\bios.ini
[2013/11/16 15:54:19 | 000,531,658 | ---- | M] (Igor Pavlov) -- C:\Users\BUBETO\Desktop\mb_bios_ga-g31m-es2l_2.x_ff.exe
[2013/11/16 09:31:45 | 000,009,175 | ---- | M] () -- C:\Users\BUBETO\Desktop\Errors.rtf
[2013/11/15 22:15:58 | 000,000,223 | ---- | M] () -- C:\Users\BUBETO\Desktop\Osho Zen Tarot.url
[2013/11/15 22:01:57 | 000,000,396 | ---- | M] () -- C:\Users\BUBETO\Desktop\speccy 30 oktomvri 2013.rtf
[2013/11/15 21:59:08 | 000,204,449 | ---- | M] () -- C:\Users\BUBETO\Desktop\speccy 1.rtf
[2013/11/15 15:03:38 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2013/11/15 14:54:28 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/15 10:16:50 | 000,010,374 | ---- | M] () -- C:\Users\BUBETO\Desktop\is the disk bad.rtf
[2013/11/12 18:04:49 | 000,000,184 | ---- | M] () -- C:\Users\BUBETO\Desktop\YouTube.url
[2013/11/12 15:06:49 | 000,001,021 | ---- | M] () -- C:\Users\BUBETO\Desktop\SpeedFan.lnk
[2013/11/12 15:06:47 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/11/11 20:37:46 | 000,000,862 | ---- | M] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/11 20:37:46 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/09 13:56:40 | 000,000,917 | ---- | M] () -- C:\Users\BUBETO\Desktop\Favorites - Shortcut.lnk
[2013/11/09 03:28:17 | 000,006,997 | ---- | M] () -- C:\Users\BUBETO\Desktop\Locate dump files.rtf
[2013/11/09 02:22:05 | 000,275,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/08 21:49:53 | 000,011,891 | ---- | M] () -- C:\Users\BUBETO\Desktop\Driver Verifier.rtf
[2013/11/08 17:27:17 | 000,170,043 | ---- | M] () -- C:\Windows\hpoins44.dat
[2013/11/08 17:19:12 | 000,002,109 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/11/08 09:58:44 | 000,000,000 | ---- | M] () -- C:\END
[2013/11/07 09:17:53 | 000,002,483 | ---- | M] () -- C:\Users\Public\Desktop\Reflect.lnk
[2013/11/07 07:45:15 | 000,001,248 | ---- | M] () -- C:\Users\BUBETO\Desktop\DriverMax.lnk
[2013/11/07 06:50:58 | 000,000,468 | ---- | M] () -- C:\Users\BUBETO\Desktop\New Volume (D) - Shortcut.lnk
[2013/11/06 21:29:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/06 17:02:51 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 17:02:51 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/04 14:49:25 | 000,001,451 | ---- | M] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/03 12:31:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/11/03 12:03:04 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/11/03 12:03:04 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/11/03 12:01:19 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/11/03 12:01:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2013/11/03 12:00:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/17 11:03:16 | 000,363,609 | ---- | C] () -- C:\Users\BUBETO\Desktop\ANZ Dispute Form.pdf
[2013/11/16 16:14:06 | 000,151,012 | ---- | C] () -- C:\Users\BUBETO\Desktop\bios.ini
[2013/11/15 22:15:58 | 000,000,223 | ---- | C] () -- C:\Users\BUBETO\Desktop\Osho Zen Tarot.url
[2013/11/15 22:01:57 | 000,000,396 | ---- | C] () -- C:\Users\BUBETO\Desktop\speccy 30 oktomvri 2013.rtf
[2013/11/15 21:59:08 | 000,204,449 | ---- | C] () -- C:\Users\BUBETO\Desktop\speccy 1.rtf
[2013/11/15 15:03:38 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2013/11/15 14:54:28 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/13 22:57:49 | 000,010,374 | ---- | C] () -- C:\Users\BUBETO\Desktop\is the disk bad.rtf
[2013/11/13 21:52:57 | 000,009,175 | ---- | C] () -- C:\Users\BUBETO\Desktop\Errors.rtf
[2013/11/12 18:04:49 | 000,000,184 | ---- | C] () -- C:\Users\BUBETO\Desktop\YouTube.url
[2013/11/12 15:06:49 | 000,001,021 | ---- | C] () -- C:\Users\BUBETO\Desktop\SpeedFan.lnk
[2013/11/12 15:06:47 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/11/11 20:37:02 | 000,000,862 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/11 20:37:02 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/09 13:56:40 | 000,000,917 | ---- | C] () -- C:\Users\BUBETO\Desktop\Favorites - Shortcut.lnk
[2013/11/09 02:31:12 | 000,006,997 | ---- | C] () -- C:\Users\BUBETO\Desktop\Locate dump files.rtf
[2013/11/08 17:19:12 | 000,002,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/11/08 17:15:29 | 000,170,043 | ---- | C] () -- C:\Windows\hpoins44.dat
[2013/11/08 17:15:29 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2013/11/08 11:18:57 | 000,011,891 | ---- | C] () -- C:\Users\BUBETO\Desktop\Driver Verifier.rtf
[2013/11/08 09:58:44 | 000,000,000 | ---- | C] () -- C:\END
[2013/11/07 09:17:53 | 000,002,483 | ---- | C] () -- C:\Users\Public\Desktop\Reflect.lnk
[2013/11/07 07:45:15 | 000,001,248 | ---- | C] () -- C:\Users\BUBETO\Desktop\DriverMax.lnk
[2013/11/07 06:50:58 | 000,000,468 | ---- | C] () -- C:\Users\BUBETO\Desktop\New Volume (D) - Shortcut.lnk
[2013/11/06 21:29:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/06 21:29:24 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/06 17:02:51 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 17:02:51 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/06 11:53:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/06 06:05:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/11/05 06:20:03 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/11/05 06:18:49 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/11/05 06:18:42 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/11/05 06:18:42 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/11/05 06:18:36 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/11/03 13:05:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/03 12:31:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/11/03 12:29:20 | 000,001,451 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/03 12:12:41 | 000,001,427 | ---- | C] () -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/03 12:12:25 | 000,000,290 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/03 12:12:25 | 000,000,272 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/03 12:02:45 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/11/03 12:02:41 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/11/03 12:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/11/03 12:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013/11/03 12:00:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/11/03 11:59:15 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 15:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 14:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 01:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 17/11/2013 1:31:39 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BUBETO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.12% Memory free
8.00 Gb Paging File | 6.77 Gb Available in Paging File | 84.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 34.19 Gb Free Space | 56.98% Space Free | Partition Type: NTFS
Drive D: | 693.24 Gb Total Space | 684.48 Gb Free Space | 98.74% Space Free | Partition Type: NTFS

Computer Name: SETH-PC | User Name: BUBETO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D413B3-BDB4-4C81-9522-C927BD21A587}" = rport=139 | protocol=6 | dir=out | app=system |
"{260380A8-01F6-48F1-B8D0-475A8B93A5AB}" = rport=445 | protocol=6 | dir=out | app=system |
"{28627671-0015-471B-84B0-5DFB437BA6EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{34AE49B5-D5D4-4C38-AAD2-8A840D5BEBB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38A7D6D6-D19E-4BC4-91DB-B083D1F47094}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3ACEBCF5-D0CF-4668-8C1F-77CE9720D6B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44E69E86-1336-4A63-8F90-7134BBE1A08F}" = lport=139 | protocol=6 | dir=in | app=system |
"{4782C5A9-D150-4C34-979C-9DAFC29ABFE5}" = rport=138 | protocol=17 | dir=out | app=system |
"{5F5D6589-E34B-4DCB-843D-0FCCD9E389E7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{652E8CF5-106F-4140-8B87-9D17BBFBD617}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6D049894-379A-4E97-93E7-791297751735}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{736454A5-705F-4A1B-B935-E6E046B834BD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{776F06FF-6401-41B4-84CA-D9CB3A363AB2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87106511-9B0E-4254-9096-60AE02FD3154}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{879E2D99-2D11-44D1-BB2A-B2F57BC82478}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0E6B1A4-ED59-400A-B3A7-01C3FB304A05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A812673D-3E60-47AC-933B-9B2E1C0B9DBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA952736-6517-48E6-AC74-465640D6A2A1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF153927-5B2C-4D2D-9849-A8A14683B70E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C53C6ABF-87FC-4F26-AA74-61979EFFFC51}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3C46849-34C4-4411-97AB-0C8F6421DC77}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7973C7D-45F3-4843-A2EA-FE55BA90255E}" = lport=138 | protocol=17 | dir=in | app=system |
"{E994785A-6C09-4722-B777-570483FF7801}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0409EAEA-A8F7-4962-B756-87697874D377}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{19DFC0A5-0DC1-421C-807A-DB9558B3F8C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B1229B7-C836-47E4-972F-F4A609A4D4FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{21CC0E1B-80DD-470D-9747-CC86BABBFB34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{2707C01E-05E8-46CD-9EB2-4EBAE3ED061E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27832F6E-E5FD-4D1C-B0DA-7643D7E6C236}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35DC9EEB-888E-44CC-9789-1CFAB50E2F42}" = protocol=1 | dir=in | [email protected],-28543 |
"{3CA82702-1651-4813-903B-FE51775F4A21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40F189CB-743D-4253-9B5F-529A5DD944AB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{48CA4597-E172-4B45-8373-1FD7ACBD8A10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49D990E9-3CC1-4F96-971F-D50D2EC79F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{6049C32B-4160-4DC6-887D-E0B179C47934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61067336-B346-41F2-9A14-3731909E49CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{63222EC7-4140-47D0-9B8C-A914D183D477}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73466A6B-ECD7-4C58-911D-F63A1DA37200}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{77177E40-B752-4F8D-99CD-D8B10F267093}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{7FF127A2-1A82-4D0A-BE56-01536D53132A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{8E9D59DA-5595-445A-8072-D242EA84D2E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FDC0DBC-955C-486C-905D-B821D837C9F1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{92E2F2CF-CB1F-4F86-A1CB-B8491C596371}" = protocol=1 | dir=out | [email protected],-28544 |
"{94060EAF-BF7C-48D1-9FA7-ACE82B7F5C9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{97F6ABC6-640C-43C2-AF73-A60DF547B6B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D091261-68C5-4D06-B1A3-9EDED7511CDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9F53BBEA-E7F6-4285-A85D-B4A68B0B4168}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{A8594B4B-DDD0-4E3C-9BBC-EADE8B3874F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AE7D81B0-6C23-46BC-8E81-7D07A3265EBB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{AF9F92E3-A33B-418B-A1A7-C0DA5C5446C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{AFA6D280-1F1A-42F9-964D-4DE50E9578D9}" = protocol=6 | dir=out | app=system |
"{B0D4C376-512B-4399-AA41-5D2C768C4EDD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B607FF47-DA28-43DD-AAC0-9F83C90FBD48}" = protocol=58 | dir=in | [email protected],-28545 |
"{B80D2A15-3B9B-42AF-80D2-593EFF18067F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{C18AB339-CB19-4BEE-A0F7-14A22919D174}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5FC162F-5172-4A8A-B417-B4DFC38AC4A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D5613CD7-AA75-46FC-99DD-479785764172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{E0081860-A49E-4BA3-91AA-F2057E06AB81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5DEDA3F-49D8-44FC-845F-F6BFC4DD09CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2087D3A-0CAE-4A24-8A96-E87A50A61FE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2C95838-50F8-4922-B71E-8F769444B11B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{F8449A3F-B4B8-4ACB-A978-156DC8F0C9C7}" = protocol=58 | dir=out | [email protected],-28546 |
"{F8F33933-5DF0-437F-BAC0-FF381BF4473C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{FA616A04-D3BD-4BC7-B459-57EBDBA16172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FF3EBB5F-74ED-4BE1-8013-1C551169011D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{117ABEC4-CB0D-4D93-9AF4-4E50C5A6BF0B}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{BBF651DC-6367-4FA0-92EB-188D33BE8B90}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{BF6ADC4F-0757-44B4-A2A0-4D389B06E68B}" = Macrium Reflect Free Edition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"MacriumReflect" = Macrium Reflect Free Edition
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DMX5_is1" = DriverMax 7
"HP Photo Creations" = HP Photo Creations
"SpeedFan" = SpeedFan (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2013 1:25:33 a.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\SoftonicDownloader_for_speedfan.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/11/2013 1:25:35 a.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\SoftonicDownloader_for_speedfan.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/11/2013 1:25:40 a.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\SoftonicDownloader_for_speedfan.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/11/2013 1:25:43 a.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\SoftonicDownloader_for_speedfan.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/11/2013 8:31:36 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/11/2013 8:20:07 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 13/11/2013 12:09:15 a.m. | Computer Name = SETH-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16736 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ee4 Start
Time: 01cee025f33d1fdd Termination Time: 18 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 57a81ef7-4c19-11e3-8e87-6cf049434400

Error - 13/11/2013 5:37:25 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 14/11/2013 5:39:39 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/11/2013 4:03:24 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 16/11/2013 5:42:18 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 16/11/2013 5:42:18 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 16/11/2013 8:02:51 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 16/11/2013 8:02:51 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 2 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 16/11/2013 8:02:51 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 16/11/2013 8:02:51 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 16/11/2013 8:22:57 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 16/11/2013 8:22:57 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 16/11/2013 8:22:57 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 16/11/2013 8:22:57 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 2 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.


< End of report >

Attached Files


Edited by Essexboy, 17 November 2013 - 10:03 AM.

  • 0

Advertisements

#2
Valinorum
Posted 17 November 2013 - 08:09 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi pomognetemi, :)

:welcome:

My name is Valinorum and I will be your helper today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

  • Step #1 Scan with RogueKillerDownload link for 64 bit system
  • Let the pre-scan finish. After that click on Scan;
  • The scan won't take long;
  • A log has been created on your Desktop;
  • Copy and paste the content of the log in your next reply.

 

  • Required Log(s):
  • RogueKiller Scan log.

Regards,
Valinorum
  • 0

#3
pomognetemi
Posted 17 November 2013 - 01:59 PM

pomognetemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi Valinorum.

Thank you for your assistance.

Could you, please, let me know what is your advise for the back up - where and how exactly do you recommend that to be done.


This is RogueKiller's scan result.

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : BUBETO [Admin rights]
Mode : Scan -- Date : 11/18/2013 08:44:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD8088AADS-00L5B1 ATA Device +++++
--- User ---
[MBR] f77b2284320c362c12a24d74812bad5b
[BSP] b45e1976cc7c788ab07d67dd3e22f162 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 709873 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1454026752 | Size: 61439 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11182013_084429.txt >>

__________________________________________________________________________________

When I tried to close(exit) RogueKiller, I got the message:
"No items have been deleted. Do you really want to quit?"
I quit without deleting anything, since I didn't get further instructions about this. Is that OK?

Added a day later:

The computer began running some kind of check for disk consistency on startup. It happens as follows:
I turn it on; when it reaches Windows logo it stops, the light next to the re-start button turns off and I get a black screen.
I press re-start, the system goes through error recovery - I choose "start normally"mode and the computer starts running
this check for disk consistency and then Windows loads.


Regards, p.

Edited by pomognetemi, 18 November 2013 - 02:19 PM.

  • 0

#4
Valinorum
Posted 21 November 2013 - 11:01 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi pomognetemi, :)

  • Step #2 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found

    :Commands
    [CreateRestorePoint]
    [Emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

  • Step #3 Fix with RogueKiller
    Download link for 64 bit system
  • Let the pre-scan finish. After that click on Scan and wait for the scan to finish;
  • Click on Delete;
  • Now again click on Scan and wait for the scan to finish;
  • Click on Report and a log file will open;
  • Copy and paste the whole content of that report in your next reply.

 

  • Required Log(s):
  • OTL fix log;
  • RogueKiller Fix log;

Regards,
Valinorum
  • 0

#5
pomognetemi
Posted 21 November 2013 - 03:42 PM

pomognetemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi Valinorum,

Here are the results:

OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: BUBETO
->Temp folder emptied: 822632324 bytes
->Temporary Internet Files folder emptied: 656912392 bytes
->Java cache emptied: 264081 bytes
->Flash cache emptied: 2789 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22720716 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43259104 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,474.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11222013_094927

Files\Folders moved on Reboot...
C:\Users\BUBETO\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


RogueKiller

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : BUBETO [Admin rights]
Mode : Scan -- Date : 11/22/2013 10:20:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD8088AADS-00L5B1 ATA Device +++++
--- User ---
[MBR] f77b2284320c362c12a24d74812bad5b
[BSP] b45e1976cc7c788ab07d67dd3e22f162 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 709873 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1454026752 | Size: 61439 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11222013_102059.txt >>


Thank you for your help.
Could, you please give your comments about what you found?
I have some general questions as well and especially about using Java and Adobe Flash Player.

Regards,

P.

Edited by pomognetemi, 21 November 2013 - 03:50 PM.

  • 0

#6
Valinorum
Posted 23 November 2013 - 10:51 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Could, you please give your comments about what you found?
I have some general questions as well and especially about using Java and Adobe Flash Player.

I haven't found anything suspicious yet. Please, go ahead with your query.

Let's resolve your chkdsk issue.


Click Start, Run and in the box enter:

cmd

Click OK to open the command prompt window.

To query the dirty bit on drive C, type:

fsutil dirty query C:

Sample output:
Volume C: is dirty
Volume C: is not dirty

Type 'exit' to close the command prompt window.

Is your drive dirty or is it not dirty? If you have more than one volume, check them all.

A volume is usually marked dirty from a power interruption or something like using the power button to restart the system. Has any of that sort of thing occurred prior to this issue?

The command chkntfs /d will clear a pending chkdsk you schedule yourself, but it will not clear the dirty bit.
  • 0

#7
pomognetemi
Posted 25 November 2013 - 03:11 AM

pomognetemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hello Valinorum,

Thank you for your reply.

The Check disk stopped running 3 days ago.
Tonight I ran the query for both C: and D: and the results are that the disks are not dirty. Actually I have only one physical disk 0: with 3 partitions: the system reserved (100 MB), C: (60 GB) and D: 693 GB. I just wanted to ask - do I have to check the system reserved partition as well? It is neither C:, nor D:, so if I have to check it what letter do I have to use?

Meanwhile today I updated the BIOS with the last version from Gigabyte (which is still 3 years old). After the update the computer started OK. Then I changed some BIOS settings and re-started 2 more times, and again everything was OK.
Then I decided to check how the Power Settings work - and left the computer go to sleep. When I tried to wake it up - everything else started working, apart from the display - it remained black. I turned the computer off, then on again - and the old story was repeated: when the startup process reached Windows logo - it couldn't proceed. I finally turned it off and left it.
Tonight it started ok.

I tend to think that Windows Power Settings (which I adjusted according to this link I was given in the other forum: http://www.sevenforu...ngs-change.html) are somehow not in agreement with the BIOS Power Management Setup settings. Does this make sense?
Something happens when the computer tries to wake up. While searching about this problem recently (the error message 12: " The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system") I found some Microsoft's information titled: Firmware Corruption of Memory During Sleep Transitions (I attach it as a docx file). Do you think this could apply to my computer's problems now? This is one of the reasons why I contacted gigabyte support team and they suggested updating the bios.

As far as the things I wanted to ask you about:
Java - I had constant problems with it for several years.
Adobe Flash player also - I read somewhere here on this forum(do not remember the topic) that a member of the staff working on somebody' s issues asked specifically if when installing Adobe Flash Player, McAfee was installed as well. This is exactly what happened when I last installed it, but after I read the topic I uninstalled McAfee. That was before you started to work with me.
I wonder if I uninstall Adobe Flash Player I will be able to watch YouTube videos - I believe this was the initial reason why I downloaded it in the first place.

Anyway, this is the situation for now. Thank you once more for all your help.

Regards, p.

Edited by pomognetemi, 25 November 2013 - 12:25 PM.

  • 0

#8
Valinorum
Posted 25 November 2013 - 12:34 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi pomognetemi, :)

I just wanted to ask - do I have to check the system reserved partition as well?

Checking the C:\ and D:\ drives will suffice.

Do you think this could apply to my computer's problems now?

Can you restore defaults to the power option? If it does not work, update your BIOS again and this time do not change the power settings.

Java - I had constant problems with it for several years.

Java is currently the number one targeted program by the malware programs. We recommend uninstalling Java completely unless you have a greater need of that program.

I wonder if I uninstall Adobe Flash Player I will be able to watch YouTube videos - I believe this was the initial reason why I downloaded it in the first place.

Any website which uses flash to broadcast media requires a flash player. Next, time you download/update Adobe Flash Player uncheck the McAfee checkbox to exclude downloading the program.

Regards,
Valinorum
  • 0

#9
pomognetemi
Posted 26 November 2013 - 05:10 PM

pomognetemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi Valinorum,

Sorry for my delayed replies. The reason is that my computer's behaviour changes all the time and is so highly unpredictable, that to avoid confusing you I have to wait a while, before some more stable pattern of behaviour manifests and I can report it to you. Besides English, being not my first language slows it all waaaay down. :rolleyes:

I probably need to explain a bit better:
After the new BIOS installation I checked all BIOS settings against the old BIOS' ones and changed only two:
-----HPET Mode - from 32-bit (by default) - to 64-bit - because my OS is 64-bit
-----Power on by Mouse - from Disabled (by default) - to Double Click - otherwise there was nothing set to wake up the computer

Immediately after installing the new BIOS, as well as after I restarted it because of the changed settings, the computer started without any problems. Only after I left it to go to sleep and tried to wake it up - the old problems started again.

When I left the computer go to sleep (as per the time settings) and then tried to wake it up by double clicking the mouse (as I set it in the BIOS), according to the noise I heard and the lights on the front panel I can tell that everything else woke up - only the display's screen remained black. No matter what I tried to do - it remained unresponsive.
I turned the computer off. Then when I tried to turned it on again - I got the old problem - the startup stopped after Windows logo. And again I had to press re-start and go through "errors recovery" before Windows loads. Sometimes I have to do this cycle 2-3 times.

I read a Microsoft paper titled "Firmware Corruption of Memory During Sleep Transitions", which as far as I can tell could be related to my problem. Here is the link to this article: http://msdn.microsof...e/gg463112.aspx
Probably my new BIOS was supposed to take care of such problems, but it didn't. (the BIOS I installed is the last Gigabyte's update for my motherboard - it is dated 2010 - this means already 3 years old...)
I sent a second enquiry about this to Gigabyte's technical support team and I am waiting for their replay.

Of course, I don't know if some kind of BIOS virus is involved? How can we check?

Anyway.
What I did yesterday is, that I opened the computer and cleaned the dust.
Then I set the display to "never go to sleep" (I can always turn the monitor off from its power button). This way I hope to eliminate the consequences of the display's failure to wake up (hoping they are only temporary).
Also I disabled all startup programs apart from "Microsoft Security Client".

Now, since I did this three things, for the time being , the computer starts OK. It might be because of them or not at all. :blink:

There are other things that worry me.
First of all, checking the Program files I saw something I have never downloaded: "Coupon Printer for Windows". I uninstalled it, but how did it get there?
Secondly - I got an invitation in my gmail account to be friends with someone I have never heard of. I deleted it without opening it and changed my account's password.
So, probably the computer is not clean yet, or got infected later on? Shall we check again?

Since I started this saga of trying to solve my computer problems more than a month ago I was intensively searching the Internet for additional help information on a daily basis. Very often I encountered and still do websites with very questionable reputation. So much so, that at one stage I decided that I needed to create a new restore point every time, before I tried to downloaded anything, in case I regret it later on.

I now use IE version 11 with msn.nz home page. It has bing as well, which I haven't put there.
Do you have specific suggestions about which internet browser would be best to use and what its setting should be to avoid undesirable results?

Thanking you again for your time and willingness to help.

Edited by pomognetemi, 26 November 2013 - 08:36 PM.

  • 0

#10
Valinorum
Posted 27 November 2013 - 09:01 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Proposed Fix

When I left the computer go to sleep (as per the time settings) and then tried to wake it up by double clicking the mouse (as I set it in the BIOS),

Can you try this?

What I did yesterday is, that I opened the computer and cleaned the dust.

:thumbsup:

First of all, checking the Program files I saw something I have never downloaded: "Coupon Printer for Windows". I uninstalled it, but how did it get there?

Softwares like this sometimes come with bundled with other softwares.

Secondly - I got an invitation in my gmail account to be friends with someone I have never heard of. I deleted it without opening it and changed my account's password.
So, probably the computer is not clean yet, or got infected later on? Shall we check again?

Good. Never open any mail from unknown/suspicious senders. I doubt that. But if you are concern, provide me a fresh OTL log.

I now use IE version 11 with msn.nz home page. It has bing as well, which I haven't put there.

Bing is the default search engine for Internet Explorer.

Do you have specific suggestions about which internet browser would be best to use and what its setting should be to avoid undesirable results?

Internet Explorer is popular, and with popularity comes exploitation and vulnerability. Fortunately, you have a choice in what web browser to use. Although its popularity has swelled considerably over the past couple of years.
Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it and it has some good security built in.

Google Chrome may be downloaded from Here. Google spent considerable amount of time with the security issue.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

Download NoSript by Giorgio Maone.

Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

 

Let's check if you have any malware issue in your PC.
  • Step #4 Run ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here then click on: Posted Image

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on:Posted Image
    • When prompted allow the Add-On/Active X to install.
    • Uncheck the box beside Remove Found Threats
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.


When The Scan is Complete:

  • If No Threats Were Found:

    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

  • Required Log(s):
  • ESET result.

Regards,
Valinorum
  • 0

Advertisements

#11
pomognetemi
Posted 27 November 2013 - 04:31 PM

pomognetemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hello Valinorum,

Thank you for your detailed reply.

By the way I wanted to ask you something else. Three days ago I posted a question to the technicians
on the Operating Systems - Windows 7 and Vista forum and somebody put this on the bottom of my post
without any further explanation: What does it mean?

EDIT: Malware thread here: http://www.geekstogo................

This is post #94 on page 7 of my thread " Windows 7 cannot load "
This is the link to page 7 of the topic : http://www.geekstogo...ad/page__st__90
Could, you please take a look?




1. ESET Online Scanner found no treats

2. Here is the new OTL scan result:

OTL logfile created on: 28/11/2013 12:11:20 p.m. - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BUBETO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 78.99% Memory free
8.00 Gb Paging File | 6.92 Gb Available in Paging File | 86.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 36.12 Gb Free Space | 60.20% Space Free | Partition Type: NTFS
Drive D: | 693.24 Gb Total Space | 684.48 Gb Free Space | 98.74% Space Free | Partition Type: NTFS

Computer Name: SETH-PC | User Name: BUBETO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\BUBETO\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe File not found
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe (Paramount Software UK Ltd)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.nz/?oc...=UP76&dt=110613
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msn.co.nz/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-NZ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 92 F6 2A 00 D9 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7WQIB_enNZ561
IE - HKCU\..\SearchScopes\{72CA6EA9-07F8-491A-9E13-DF5F4F715FB4}: "URL" = http://www.google.co...1I7WQIB_enNZ561
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/11 10:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56318B64-22E0-43CE-9CA3-24FD98990823}: DhcpNameServer = 192.168.1.254 192.168.0.2
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/26 13:29:39 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Desktop\GIGABYTE
[2013/11/24 13:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/11/24 13:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/11/22 10:30:03 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Desktop\Reports
[2013/11/22 09:49:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/18 08:41:47 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Desktop\RK_Quarantine
[2013/11/17 18:29:51 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Desktop\OTL results 17-11-2013
[2013/11/17 18:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/17 13:29:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BUBETO\Desktop\OTL.exe
[2013/11/16 16:04:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/11/16 16:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2013/11/16 16:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2013/11/16 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/11/15 22:13:47 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Desktop\OTL results
[2013/11/15 14:54:35 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Skype
[2013/11/15 14:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/11/15 14:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/15 14:54:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/11/15 14:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/11/15 14:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/15 14:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/11/12 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/11/12 15:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/11/11 20:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2013/11/11 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/11/10 11:18:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/10 00:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/11/08 17:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2013/11/08 17:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013/11/08 17:27:28 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\HP
[2013/11/08 17:20:42 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\HpUpdate
[2013/11/08 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/11/08 17:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/11/08 17:17:05 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/11/08 17:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/11/08 10:12:36 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\ElevatedDiagnostics
[2013/11/08 09:58:40 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Programs
[2013/11/07 09:30:47 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Documents\Reflect
[2013/11/07 09:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
[2013/11/07 08:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/11/07 07:45:15 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Innovative Solutions
[2013/11/06 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/06 21:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/06 11:54:45 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Google
[2013/11/06 11:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/11/06 11:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/11/06 11:53:32 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Google
[2013/11/06 11:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/11/06 11:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/06 11:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/11/06 11:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/11/06 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Adobe
[2013/11/05 15:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/11/05 14:44:55 | 000,000,000 | ---D | C] -- C:\PROGRAMS
[2013/11/05 14:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2013/11/05 14:17:53 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Downloads
[2013/11/05 13:37:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/11/05 13:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/11/05 06:19:17 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/11/05 06:19:02 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/11/04 20:58:24 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Microsoft Games
[2013/11/04 15:44:18 | 000,000,000 | ---D | C] -- C:\boot
[2013/11/04 15:35:41 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/11/04 14:45:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/11/04 14:45:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/11/04 13:51:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/11/04 13:38:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/11/04 08:58:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/11/04 08:42:28 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/11/04 07:14:28 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Diagnostics
[2013/11/03 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Macromedia
[2013/11/03 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Adobe
[2013/11/03 13:05:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/11/03 13:05:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/11/03 12:12:40 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/03 12:12:40 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Searches
[2013/11/03 12:12:40 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/03 12:12:40 | 000,000,000 | -H-D | C] -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/03 12:12:32 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Identities
[2013/11/03 12:12:31 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Contacts
[2013/11/03 12:12:29 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\VirtualStore
[2013/11/03 12:12:25 | 000,000,000 | --SD | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Videos
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Saved Games
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Pictures
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Music
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Links
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Documents
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Desktop
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\AppData\Local\Temporary Internet Files
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Templates
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Start Menu
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\SendTo
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Recent
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\PrintHood
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\NetHood
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Documents\My Videos
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Documents\My Pictures
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Documents\My Music
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\My Documents
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Local Settings
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\AppData\Local\History
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Cookies
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Application Data
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\AppData\Local\Application Data
[2013/11/03 12:12:25 | 000,000,000 | -H-D | C] -- C:\Users\BUBETO\AppData
[2013/11/03 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Temp
[2013/11/03 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Microsoft
[2013/11/03 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Media Center Programs
[2013/11/03 12:12:14 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/03 12:02:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/11/03 11:59:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/11/03 11:00:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/11/28 11:17:45 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/28 11:17:45 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/28 11:14:54 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/28 11:14:54 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/28 11:14:54 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/28 11:10:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/28 11:10:30 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/27 15:14:58 | 000,000,191 | ---- | M] () -- C:\Users\BUBETO\Desktop\Official GIGABYTE UK forum (2).url
[2013/11/26 19:56:41 | 000,000,187 | ---- | M] () -- C:\Users\BUBETO\Desktop\YouTube (2).url
[2013/11/26 15:19:50 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/26 13:07:08 | 000,000,261 | ---- | M] () -- C:\Users\BUBETO\Desktop\Geeks to Go! - Free help from tech experts - Tech experts answer your questionsGeeks to Go! – Free help from tech experts (2).url
[2013/11/24 10:14:26 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/24 10:14:23 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/19 17:59:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/18 08:41:45 | 004,161,024 | ---- | M] () -- C:\Users\BUBETO\Desktop\RogueKillerX64.exe
[2013/11/17 13:29:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BUBETO\Desktop\OTL.exe
[2013/11/15 22:15:58 | 000,000,223 | ---- | M] () -- C:\Users\BUBETO\Desktop\Osho Zen Tarot.url
[2013/11/15 14:54:28 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/12 18:04:49 | 000,000,184 | ---- | M] () -- C:\Users\BUBETO\Desktop\YouTube.url
[2013/11/12 15:06:47 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/11/11 20:37:46 | 000,000,862 | ---- | M] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/09 13:56:40 | 000,000,917 | ---- | M] () -- C:\Users\BUBETO\Desktop\Favorites - Shortcut.lnk
[2013/11/08 09:58:44 | 000,000,000 | ---- | M] () -- C:\END
[2013/11/07 06:50:58 | 000,000,468 | ---- | M] () -- C:\Users\BUBETO\Desktop\New Volume (D) - Shortcut.lnk
[2013/11/04 14:49:25 | 000,001,451 | ---- | M] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/03 12:31:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/11/03 12:03:04 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/11/03 12:03:04 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/11/03 12:01:19 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/11/03 12:00:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2013/11/27 15:14:58 | 000,000,191 | ---- | C] () -- C:\Users\BUBETO\Desktop\Official GIGABYTE UK forum (2).url
[2013/11/26 19:56:41 | 000,000,187 | ---- | C] () -- C:\Users\BUBETO\Desktop\YouTube (2).url
[2013/11/26 13:07:08 | 000,000,261 | ---- | C] () -- C:\Users\BUBETO\Desktop\Geeks to Go! - Free help from tech experts - Tech experts answer your questionsGeeks to Go! – Free help from tech experts (2).url
[2013/11/24 10:14:26 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/24 10:14:23 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/18 08:41:37 | 004,161,024 | ---- | C] () -- C:\Users\BUBETO\Desktop\RogueKillerX64.exe
[2013/11/15 22:15:58 | 000,000,223 | ---- | C] () -- C:\Users\BUBETO\Desktop\Osho Zen Tarot.url
[2013/11/15 14:54:28 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/12 18:04:49 | 000,000,184 | ---- | C] () -- C:\Users\BUBETO\Desktop\YouTube.url
[2013/11/12 15:06:47 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/11/11 20:37:02 | 000,000,862 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/09 13:56:40 | 000,000,917 | ---- | C] () -- C:\Users\BUBETO\Desktop\Favorites - Shortcut.lnk
[2013/11/08 09:58:44 | 000,000,000 | ---- | C] () -- C:\END
[2013/11/07 06:50:58 | 000,000,468 | ---- | C] () -- C:\Users\BUBETO\Desktop\New Volume (D) - Shortcut.lnk
[2013/11/06 21:29:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/06 21:29:24 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/06 11:53:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/06 06:05:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/11/05 06:20:03 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/11/05 06:18:49 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/11/05 06:18:42 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/11/05 06:18:42 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/11/05 06:18:36 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/11/03 12:31:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/11/03 12:29:20 | 000,001,451 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/03 12:12:41 | 000,001,427 | ---- | C] () -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/03 12:12:25 | 000,000,290 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/03 12:12:25 | 000,000,272 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/03 12:02:45 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/11/03 12:02:41 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/11/03 12:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/11/03 12:00:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/11/03 11:59:15 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 15:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 14:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 01:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >

================================================================================================================

Do you want me to do anything else, Valinorum?
Or shall I remove RogueKiller or OTL?

With thanks

Edited by pomognetemi, 27 November 2013 - 08:33 PM.

  • 0

#12
Valinorum
Posted 28 November 2013 - 08:08 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi pomognetemi, :)

This is post #94 on page 7 of my thread " Windows 7 cannot load "
This is the link to page 7 of the topic : http://www.geekstogo...ad/page__st__90
Could, you please take a look?

I think sending a privet message to phillpower2 will be a good option as he has meticulous knowledge on that sector. :)

Do you want me to do anything else, Valinorum?
Or shall I remove RogueKiller or OTL?


I see no infection present in your system. If you are not having any further problem, I declare you ALL CLEAN.

Before we finish, we'll need to wrap up with a bit of celebratory cleanup. We need to remove the remnants of the tools we used and clear out any infected System Restore points.

  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Files
    %systemroot%\sysnative\vssadmin delete shadows /for=c: /all /quiet /c

    :Commands
    [CreateRestorePoint]

  • Click on "Run Fix" and let the program run unhindered;
  • Reboot your PC;
  • Re-run OTL and click Cleanup. It will remove OTL and the quarantined files.

Delete RogueKiller and its quarantined folder as well.

Safe surfing and visit us if you ever need me. :wave:

Regards,
Valinorum
  • 0

#13
pomognetemi
Posted 28 November 2013 - 11:07 PM

pomognetemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi Valinorum,

I have one more problem left, which probably has nothing to do with this forum.
If you want me, I can post it as a new topic - I just don't know in which of the forums.

It has to do with the webcam and its driver.
I uninstalled the webcam and dare not install it again, because before it was preventing the computer's start at times and
now that the computer works properly for the first time in two years, I don't want to risk it again.

What I found out first of all is that I have two LifeCam entries in the system start up list:

1. Life Cam - (Manufacturer) unknown - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe- HKLM SOFTWARE\Wow6432Node\Microsoft\Windows\Current Version\Run
2. Microsoft LifeCam - (Manufacturer) Microsoft Corporation - C:\Windows\vVX3000.exe - HKLM SOFTWARE\Microsoft\Windows\Current Version\Run

The first entry is not valid, because LifeExp.exe - doesn't exist anywhere.
The second is right, but I have LifeCam's driver's files in two places in Windows directory:

In C:\Windows I have 3 files:
C:\Windows\vVX3000.exe
C:\Windows\VX3000.ini
C:\Windows\VX3000.src
Then I have also a separate folder "twain_32" in the Windows' directory:
C:\Windows\twain_32\wiatwain.ds
C:\Windows\twain_32\VX300\SnxDSC.ini
C:\Windows\twain_32\VX300\TwainUI.dll
C:\Windows\twain_32\VX300\VX3000.ds

So, it looks like I have two sets of driver's files for the LifeCam downloaded in the Windows directory. Is that right? I believe a clean way to handle this, should be to delete all
these files, plus both startup entries and then download the driver afresh. I just don't know how to do it.

I went through some search, but it involves the Registry - something I haven't used before. I am just scared that I might delete something I shouldn't. Besides, the files in the
Windows directory, which are not in their own folder (but "loose") - are they the only ones for the webcam driver? Judging by their names, the three I listed above, obviously are,
but if the files are more than three I have no way to tell which are the rest.

What I did so far was to uninstall the webcam's driver from the Control Panel and disable both entries in the startup list.

Any help or a link to a help would be highly appreciated.

By the way, I use Microsoft Security Essentials. Does this mean that Windows Defender should be off?

Regards, Valinorum, and have a nice weekend, malware or not on your client's computers ....

Edited by pomognetemi, 29 November 2013 - 04:41 AM.

  • 0

#14
Valinorum
Posted 29 November 2013 - 08:30 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi pomognetemi, :)

Since you do not use the Webcam you can disable the file listed on Startup and follow this to uninstall the driver.
Navigate to the Device Manager option of the link and find your Webcam under the Imaging Devices.
Regards,
Valinorum
  • 0

#15
pomognetemi
Posted 30 November 2013 - 02:15 AM

pomognetemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Thank you for all your help, Valinorum.
My computer works properly now.

All the best to you.

Regards, p.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP