Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Broswer opening new tabs and black screen at startup

Started by Albedo , Apr 29 2014 01:20 AM

  • Please log in to reply

#1
Albedo
Posted 29 April 2014 - 01:20 AM

Albedo

    New Member

  • Member
  • Pip
  • 2 posts

When I log into my account I see a black screen with the pointer moveable for about 20-40 second. When I go to the internet random ads will open new tabs. These tabs are mostly blocked by IE itself or my malwarebytes protection. I have ran multiple scans all found nothing except for rogue kill. I reset my computer back to factory settings and everything seemed reset, except this problem.

I would also like to note when I logged onto YouTube my preferences of videos was still there, which if it was a true reformat it shouldn't be aware of my video suggestions. Lastly I have been turning on and off my bluetooth for safety reasons so that part is me. Anyways here is my OTL logs.

 

 

OTL logfile created on: 29/04/2014 3:53:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\use\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.48 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 58.61% Memory free
6.95 Gb Paging File | 5.08 Gb Available in Paging File | 73.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.07 Gb Total Space | 645.47 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
Drive D: | 21.27 Gb Total Space | 2.24 Gb Free Space | 10.51% Space Free | Partition Type: NTFS
Drive F: | 98.00 Mb Total Space | 86.45 Mb Free Space | 88.21% Space Free | Partition Type: FAT32
 
Computer Name: USE-HP | User Name: use | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/29 03:45:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\use\Desktop\OTL.exe
PRC - [2014/04/15 23:00:04 | 000,182,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/04/15 23:00:02 | 000,125,008 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/04/03 13:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 13:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 13:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/02/25 15:41:37 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/02/25 15:41:25 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/02/25 15:41:24 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/19 17:40:32 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/11/28 19:08:00 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/08/19 18:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/11/21 00:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/26 06:46:40 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/04/26 06:46:04 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/04/26 06:46:00 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/04/26 06:45:46 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/04/26 06:45:42 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/04/26 06:45:37 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/04/26 06:45:20 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014/04/26 06:44:53 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/04/26 06:44:46 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/04/26 06:44:46 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014/04/26 06:42:57 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/04/26 06:42:52 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/26 06:42:52 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/04/26 06:42:49 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/04/26 06:42:40 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/04/26 06:42:38 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/26 06:42:35 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/04/26 06:42:32 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/04/26 06:42:29 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/04/26 06:42:28 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/04/26 06:42:25 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/04/26 06:42:22 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/04/26 06:42:18 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/04/26 06:42:12 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/04/15 23:00:02 | 000,138,320 | ---- | M] () -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/04/15 22:59:58 | 000,049,744 | ---- | M] () -- C:\Users\use\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/26 09:54:44 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/04/26 05:29:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/10 18:54:58 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/10 05:00:36 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/01/04 05:37:16 | 000,311,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2014/04/28 20:51:29 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/15 23:00:02 | 000,125,008 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/04/03 13:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 13:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/02/25 15:41:37 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/02/25 15:41:34 | 001,017,424 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2014/02/25 15:41:25 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/12 01:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/19 17:40:32 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/01/19 17:22:08 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/09/09 21:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/29 03:41:19 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 13:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 13:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/02/25 15:41:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2014/02/25 15:41:26 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/02/25 15:41:25 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/10/01 23:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 11:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/06/20 13:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/03 00:50:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/03 00:50:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/10 21:26:24 | 010,825,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/10 17:54:38 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/02 05:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012/01/19 17:31:32 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/01/19 17:30:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/01/19 17:30:32 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/01/19 17:30:02 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/01/19 17:29:44 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/01/19 17:29:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/01/19 17:29:14 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/01/19 17:29:02 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/01/14 09:05:54 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/01/04 05:37:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/12/13 09:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/13 09:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/12/06 08:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/26 16:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/26 16:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/10/14 08:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/21 20:33:50 | 000,258,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011/08/24 02:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 00:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 18:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 18:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 18:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 17:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 17:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 E8 09 E8 2C 61 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
 
 
O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F9E40B8-4E7C-485C-9E14-8F9F160788EA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99494EBB-2085-451B-B8F5-931405E52852}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/29 03:47:51 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014/04/29 03:46:13 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\Hewlett-Packard
[2014/04/29 03:45:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\use\Desktop\OTL.exe
[2014/04/28 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\use\Desktop\New folder
[2014/04/28 21:06:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/28 21:02:11 | 000,000,000 | ---D | C] -- C:\Users\use\Desktop\RK_Quarantine
[2014/04/28 20:48:04 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\CrashDumps
[2014/04/27 01:01:55 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\hpqlog
[2014/04/26 18:53:38 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014/04/26 11:12:33 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\Adobe
[2014/04/26 09:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/04/26 09:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/26 09:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/04/26 08:55:22 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\Avira
[2014/04/26 08:49:36 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014/04/26 08:49:36 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014/04/26 08:49:36 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014/04/26 08:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014/04/26 08:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014/04/26 08:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014/04/26 08:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/26 07:43:47 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/26 07:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/26 07:43:32 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/26 07:43:32 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/26 07:43:32 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 07:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/26 07:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/26 07:43:17 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\Programs
[2014/04/26 07:42:41 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\Macromedia
[2014/04/26 07:34:20 | 000,000,000 | -HSD | C] -- C:\Users\use\AppData\Local\EmieUserList
[2014/04/26 07:34:20 | 000,000,000 | -HSD | C] -- C:\Users\use\AppData\Local\EmieSiteList
[2014/04/26 07:19:37 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/04/26 07:04:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/04/26 07:04:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/04/26 06:29:57 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\Adobe
[2014/04/26 05:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/04/26 05:55:39 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/26 04:50:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/04/26 04:29:04 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2014/04/26 04:27:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/04/26 04:20:26 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\AMD
[2014/04/26 04:20:16 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\BMExplorer
[2014/04/26 04:20:16 | 000,000,000 | ---D | C] -- C:\Users\use\Documents\Bluetooth Folder
[2014/04/26 04:20:14 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\ATI
[2014/04/26 04:20:14 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\ATI
[2014/04/26 04:20:03 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\Synaptics
[2014/04/26 04:20:03 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\Hewlett-Packard
[2014/04/26 04:20:01 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\Atheros
[2014/04/26 04:19:51 | 000,000,000 | R--D | C] -- C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/04/26 04:19:51 | 000,000,000 | R--D | C] -- C:\Users\use\Searches
[2014/04/26 04:19:51 | 000,000,000 | R--D | C] -- C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/04/26 04:19:51 | 000,000,000 | -H-D | C] -- C:\Users\use\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/04/26 04:19:43 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\Identities
[2014/04/26 04:19:40 | 000,000,000 | R--D | C] -- C:\Users\use\Contacts
[2014/04/26 04:19:31 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\VirtualStore
[2014/04/26 04:18:57 | 000,000,000 | --SD | C] -- C:\Users\use\AppData\Roaming\Microsoft
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\Videos
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\Saved Games
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\Pictures
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\Music
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\Links
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\Favorites
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\Downloads
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\Documents
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\Desktop
[2014/04/26 04:18:57 | 000,000,000 | R--D | C] -- C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\AppData\Local\Temporary Internet Files
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\Templates
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\Start Menu
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\SendTo
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\Recent
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\PrintHood
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\NetHood
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\Documents\My Videos
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\Documents\My Pictures
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\Documents\My Music
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\My Documents
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\Local Settings
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\AppData\Local\History
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\Cookies
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\Application Data
[2014/04/26 04:18:57 | 000,000,000 | -HSD | C] -- C:\Users\use\AppData\Local\Application Data
[2014/04/26 04:18:57 | 000,000,000 | -H-D | C] -- C:\Users\use\AppData
[2014/04/26 04:18:57 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\Temp
[2014/04/26 04:18:57 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Local\Microsoft
[2014/04/26 04:18:57 | 000,000,000 | ---D | C] -- C:\Users\use\AppData\Roaming\Media Center Programs
[2014/04/26 04:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/04/26 04:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2014/04/26 04:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2014/04/26 04:05:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014/04/26 04:05:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/04/26 04:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2014/04/26 04:04:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[2014/04/26 04:04:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YouCam
[2014/04/26 04:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2014/04/26 04:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2014/04/26 04:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[2014/04/26 03:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2014/04/26 03:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite
[2014/04/26 03:53:26 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2014/04/26 03:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2014/04/26 03:52:42 | 000,442,528 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2014/04/26 03:52:42 | 000,063,648 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll
[2014/04/26 03:52:42 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2014/04/26 03:52:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2014/04/26 03:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2014/04/26 03:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2014/04/26 03:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2014/04/26 03:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2014/04/26 03:50:59 | 000,565,352 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/04/26 03:50:39 | 004,444,672 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2014/04/26 03:50:39 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2014/04/26 03:50:39 | 001,819,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2014/04/26 03:50:39 | 001,425,408 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2014/04/26 03:50:39 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2014/04/26 03:50:39 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2014/04/26 03:50:39 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2014/04/26 03:50:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2014/04/26 03:49:36 | 000,251,904 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2014/04/26 03:49:35 | 001,987,072 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2014/04/26 03:49:35 | 000,654,336 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2014/04/26 03:49:35 | 000,535,552 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2014/04/26 03:49:35 | 000,448,512 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2014/04/26 03:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2014/04/26 03:49:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda
[2014/04/26 03:49:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/04/26 03:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2014/04/26 03:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2014/04/26 03:48:34 | 000,000,000 | ---D | C] -- C:\Windows\kdb
[2014/04/26 03:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/04/26 03:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2014/04/26 03:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/04/26 03:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2014/04/26 03:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2014/04/26 03:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/04/26 03:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/04/26 03:47:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014/04/26 03:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2014/04/26 03:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/04/26 03:46:36 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/04/26 03:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/04/26 03:38:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\use\*.tmp files -> C:\Users\use\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/29 03:56:39 | 001,667,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/29 03:56:39 | 000,749,556 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/04/29 03:56:39 | 000,666,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/29 03:56:39 | 000,153,256 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/04/29 03:56:39 | 000,125,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/29 03:53:00 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuse.job
[2014/04/29 03:50:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/29 03:48:12 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/29 03:48:12 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/29 03:45:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\use\Desktop\OTL.exe
[2014/04/29 03:41:19 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/29 03:39:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/29 03:39:22 | 2799,984,640 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/28 21:45:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/04/28 21:29:22 | 001,310,621 | ---- | M] () -- C:\Users\use\Desktop\adwcleaner.exe
[2014/04/28 21:27:29 | 004,527,616 | ---- | M] () -- C:\Users\use\Desktop\RogueKillerX64.exe
[2014/04/26 19:27:25 | 000,012,228 | ---- | M] () -- C:\Users\use\Desktop\protect log.xml
[2014/04/26 18:53:20 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014/04/26 09:54:44 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/04/26 08:45:09 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/04/26 07:43:35 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 07:15:36 | 001,631,880 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/26 06:23:42 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/26 05:52:45 | 000,001,441 | ---- | M] () -- C:\Users\use\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/26 05:29:06 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/04/26 05:29:06 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/04/26 04:18:34 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/04/26 04:18:34 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/04/26 04:06:27 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2014/04/26 04:01:05 | 000,000,593 | ---- | M] () -- C:\Windows\SysNative\ndCPrepLog
[2014/04/26 04:00:10 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2014/04/26 03:56:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2014/04/26 03:54:27 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin
[2014/04/26 03:54:27 | 000,001,796 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x11020000_40.dfu
[2014/04/26 03:54:27 | 000,001,242 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
[2014/04/26 03:54:27 | 000,001,228 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
[2014/04/26 03:54:27 | 000,001,214 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
[2014/04/26 03:54:27 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
[2014/04/26 03:54:27 | 000,001,204 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_40.dfu
[2014/04/26 03:54:27 | 000,001,198 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26.dfu
[2014/04/26 03:54:27 | 000,001,192 | ---- | M] () -- C:\Windows\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
[2014/04/26 03:49:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/04/26 03:46:00 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_Q5CD21816YF_E679412-DB1_4A_I1849_SHP_V57.35_BF.26_T130221_W73-1_L409_M3561_J750_7AMD_8F01_92.70_#140425_N_(B5R69UA#ABL)_XMOBILE_CN10_Z_20791100000205610000620100.MRK
[2014/04/26 03:46:00 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_Q5CD21816YF_E679412-DB1_4A_I1849_SHP_V57.35_BF.26_T130221_W73-1_L409_M3561_J750_7AMD_8F01_92.70_#140425_N_(B5R69UA#ABL)_XMOBILE_CN10_Z_20791100000205610000620100.MRK
[2014/04/03 13:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 13:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 13:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\use\*.tmp files -> C:\Users\use\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/29 03:53:00 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForuse.job
[2014/04/28 21:45:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/04/28 21:29:13 | 001,310,621 | ---- | C] () -- C:\Users\use\Desktop\adwcleaner.exe
[2014/04/28 21:27:29 | 004,527,616 | ---- | C] () -- C:\Users\use\Desktop\RogueKillerX64.exe
[2014/04/26 19:50:23 | 000,012,228 | ---- | C] () -- C:\Users\use\Desktop\protect log.xml
[2014/04/26 09:54:44 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/04/26 08:45:09 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/04/26 07:43:35 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 05:57:24 | 001,631,880 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/26 05:52:45 | 000,001,441 | ---- | C] () -- C:\Users\use\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/26 05:29:06 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/04/26 05:29:06 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/04/26 04:55:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/04/26 04:39:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/04/26 04:29:55 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml
[2014/04/26 04:19:52 | 000,001,417 | ---- | C] () -- C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/04/26 04:18:57 | 000,000,290 | ---- | C] () -- C:\Users\use\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/04/26 04:18:57 | 000,000,272 | ---- | C] () -- C:\Users\use\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/04/26 04:14:09 | 2799,984,640 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/26 04:06:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2014/04/26 04:05:27 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/26 04:00:57 | 000,000,593 | ---- | C] () -- C:\Windows\SysNative\ndCPrepLog
[2014/04/26 04:00:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/04/26 03:56:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2014/04/26 03:50:59 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2014/04/26 03:49:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/04/26 03:46:00 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_Q5CD21816YF_E679412-DB1_4A_I1849_SHP_V57.35_BF.26_T130221_W73-1_L409_M3561_J750_7AMD_8F01_92.70_#140425_N_(B5R69UA#ABL)_XMOBILE_CN10_Z_20791100000205610000620100.MRK
[2014/04/26 03:46:00 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_Q5CD21816YF_E679412-DB1_4A_I1849_SHP_V57.35_BF.26_T130221_W73-1_L409_M3561_J750_7AMD_8F01_92.70_#140425_N_(B5R69UA#ABL)_XMOBILE_CN10_Z_20791100000205610000620100.MRK
[2014/04/26 03:42:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/04/26 03:42:15 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 23:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/26 04:20:03 | 000,000,000 | ---D | M] -- C:\Users\use\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >


Extras Report:

 

OTL Extras logfile created on: 29/04/2014 3:53:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\use\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.48 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 58.61% Memory free
6.95 Gb Paging File | 5.08 Gb Available in Paging File | 73.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.07 Gb Total Space | 645.47 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
Drive D: | 21.27 Gb Total Space | 2.24 Gb Free Space | 10.51% Space Free | Partition Type: NTFS
Drive F: | 98.00 Mb Total Space | 86.45 Mb Free Space | 88.21% Space Free | Partition Type: FAT32
 
Computer Name: USE-HP | User Name: use | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087BDA91-7C95-414A-94A5-637D53720582}" = lport=139 | protocol=6 | dir=in | app=system |
"{21CD52B0-2333-442F-8F90-3A10A6D4C130}" = rport=138 | protocol=17 | dir=out | app=system |
"{29600021-C4DF-4AD9-BD87-E17EEA1C4E13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{357A7FFF-BE2B-45C4-AA57-89A5E8B75FC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{38111D69-6A9F-4C42-BC3B-998E04127193}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38E8F758-7BA6-4121-B5C1-6BEFF082B9A3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{422CC196-4C17-411A-88E4-3531F1307583}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B78F1A1-C03D-4034-9D25-BCEFA5C3E36C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{51AF851D-D9EF-431F-81B5-F481D1A64322}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DC353A5-855B-48E9-8299-41177852B10C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6559303B-CC32-403E-8B75-01FA00EBAB99}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F83ECF2-75F9-43D9-8F2A-AEFA5731CA60}" = lport=137 | protocol=17 | dir=in | app=system |
"{8CA1AD8C-900A-4557-B812-4F7DF3B9AC64}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92ACCD5C-15AE-4F82-8DA9-A2FEAD12FD18}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F050D4D-0876-4870-9196-1A8BD4066EF6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4A35097-228A-4A6C-8535-5E7B380B818B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BD841AF0-B4AA-49B7-9CB6-CAE64DCA6767}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD9B50F0-BF27-4194-9127-E1F4CF2DC537}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA4958EE-11DB-40AC-98BF-DEE8365642FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6E7E790-5655-4774-B20C-6B72B0845169}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD016CD8-DE7F-4D2C-AB02-E31E58B02EA3}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C09635-DD57-45D0-975E-7E5CC9C96F5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02F3F4D9-7776-4154-99F9-520553B328FB}" = protocol=1 | dir=out | [email protected],-28544 |
"{1A1C66EA-BD5C-4ED4-8C67-C97C99860551}" = protocol=6 | dir=out | app=system |
"{3702ABC6-3503-4A0A-A0D4-56ABA5CCB553}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4CFACDB0-A8D1-4257-A879-FAC48A1163A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58604239-A1B2-405C-BAD6-A6AE493F58F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58A234D7-7933-4D20-A9C8-D61C6D057DC5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6571895C-CE7F-40A3-A1E3-0C81DF6ABBC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC7634B-6321-4C96-A227-D799D55BA037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85629EFA-BC97-4A3E-B0A2-C04FFACD3981}" = protocol=58 | dir=out | [email protected],-28546 |
"{9040601A-D4CA-4594-96BB-092670D07E5E}" = protocol=1 | dir=in | [email protected],-28543 |
"{96007185-8741-45C5-9DA0-5AC9C6E22F95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0B1637B-8A97-4CA4-B140-8B8D8ECB2466}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3C680A6-5448-4A29-AD81-1200FED1B23C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A71F105D-071E-4396-8C9E-1570D7C9962A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7AD6F76-1CCA-4BED-A96D-3107139E48CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8BB6719-DFB0-4914-BA98-36A28A6B7C6C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9C4CB9C-7B6C-46BE-BC93-15E64E2D6658}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC56C58C-46C5-4520-B14D-DAEBFF4F7043}" = protocol=58 | dir=in | [email protected],-28545 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{289D263F-1526-945B-1E0D-7E51196337E4}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036" = Microsoft .NET Framework 4.5.1 (Français)
"{9D1400EC-5703-3983-53B7-AEFB8BFD1CFA}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C22759DB-BA8B-30E7-99EE-8B47DB43AE56}" = Microsoft .NET Framework 4.5.1 (FRA)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F8E65951-694F-5F50-21C2-391B46B26653}" = AMD Accelerated Video Transcoding
"{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}" = HP Security Assistant
"{FEDED942-6D32-06D6-CBE4-02A95758B9E5}" = AMD Fuel
"HitmanPro37" = HitmanPro 3.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{026573E8-3808-A622-54E7-41B0D01CC689}" = CCC Help Swedish
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0C592E07-485F-B1C0-43C7-214B3782689E}" = CCC Help Czech
"{0CF102B7-1BD1-868D-7ED6-FF6618615113}" = Catalyst Control Center InstallProxy
"{0F0E0099-2C25-482C-A17A-A01988DF52DF}" = Avira
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{12F9E5E4-4C6A-8C07-03E9-1C4D8606C7CF}" = CCC Help Italian
"{2691AB48-CB65-1326-6B16-C65F2D193498}" = CCC Help Russian
"{31BF9CD1-A904-43B5-A236-53E5E908AD0E}" = Catalyst Control Center - Branding
"{3686BD56-4111-A355-F79B-8351DF00FFD0}" = Catalyst Control Center Graphics Previews Common
"{36F19B06-7C5F-F7F0-4B03-C041F9AD0B81}" = CCC Help Hungarian
"{36F55AE9-7C13-2DFD-2A16-13E9B1B591AD}" = CCC Help Turkish
"{393BD31B-4806-2F8C-BFE3-CD3D832B1A07}" = CCC Help German
"{3E2D6F53-FE1E-9685-3147-FE7D6CD241B3}" = CCC Help Greek
"{43287DB3-9A3D-9113-F9EC-E3E2EA83FAD8}" = CCC Help Chinese Standard
"{43837ADC-5558-9855-2258-C57DFE06473D}" = CCC Help Thai
"{46A14B00-8CA7-66CA-773B-78255D9C09E4}" = CCC Help Finnish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{550A8BE3-02DA-9A06-F7F7-782E0B7E16BC}" = CCC Help Danish
"{59343305-C394-8581-67E9-192E52936174}" = CCC Help Korean
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{6CFB80D8-0084-2AA0-5B10-CB528127B3D0}" = CCC Help Norwegian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{768A6276-5822-489C-8A2B-67190F745655}" = ESU for Microsoft Windows 7 SP1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{97C9CD02-4F58-59DC-53E5-AB9B171CB537}" = CCC Help English
"{98A80C9A-4362-2AEE-B547-6C2E47E8887E}" = CCC Help Polish
"{A287F545-5139-0235-DCE8-D7598B2D312C}" = Catalyst Control Center Localization All
"{B1475566-FA49-179A-86B3-C0C9E7122EA2}" = CCC Help French
"{B409B895-940B-A184-478B-5FB129501060}" = AMD VISION Engine Control Center
"{B99494A5-4B47-3923-9350-316B6A12EAAD}" = CCC Help Japanese
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{D7C45E0E-8963-DFD3-D35F-A4135BDC628E}" = CCC Help Chinese Traditional
"{DA028428-3A16-D9CE-61AB-6422DFC40918}" = CCC Help Spanish
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DE6BB53E-E91A-6F17-E518-BC4425AA9039}" = CCC Help Dutch
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E9ED3FC6-8813-61B6-97FB-F09F296A224F}" = CCC Help Portuguese
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{f470942e-6237-4c78-ba45-7e9b17a95709}" = Avira
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27/04/2014 6:10:54 PM | Computer Name = use-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 27/04/2014 6:16:09 PM | Computer Name = use-HP | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.17041 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: ac    Start
 Time: 01cf62660824c627    Termination Time: 94    Application Path: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE    Report Id:  
 
Error - 27/04/2014 11:04:30 PM | Computer Name = use-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 28/04/2014 7:45:49 PM | Computer Name = use-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 28/04/2014 7:47:35 PM | Computer Name = use-HP | Source = .NET Runtime | ID = 1026
Description =
 
Error - 28/04/2014 7:47:59 PM | Computer Name = use-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Avira.OE.Systray.exe, version: 1.1.11.32377,
 time stamp: 0x534d6562  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
 time stamp: 0x51fb1116  Exception code: 0xe0434352  Fault offset: 0x0000c41f  Faulting
 process id: 0x900  Faulting application start time: 0x01cf633bf4629bb4  Faulting application
 path: C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe  Faulting module
 path: C:\Windows\syswow64\KERNELBASE.dll  Report Id: 86eca2ac-cf2f-11e3-a528-a0b3cc6fa880
 
Error - 28/04/2014 8:33:52 PM | Computer Name = use-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 28/04/2014 8:43:16 PM | Computer Name = use-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 29/04/2014 2:41:09 AM | Computer Name = use-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 29/04/2014 2:48:34 AM | Computer Name = use-HP | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'HPWMISVC' could not be restarted.
 
[ Hewlett-Packard Events ]
Error - 26/04/2014 3:07:53 AM | Computer Name = WIN-HQQR8L8NARF | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   at System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     at System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     at System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     at System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     at System.Activator.CreateInstance(Type type, Boolean nonPublic)

   at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 3560  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) 
 
Error - 26/04/2014 3:07:59 AM | Computer Name = WIN-HQQR8L8NARF | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   at System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     at System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     at System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     at System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     at System.Activator.CreateInstance(Type type, Boolean nonPublic)

   at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 3560  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) 
 
[ System Events ]
Error - 26/04/2014 3:20:10 AM | Computer Name = use-HP | Source = Service Control Manager | ID = 7034
Description = The HPWMISVC service terminated unexpectedly.  It has done this 1
time(s).
 
Error - 26/04/2014 4:54:00 AM | Computer Name = use-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB971033).
 
Error - 26/04/2014 5:16:51 AM | Computer Name = use-HP | Source = Service Control Manager | ID = 7043
Description = The Windows Modules Installer service did not shut down properly after
 receiving a preshutdown control.
 
Error - 26/04/2014 5:24:24 AM | Computer Name = use-HP | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 26/04/2014 5:24:40 AM | Computer Name = use-HP | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 26/04/2014 5:27:01 AM | Computer Name = use-HP | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%16405
 
Error - 26/04/2014 5:29:28 AM | Computer Name = use-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x800f0902: Windows Update Aux.
 
Error - 26/04/2014 5:30:52 AM | Computer Name = use-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows
 7 for x64-based Systems (KB2936068).
 
 
< End of report >





 


  • 0

Advertisements

#2
RKinner
Posted 01 May 2014 - 12:00 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Youtube account info is stored on their server so nothing you do to your PC is going to change it.  

 

 

Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 
ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
:!: Turn off your screen saver so you can see what is going on
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Rightclick on ComboFix and select Run As Administrator to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.
 
Download TDSSKiller:
Save it to your desktop then run it by right clicking and Run As Admin.
 
 
If TDSSKiller alerts you that the system needs to reboot, please consent.
 
Run TDSSKiller again but this time:
before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP