I was redirected here from Operating Systems forum.
The technician leading the recovery of my computer system there went through a long process with me trying to solve the issues.
Meanwhile I happened to download a Trojan Downloader:Win32/Brantall.D and was asked to come to this forum and check for any malware issues.
(The link to the topic in Operating Sysytems forum http://www.geekstogo...-7-cannot-load/ and my system specification: http://speccy.pirifo...7IzxmpmZ58VecQ1)
How I downloaded the Trojan Downloader:
I was asked to download Speedfan from this website:
http://www.filehippo...nload_speedfan/
When I opened it, it was not very clear which download button to use. There was a "Download", and another "Sign up Free trial" button right next to it. I took this to mean that there is a free and a paid version of Speedfan and I clicked on "Free trial ". This took me to a place to open a free account (asking also for credit card details) for downloading games, movies etc. So, I decided to try another website.
[This happens sometimes when I browse the internet - I get to websites so integrated with ads, that it is practically impossible to tell what action will download something useful and how to avoid unwanted consequences. Do I have any security issues with my browser?]
I chose another website and started downloading "Speedfan". There was something wrong in the downloading process - it took a very long time and didn't finish - so I checked the Event Viewer and found this warning:
Microsoft Antimalware has detected malware or other potentially unwanted software.
Name: TrojanDownloader:Win32/Brantall.D
ID: 2147684061
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\BUBETO\AppData\Local\Temp\udDownload.tmp
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: SETH-PC\BUBETO
Process Name: D:\SoftonicDownloader_for_speedfan.exe
Signature Version: AV: 1.161.1829.0, AS: 1.161.1829.0, NIS: 109.17.0.0
Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
I restored the system to a previous point (before downloading Speedfan). Then I ran Microsoft Security Essentials.
The problem with the computer right now is that sometimes it starts OK and sometimes it doesn't go past Windows logo - I get a black screen. In such cases I press the re-start button, confirm the "Start normally" mode and Windows loads, or turn the computer off, then on again from the power button and it starts. This was my initial complaint when I started the topic in the Operating Systems Forum.
The same happens (again from time to time) when I have to re-start the computer from inside Windows - I can't get past Windows logo and get a black screen.
I had also problems with the Microsoft wireless keyboard and mouse - I removed them both and now use wired ones.
On and off the Microsoft webcam creates problems (such that the system can't start; I am told to remove the webcam and when I do the computer starts), or I get the same printer error in the events viewer(HP printer).
I have some repeating errors in the Event Viewer (some of these logs are copied in posts #76, 77 and 79 on page 6 of the previous thread http://www.geekstogo...-7-cannot-load/ ).
There were some previous issues with RegSERVO (DealPly ?), but that was before I re-installed Windows.
I attach the OTL test results.
Thank you in advance for your help.
OTL logfile created on: 17/11/2013 1:31:39 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BUBETO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
4.00 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.12% Memory free
8.00 Gb Paging File | 6.77 Gb Available in Paging File | 84.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 34.19 Gb Free Space | 56.98% Space Free | Partition Type: NTFS
Drive D: | 693.24 Gb Total Space | 684.48 Gb Free Space | 98.74% Space Free | Partition Type: NTFS
Computer Name: SETH-PC | User Name: BUBETO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\BUBETO\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe (Paramount Software UK Ltd)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.nz/?oc...=UP76&dt=110613
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msn.co.nz/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-NZ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 92 F6 2A 00 D9 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7WQIB_enNZ561
IE - HKCU\..\SearchScopes\{72CA6EA9-07F8-491A-9E13-DF5F4F715FB4}: "URL" = http://www.google.co...1I7WQIB_enNZ561
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/11/08 17:20:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/11/08 17:20:27 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/11 10:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56318B64-22E0-43CE-9CA3-24FD98990823}: DhcpNameServer = 192.168.1.254 192.168.0.2
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/17 13:29:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BUBETO\Desktop\OTL.exe
[2013/11/16 16:04:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/11/16 16:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2013/11/16 16:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2013/11/16 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/11/16 15:54:18 | 000,531,658 | ---- | C] (Igor Pavlov) -- C:\Users\BUBETO\Desktop\mb_bios_ga-g31m-es2l_2.x_ff.exe
[2013/11/15 22:13:47 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Desktop\OTL results
[2013/11/15 21:05:49 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013/11/15 15:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2013/11/15 15:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2013/11/15 15:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2013/11/15 14:54:35 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Skype
[2013/11/15 14:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/11/15 14:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/15 14:54:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/11/15 14:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/11/15 14:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/15 14:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/11/15 14:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/15 14:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/15 14:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/11/12 15:06:49 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/11/12 15:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/11/11 20:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2013/11/11 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/11/10 11:18:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/10 00:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/11/08 17:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2013/11/08 17:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013/11/08 17:27:28 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\HP
[2013/11/08 17:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2013/11/08 17:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2013/11/08 17:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/11/08 17:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/11/08 17:20:42 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\HpUpdate
[2013/11/08 17:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2013/11/08 17:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013/11/08 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/11/08 17:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/11/08 17:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/11/08 17:17:05 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/11/08 17:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/11/08 10:12:36 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\ElevatedDiagnostics
[2013/11/08 09:58:40 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Programs
[2013/11/07 09:30:47 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\Documents\Reflect
[2013/11/07 09:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
[2013/11/07 08:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/11/07 08:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2013/11/07 07:45:15 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Innovative Solutions
[2013/11/07 07:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2013/11/07 07:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2013/11/06 21:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/06 21:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/06 11:54:45 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Google
[2013/11/06 11:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/11/06 11:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/11/06 11:53:32 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Google
[2013/11/06 11:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/11/06 11:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/06 11:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/11/06 11:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/11/06 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Adobe
[2013/11/05 15:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/11/05 15:37:32 | 000,000,000 | ---D | C] -- C:\Programs Files
[2013/11/05 14:44:55 | 000,000,000 | ---D | C] -- C:\PROGRAMS
[2013/11/05 14:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2013/11/05 14:17:53 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Downloads
[2013/11/05 13:37:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/11/05 13:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/11/05 06:19:17 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/11/05 06:19:02 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/11/04 20:58:24 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Microsoft Games
[2013/11/04 15:44:18 | 000,000,000 | ---D | C] -- C:\boot
[2013/11/04 15:35:41 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/11/04 14:45:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/11/04 14:45:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/11/04 13:51:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/11/04 13:38:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/11/04 08:58:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/11/04 08:42:28 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/11/04 07:14:28 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Diagnostics
[2013/11/03 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Macromedia
[2013/11/03 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Adobe
[2013/11/03 13:05:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/11/03 13:05:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/11/03 12:12:40 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/03 12:12:40 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Searches
[2013/11/03 12:12:40 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/03 12:12:40 | 000,000,000 | -H-D | C] -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/03 12:12:32 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Identities
[2013/11/03 12:12:31 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Contacts
[2013/11/03 12:12:29 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\VirtualStore
[2013/11/03 12:12:25 | 000,000,000 | --SD | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Videos
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Saved Games
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Pictures
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Music
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Links
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Documents
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\Desktop
[2013/11/03 12:12:25 | 000,000,000 | R--D | C] -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\AppData\Local\Temporary Internet Files
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Templates
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Start Menu
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\SendTo
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Recent
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\PrintHood
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\NetHood
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Documents\My Videos
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Documents\My Pictures
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Documents\My Music
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\My Documents
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Local Settings
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\AppData\Local\History
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Cookies
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\Application Data
[2013/11/03 12:12:25 | 000,000,000 | -HSD | C] -- C:\Users\BUBETO\AppData\Local\Application Data
[2013/11/03 12:12:25 | 000,000,000 | -H-D | C] -- C:\Users\BUBETO\AppData
[2013/11/03 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Temp
[2013/11/03 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Local\Microsoft
[2013/11/03 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\BUBETO\AppData\Roaming\Media Center Programs
[2013/11/03 12:12:14 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/03 12:02:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/11/03 11:59:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/11/03 11:00:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/17 13:30:37 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 13:30:37 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/17 13:29:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BUBETO\Desktop\OTL.exe
[2013/11/17 13:27:30 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/17 13:27:30 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/17 13:27:30 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/17 13:23:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/17 13:22:58 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/17 13:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/17 11:03:16 | 000,363,609 | ---- | M] () -- C:\Users\BUBETO\Desktop\ANZ Dispute Form.pdf
[2013/11/16 16:15:29 | 000,151,012 | ---- | M] () -- C:\Users\BUBETO\Desktop\bios.ini
[2013/11/16 15:54:19 | 000,531,658 | ---- | M] (Igor Pavlov) -- C:\Users\BUBETO\Desktop\mb_bios_ga-g31m-es2l_2.x_ff.exe
[2013/11/16 09:31:45 | 000,009,175 | ---- | M] () -- C:\Users\BUBETO\Desktop\Errors.rtf
[2013/11/15 22:15:58 | 000,000,223 | ---- | M] () -- C:\Users\BUBETO\Desktop\Osho Zen Tarot.url
[2013/11/15 22:01:57 | 000,000,396 | ---- | M] () -- C:\Users\BUBETO\Desktop\speccy 30 oktomvri 2013.rtf
[2013/11/15 21:59:08 | 000,204,449 | ---- | M] () -- C:\Users\BUBETO\Desktop\speccy 1.rtf
[2013/11/15 15:03:38 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2013/11/15 14:54:28 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/15 10:16:50 | 000,010,374 | ---- | M] () -- C:\Users\BUBETO\Desktop\is the disk bad.rtf
[2013/11/12 18:04:49 | 000,000,184 | ---- | M] () -- C:\Users\BUBETO\Desktop\YouTube.url
[2013/11/12 15:06:49 | 000,001,021 | ---- | M] () -- C:\Users\BUBETO\Desktop\SpeedFan.lnk
[2013/11/12 15:06:47 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/11/11 20:37:46 | 000,000,862 | ---- | M] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/11 20:37:46 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/09 13:56:40 | 000,000,917 | ---- | M] () -- C:\Users\BUBETO\Desktop\Favorites - Shortcut.lnk
[2013/11/09 03:28:17 | 000,006,997 | ---- | M] () -- C:\Users\BUBETO\Desktop\Locate dump files.rtf
[2013/11/09 02:22:05 | 000,275,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/08 21:49:53 | 000,011,891 | ---- | M] () -- C:\Users\BUBETO\Desktop\Driver Verifier.rtf
[2013/11/08 17:27:17 | 000,170,043 | ---- | M] () -- C:\Windows\hpoins44.dat
[2013/11/08 17:19:12 | 000,002,109 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/11/08 09:58:44 | 000,000,000 | ---- | M] () -- C:\END
[2013/11/07 09:17:53 | 000,002,483 | ---- | M] () -- C:\Users\Public\Desktop\Reflect.lnk
[2013/11/07 07:45:15 | 000,001,248 | ---- | M] () -- C:\Users\BUBETO\Desktop\DriverMax.lnk
[2013/11/07 06:50:58 | 000,000,468 | ---- | M] () -- C:\Users\BUBETO\Desktop\New Volume (D) - Shortcut.lnk
[2013/11/06 21:29:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/06 17:02:51 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 17:02:51 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/04 14:49:25 | 000,001,451 | ---- | M] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/03 12:31:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/11/03 12:03:04 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/11/03 12:03:04 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/11/03 12:01:19 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/11/03 12:01:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2013/11/03 12:00:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/17 11:03:16 | 000,363,609 | ---- | C] () -- C:\Users\BUBETO\Desktop\ANZ Dispute Form.pdf
[2013/11/16 16:14:06 | 000,151,012 | ---- | C] () -- C:\Users\BUBETO\Desktop\bios.ini
[2013/11/15 22:15:58 | 000,000,223 | ---- | C] () -- C:\Users\BUBETO\Desktop\Osho Zen Tarot.url
[2013/11/15 22:01:57 | 000,000,396 | ---- | C] () -- C:\Users\BUBETO\Desktop\speccy 30 oktomvri 2013.rtf
[2013/11/15 21:59:08 | 000,204,449 | ---- | C] () -- C:\Users\BUBETO\Desktop\speccy 1.rtf
[2013/11/15 15:03:38 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2013/11/15 14:54:28 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/13 22:57:49 | 000,010,374 | ---- | C] () -- C:\Users\BUBETO\Desktop\is the disk bad.rtf
[2013/11/13 21:52:57 | 000,009,175 | ---- | C] () -- C:\Users\BUBETO\Desktop\Errors.rtf
[2013/11/12 18:04:49 | 000,000,184 | ---- | C] () -- C:\Users\BUBETO\Desktop\YouTube.url
[2013/11/12 15:06:49 | 000,001,021 | ---- | C] () -- C:\Users\BUBETO\Desktop\SpeedFan.lnk
[2013/11/12 15:06:47 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/11/11 20:37:02 | 000,000,862 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/11 20:37:02 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2013/11/09 13:56:40 | 000,000,917 | ---- | C] () -- C:\Users\BUBETO\Desktop\Favorites - Shortcut.lnk
[2013/11/09 02:31:12 | 000,006,997 | ---- | C] () -- C:\Users\BUBETO\Desktop\Locate dump files.rtf
[2013/11/08 17:19:12 | 000,002,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/11/08 17:15:29 | 000,170,043 | ---- | C] () -- C:\Windows\hpoins44.dat
[2013/11/08 17:15:29 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2013/11/08 11:18:57 | 000,011,891 | ---- | C] () -- C:\Users\BUBETO\Desktop\Driver Verifier.rtf
[2013/11/08 09:58:44 | 000,000,000 | ---- | C] () -- C:\END
[2013/11/07 09:17:53 | 000,002,483 | ---- | C] () -- C:\Users\Public\Desktop\Reflect.lnk
[2013/11/07 07:45:15 | 000,001,248 | ---- | C] () -- C:\Users\BUBETO\Desktop\DriverMax.lnk
[2013/11/07 06:50:58 | 000,000,468 | ---- | C] () -- C:\Users\BUBETO\Desktop\New Volume (D) - Shortcut.lnk
[2013/11/06 21:29:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/06 21:29:24 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/06 17:02:51 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/06 17:02:51 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/06 11:53:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/06 06:05:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/11/05 06:20:03 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/11/05 06:18:49 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/11/05 06:18:42 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/11/05 06:18:42 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/11/05 06:18:36 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/11/03 13:05:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/03 12:31:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013/11/03 12:29:20 | 000,001,451 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/03 12:12:41 | 000,001,427 | ---- | C] () -- C:\Users\BUBETO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/03 12:12:25 | 000,000,290 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/03 12:12:25 | 000,000,272 | ---- | C] () -- C:\Users\BUBETO\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/03 12:02:45 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/11/03 12:02:41 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/11/03 12:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/11/03 12:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013/11/03 12:00:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/11/03 11:59:15 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys
========== ZeroAccess Check ==========
[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 15:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 14:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 01:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 17/11/2013 1:31:39 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BUBETO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
4.00 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.12% Memory free
8.00 Gb Paging File | 6.77 Gb Available in Paging File | 84.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 34.19 Gb Free Space | 56.98% Space Free | Partition Type: NTFS
Drive D: | 693.24 Gb Total Space | 684.48 Gb Free Space | 98.74% Space Free | Partition Type: NTFS
Computer Name: SETH-PC | User Name: BUBETO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D413B3-BDB4-4C81-9522-C927BD21A587}" = rport=139 | protocol=6 | dir=out | app=system |
"{260380A8-01F6-48F1-B8D0-475A8B93A5AB}" = rport=445 | protocol=6 | dir=out | app=system |
"{28627671-0015-471B-84B0-5DFB437BA6EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{34AE49B5-D5D4-4C38-AAD2-8A840D5BEBB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38A7D6D6-D19E-4BC4-91DB-B083D1F47094}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3ACEBCF5-D0CF-4668-8C1F-77CE9720D6B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44E69E86-1336-4A63-8F90-7134BBE1A08F}" = lport=139 | protocol=6 | dir=in | app=system |
"{4782C5A9-D150-4C34-979C-9DAFC29ABFE5}" = rport=138 | protocol=17 | dir=out | app=system |
"{5F5D6589-E34B-4DCB-843D-0FCCD9E389E7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{652E8CF5-106F-4140-8B87-9D17BBFBD617}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6D049894-379A-4E97-93E7-791297751735}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{736454A5-705F-4A1B-B935-E6E046B834BD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{776F06FF-6401-41B4-84CA-D9CB3A363AB2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87106511-9B0E-4254-9096-60AE02FD3154}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{879E2D99-2D11-44D1-BB2A-B2F57BC82478}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0E6B1A4-ED59-400A-B3A7-01C3FB304A05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A812673D-3E60-47AC-933B-9B2E1C0B9DBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA952736-6517-48E6-AC74-465640D6A2A1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF153927-5B2C-4D2D-9849-A8A14683B70E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C53C6ABF-87FC-4F26-AA74-61979EFFFC51}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3C46849-34C4-4411-97AB-0C8F6421DC77}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7973C7D-45F3-4843-A2EA-FE55BA90255E}" = lport=138 | protocol=17 | dir=in | app=system |
"{E994785A-6C09-4722-B777-570483FF7801}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0409EAEA-A8F7-4962-B756-87697874D377}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{19DFC0A5-0DC1-421C-807A-DB9558B3F8C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B1229B7-C836-47E4-972F-F4A609A4D4FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{21CC0E1B-80DD-470D-9747-CC86BABBFB34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{2707C01E-05E8-46CD-9EB2-4EBAE3ED061E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27832F6E-E5FD-4D1C-B0DA-7643D7E6C236}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35DC9EEB-888E-44CC-9789-1CFAB50E2F42}" = protocol=1 | dir=in | [email protected],-28543 |
"{3CA82702-1651-4813-903B-FE51775F4A21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40F189CB-743D-4253-9B5F-529A5DD944AB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{48CA4597-E172-4B45-8373-1FD7ACBD8A10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49D990E9-3CC1-4F96-971F-D50D2EC79F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{6049C32B-4160-4DC6-887D-E0B179C47934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61067336-B346-41F2-9A14-3731909E49CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{63222EC7-4140-47D0-9B8C-A914D183D477}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73466A6B-ECD7-4C58-911D-F63A1DA37200}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{77177E40-B752-4F8D-99CD-D8B10F267093}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{7FF127A2-1A82-4D0A-BE56-01536D53132A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{8E9D59DA-5595-445A-8072-D242EA84D2E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FDC0DBC-955C-486C-905D-B821D837C9F1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{92E2F2CF-CB1F-4F86-A1CB-B8491C596371}" = protocol=1 | dir=out | [email protected],-28544 |
"{94060EAF-BF7C-48D1-9FA7-ACE82B7F5C9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{97F6ABC6-640C-43C2-AF73-A60DF547B6B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D091261-68C5-4D06-B1A3-9EDED7511CDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9F53BBEA-E7F6-4285-A85D-B4A68B0B4168}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{A8594B4B-DDD0-4E3C-9BBC-EADE8B3874F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AE7D81B0-6C23-46BC-8E81-7D07A3265EBB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{AF9F92E3-A33B-418B-A1A7-C0DA5C5446C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{AFA6D280-1F1A-42F9-964D-4DE50E9578D9}" = protocol=6 | dir=out | app=system |
"{B0D4C376-512B-4399-AA41-5D2C768C4EDD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B607FF47-DA28-43DD-AAC0-9F83C90FBD48}" = protocol=58 | dir=in | [email protected],-28545 |
"{B80D2A15-3B9B-42AF-80D2-593EFF18067F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{C18AB339-CB19-4BEE-A0F7-14A22919D174}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5FC162F-5172-4A8A-B417-B4DFC38AC4A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D5613CD7-AA75-46FC-99DD-479785764172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{E0081860-A49E-4BA3-91AA-F2057E06AB81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5DEDA3F-49D8-44FC-845F-F6BFC4DD09CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2087D3A-0CAE-4A24-8A96-E87A50A61FE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2C95838-50F8-4922-B71E-8F769444B11B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{F8449A3F-B4B8-4ACB-A978-156DC8F0C9C7}" = protocol=58 | dir=out | [email protected],-28546 |
"{F8F33933-5DF0-437F-BAC0-FF381BF4473C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{FA616A04-D3BD-4BC7-B459-57EBDBA16172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FF3EBB5F-74ED-4BE1-8013-1C551169011D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{117ABEC4-CB0D-4D93-9AF4-4E50C5A6BF0B}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{BBF651DC-6367-4FA0-92EB-188D33BE8B90}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{BF6ADC4F-0757-44B4-A2A0-4D389B06E68B}" = Macrium Reflect Free Edition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"MacriumReflect" = Macrium Reflect Free Edition
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DMX5_is1" = DriverMax 7
"HP Photo Creations" = HP Photo Creations
"SpeedFan" = SpeedFan (remove only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/11/2013 1:25:33 a.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\SoftonicDownloader_for_speedfan.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11/11/2013 1:25:35 a.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\SoftonicDownloader_for_speedfan.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11/11/2013 1:25:40 a.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\SoftonicDownloader_for_speedfan.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11/11/2013 1:25:43 a.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\SoftonicDownloader_for_speedfan.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11/11/2013 8:31:36 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/11/2013 8:20:07 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13/11/2013 12:09:15 a.m. | Computer Name = SETH-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16736 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ee4 Start
Time: 01cee025f33d1fdd Termination Time: 18 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 57a81ef7-4c19-11e3-8e87-6cf049434400
Error - 13/11/2013 5:37:25 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 14/11/2013 5:39:39 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 15/11/2013 4:03:24 p.m. | Computer Name = SETH-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ System Events ]
Error - 16/11/2013 5:42:18 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 16/11/2013 5:42:18 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 16/11/2013 8:02:51 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 16/11/2013 8:02:51 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 2 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 16/11/2013 8:02:51 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 16/11/2013 8:02:51 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 16/11/2013 8:22:57 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 16/11/2013 8:22:57 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 16/11/2013 8:22:57 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
Error - 16/11/2013 8:22:57 p.m. | Computer Name = SETH-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 2 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.
< End of report >
Attached Files
Edited by Essexboy, 17 November 2013 - 10:03 AM.