Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

The computer restarts or shuts down when I put it in sleep mode [Solve

Started by Andro , Jun 24 2014 07:25 AM

  • This topic is locked This topic is locked

#1
Andro
Posted 24 June 2014 - 07:25 AM

Andro

    Member

  • Member
  • PipPipPip
  • 228 posts

Hi !

 

When i try to put my computer in sleep mode the BSOD appears for a moment (with stop code 0x0000000A) then restarts itself or shuts down. WhoCrashed report shows that problem is caused by ntkrnlpa.exe and ntkrpamp.exe. I've tried to solve the problem with memory test, PSU test and by updating drivers. I've checked the disk and verified files. I've also checked my computer with MBAM but no errors (steps already taken can be found on this link http://www.geekstogo...#entry2412071).

 

Thank you for your help :)

 

Below is OTL report

 

OTL logfile created on: 24.6.2014 14:42:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andro\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy
 
2,00 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,62% Memory free
4,00 Gb Paging File | 2,18 Gb Available in Paging File | 54,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 114,34 Gb Free Space | 49,10% Space Free | Partition Type: NTFS
 
Computer Name: BESTINTHEWORLD | User Name: Andro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.06.24 14:39:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andro\Downloads\OTL.exe
PRC - [2014.06.20 19:47:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.06.14 12:39:04 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
PRC - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.05.12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.04.09 20:19:03 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014.03.11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014.03.11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014.03.11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014.03.04 14:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.01.20 17:56:46 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.06.20 19:46:38 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.06.14 12:39:01 | 017,024,688 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_14_0_0_125.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014.06.20 19:47:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.05.30 10:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.04.12 01:26:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2014.03.11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014.03.11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E47A5BE-3E15-4A87-A87E-503D2E21653C}\MpKsla0cb6fbe.sys -- (MpKsla0cb6fbe)
DRV - [2014.06.24 14:19:15 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014.05.23 21:57:06 | 000,214,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2014.05.21 01:09:02 | 000,017,088 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV - [2014.05.12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014.05.12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014.03.11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014.03.04 16:29:02 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011.08.15 22:34:56 | 000,108,544 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2011.01.20 17:57:01 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011.01.20 17:56:51 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.01.20 17:56:24 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2011.01.20 17:56:24 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2011.01.20 17:56:24 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2011.01.20 17:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2011.01.20 17:56:24 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2011.01.20 17:56:24 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2011.01.20 17:56:23 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2011.01.20 17:56:23 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2011.01.20 17:56:23 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2011.01.20 17:56:22 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2011.01.20 17:56:22 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2007.01.10 21:03:20 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\BIOSTools\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2005.10.13 16:41:32 | 000,156,800 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPC610NC.sys -- (SPC610NC)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...U221DHP&pc=U221
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7BCB454AEB-2F60-4441-ADEB-2CB43BB33B20%7D:3.0
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014.04.09 15:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andro\AppData\Roaming\Mozilla\Extensions
[2014.06.22 15:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\y3nc44k1.default\extensions
[2014.06.22 15:47:42 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\y3nc44k1.default\extensions\[email protected]
[2014.04.26 21:32:53 | 000,027,540 | ---- | M] () (No name found) -- C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\y3nc44k1.default\extensions\{CB454AEB-2F60-4441-ADEB-2CB43BB33B20}.xpi
[2014.06.20 19:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.06.20 19:47:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB6992B4-DBC4-4494-B388-7D68562CAA9B}: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6da17a85-c02c-11e3-9169-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6da17a85-c02c-11e3-9169-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.06.20 19:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.06.18 13:52:42 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Local\NVIDIA Corporation
[2014.06.18 13:52:42 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Local\NVIDIA
[2014.06.18 13:43:44 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014.06.08 20:55:48 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014.06.06 01:29:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014.06.06 01:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014.06.06 01:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014.06.05 21:02:21 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Roaming\ParetoLogic
[2014.06.05 21:02:21 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Roaming\DriverCure
[2014.06.05 20:10:17 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Local\Diagnostics
[2014.06.02 01:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2014.06.02 01:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2014.06.02 01:00:50 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014.06.02 01:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014.06.02 01:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2014.05.31 18:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.06.24 14:19:15 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.06.24 13:16:08 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.24 13:16:08 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.24 13:08:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.24 13:08:38 | 1609,420,800 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.23 16:08:58 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.06.23 16:08:58 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.06.20 22:12:54 | 000,000,833 | ---- | M] () -- C:\Users\Andro\Desktop\BitTorrent.lnk
[2014.06.20 22:12:54 | 000,000,813 | ---- | M] () -- C:\Users\Andro\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014.06.20 08:23:42 | 216,943,391 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.06.10 21:01:36 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\GlaryOneClickOptimizer 5.job
[2014.06.04 13:41:16 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014.06.03 21:54:02 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.06.02 01:08:02 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2014.06.02 01:00:50 | 000,000,969 | ---- | M] () -- C:\Users\Andro\Desktop\SpeedFan.lnk
[2014.06.02 01:00:46 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2014.05.31 18:27:41 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.06.20 22:12:54 | 000,000,813 | ---- | C] () -- C:\Users\Andro\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014.06.18 13:11:17 | 216,943,391 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.06.04 01:26:51 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\GlaryOneClickOptimizer 5.job
[2014.06.02 01:08:02 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2014.06.02 01:00:50 | 000,000,969 | ---- | C] () -- C:\Users\Andro\Desktop\SpeedFan.lnk
[2014.06.02 01:00:45 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2014.05.31 18:27:41 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014.05.23 22:30:19 | 000,757,301 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.04.14 21:24:10 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PAStiSvc.exe
[2014.04.14 21:14:53 | 000,470,016 | ---- | C] () -- C:\Windows\VPro500.exe
[2014.04.12 22:38:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014.04.10 21:46:55 | 000,218,200 | ---- | C] () -- C:\Windows\System32\unrar.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011.01.20 17:56:46 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014.06.23 01:16:06 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\BitTorrent
[2014.05.19 12:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\DiskDefrag
[2014.06.05 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\DriverCure
[2014.05.21 01:09:19 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\GlarySoft
[2014.05.23 21:40:56 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\IObit
[2014.06.05 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\ParetoLogic
[2014.04.17 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\SumatraPDF
 
========== Purity Check ==========
 
 

< End of report >
 


Edited by Andro, 24 June 2014 - 01:03 PM.

  • 0

Advertisements

#2
Biscuithd
Posted 28 June 2014 - 09:37 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Very sorry that you've been waiting so long. We've been quite busy later. Anyway, I have availability to help you and will begin to assess your OTL log.

 

Could you also Attach your the minidumps of your BSOD's. If you don't know where they are or how to Attach, let me know.


  • 0

#3
Andro
Posted 28 June 2014 - 04:53 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

It's ok...I understand you aren't always here.

 

Below is Minidump attachment...

 

 

Attached Thumbnails

  • Minidump.jpg

  • 0

#4
Biscuithd
Posted 28 June 2014 - 05:34 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Could you zip the DMP and attach it. I want to run an analysis on the file.


  • 0

#5
Andro
Posted 29 June 2014 - 01:09 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Here you go

Attached Files


  • 0

#6
Biscuithd
Posted 30 June 2014 - 11:10 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

This isn't the .DMP file. Could you re-upload please.


  • 0

#7
Andro
Posted 30 June 2014 - 12:25 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Sorry I thought I zipped it...hope it is now :)

Attached Files

  • Attached File  DMP.zip   29.48KB   167 downloads

  • 0

#8
Biscuithd
Posted 02 July 2014 - 07:33 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Sorry I thought I zipped it...hope it is now :)

Yes, I've got it now. :)

 

After consulting with other much smarter than me, it would appear that you have a version of CA a/v on your system that is causing the issue. It is either not installed correctly or not uninstalled correctly. The advice is to uninstall it. The let me know how the machine is behaving.


  • 0

#9
Andro
Posted 03 July 2014 - 05:46 AM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Can you please explain what CA a/v is ?


  • 0

#10
Biscuithd
Posted 03 July 2014 - 06:23 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm sorry! I'm way too used to talking in acknyroms. :oops:

 

CA is Computer Associates

AV or A/V is Anti-Virus

 

I appears like it was installed at one time, but not completely uninstalled.

Got to Control Panel (Click Start, Control Panel), Add/Remove Programs. (You might have to hunt around to find Add/Remove programs or the Installed Programs list). Once you get to the list, look for CA or Computer Associates A/V or Anti-Virus and uninstall it. Once it's off your system you can either find a new version on the CA website or use Microsoft Security Essentials or Microsoft Defender (only one is compatable with your Operating System)


  • 0

Advertisements

#11
Andro
Posted 03 July 2014 - 12:48 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

It's ok :)

 

I removed my anti-virus (Microsoft Security Essentials) and installed the latest version. After that I was able to put the computer to sleep. I think now we should wait a couple of days to see if the problem is solved. Meanwhile I will test my computer by putting it to sleep a couple more times. What's your opinion ?


  • 0

#12
Biscuithd
Posted 03 July 2014 - 05:58 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I like your plan!

 

Additionally, I'd like to see if we can't get the rest of the CA Installation uninstalled. It might also be called Total Defense. Click this link and work through the instructions. Also, let me know how it goes.


  • 0

#13
Andro
Posted 04 July 2014 - 01:19 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

I followed your instructions but I don't have that Total Defense installed. Unfortunately I have a bad news...I put my computer in sleep again today but I got the same BSOD, then it shut down.


  • 0

#14
Biscuithd
Posted 04 July 2014 - 02:09 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Honestly, I'm not surprised since we've not found the source of those files. Like I said, I think they part of CA somehow.

 

Could you forward the most recent minidump and another OTL scan and this time click the Extra Registry , all and then press Scan. You'll get two logs, otl.txt and estras.txt. Post both and the minidumps.


  • 0

#15
Andro
Posted 05 July 2014 - 12:44 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

I only got otl.txt so below is the report...

OTL logfile created on: 5.7.2014 20:18:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andro\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy
 
2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,38% Memory free
4,00 Gb Paging File | 2,21 Gb Available in Paging File | 55,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 115,58 Gb Free Space | 49,63% Space Free | Partition Type: NTFS
 
Computer Name: BESTINTHEWORLD | User Name: Andro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014.06.24 14:39:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andro\Downloads\OTL.exe
PRC - [2014.06.20 19:47:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.06.14 12:39:04 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
PRC - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.05.12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.04.09 20:19:03 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014.03.21 10:32:44 | 000,951,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014.03.21 10:32:44 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014.03.21 10:32:44 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014.03.04 14:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2014.02.05 03:31:22 | 000,126,995 | ---- | M] (VideoLAN) -- C:\Windows.old\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2011.01.20 17:56:46 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014.06.20 19:46:38 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.06.14 12:39:01 | 017,024,688 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_14_0_0_125.dll
MOD - [2014.02.05 03:32:36 | 002,396,179 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2014.02.05 03:32:34 | 000,063,507 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
MOD - [2014.02.05 03:32:34 | 000,036,883 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
MOD - [2014.02.05 03:32:34 | 000,021,523 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
MOD - [2014.02.05 03:32:34 | 000,021,011 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
MOD - [2014.02.05 03:32:32 | 000,030,739 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
MOD - [2014.02.05 03:32:32 | 000,025,619 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
MOD - [2014.02.05 03:32:32 | 000,024,595 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
MOD - [2014.02.05 03:32:28 | 011,148,307 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2014.02.05 03:32:24 | 000,031,251 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2014.02.05 03:32:24 | 000,027,667 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
MOD - [2014.02.05 03:32:24 | 000,017,939 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2014.02.05 03:32:22 | 000,336,403 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2014.02.05 03:32:22 | 000,291,859 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2014.02.05 03:32:22 | 000,019,475 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
MOD - [2014.02.05 03:32:22 | 000,018,451 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2014.02.05 03:32:20 | 001,371,667 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2014.02.05 03:32:18 | 000,027,155 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
MOD - [2014.02.05 03:32:18 | 000,018,963 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2014.02.05 03:32:18 | 000,015,891 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2014.02.05 03:32:16 | 001,280,019 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2014.02.05 03:32:16 | 000,733,203 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2014.02.05 03:32:16 | 000,171,027 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
MOD - [2014.02.05 03:32:16 | 000,022,035 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2014.02.05 03:32:16 | 000,019,987 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2014.02.05 03:32:14 | 010,396,179 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
MOD - [2014.02.05 03:32:14 | 000,344,595 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2014.02.05 03:32:14 | 000,198,675 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2014.02.05 03:32:14 | 000,017,427 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
MOD - [2014.02.05 03:32:06 | 000,146,451 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2014.02.05 03:32:06 | 000,054,291 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2014.02.05 03:32:06 | 000,038,419 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2014.02.05 03:32:06 | 000,026,131 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2014.02.05 03:32:06 | 000,016,403 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
MOD - [2014.02.05 03:32:04 | 000,013,843 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
MOD - [2014.02.05 03:32:04 | 000,013,843 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
MOD - [2014.02.05 03:32:02 | 000,555,027 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
MOD - [2014.02.05 03:32:00 | 000,015,379 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
MOD - [2014.02.05 03:31:58 | 000,296,979 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2014.02.05 03:31:58 | 000,168,979 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2014.02.05 03:31:56 | 000,058,899 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2014.02.05 03:31:56 | 000,025,619 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2014.02.05 03:31:56 | 000,014,355 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2014.02.05 03:31:54 | 001,512,467 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2014.02.05 03:31:54 | 001,496,083 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2014.02.05 03:31:54 | 000,130,579 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2014.02.05 03:31:54 | 000,019,475 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2014.02.05 03:31:54 | 000,018,963 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2014.02.05 03:31:54 | 000,015,379 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
MOD - [2014.02.05 03:31:54 | 000,014,867 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2014.02.05 03:31:54 | 000,014,355 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2014.02.05 03:31:54 | 000,013,331 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2014.02.05 03:31:52 | 000,036,371 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
MOD - [2014.02.05 03:31:48 | 000,383,507 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
MOD - [2014.02.05 03:31:48 | 000,118,803 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
MOD - [2014.02.05 03:31:48 | 000,017,427 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
MOD - [2014.02.05 03:31:48 | 000,014,867 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
MOD - [2014.02.05 03:31:46 | 001,248,787 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2014.02.05 03:31:46 | 000,021,011 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
MOD - [2014.02.05 03:31:44 | 000,053,779 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
MOD - [2014.02.05 03:31:44 | 000,019,987 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
MOD - [2014.02.05 03:31:44 | 000,019,987 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
MOD - [2014.02.05 03:31:42 | 000,724,499 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,113,683 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,067,091 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,066,579 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,032,275 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,027,667 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,026,643 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,020,499 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,018,963 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,017,427 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,016,915 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,015,379 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
MOD - [2014.02.05 03:31:40 | 000,015,379 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
MOD - [2014.02.05 03:31:38 | 000,675,347 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll
MOD - [2014.02.05 03:31:38 | 000,268,307 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2014.02.05 03:31:38 | 000,240,659 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2014.02.05 03:31:38 | 000,076,307 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2014.02.05 03:31:36 | 002,021,395 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2014.02.05 03:31:36 | 000,114,195 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2014.02.05 03:31:36 | 000,045,587 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2014.02.05 03:31:34 | 000,116,755 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
MOD - [2014.02.05 03:31:34 | 000,100,371 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2014.02.05 03:31:34 | 000,077,331 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
MOD - [2014.02.05 03:31:34 | 000,074,259 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
MOD - [2014.02.05 03:31:34 | 000,040,467 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2014.02.05 03:31:34 | 000,015,891 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll
MOD - [2014.02.05 03:31:34 | 000,014,355 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\access\libaccess_udp_plugin.dll
MOD - [2014.02.05 03:31:32 | 000,019,987 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,524,819 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,133,139 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,127,507 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,091,667 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,025,619 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,021,523 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,019,987 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,018,963 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,018,451 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,016,403 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
MOD - [2014.02.05 03:31:30 | 000,014,355 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll
MOD - [2014.02.05 03:31:28 | 001,194,003 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
MOD - [2014.02.05 03:31:28 | 000,929,299 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
MOD - [2014.02.05 03:31:28 | 000,189,971 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2014.02.05 03:31:28 | 000,144,403 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
MOD - [2014.02.05 03:31:28 | 000,067,603 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
MOD - [2014.02.05 03:31:28 | 000,023,059 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
MOD - [2014.02.05 03:31:28 | 000,018,451 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
MOD - [2014.02.05 03:31:28 | 000,017,427 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll
MOD - [2014.02.05 03:31:28 | 000,015,379 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll
MOD - [2014.02.05 03:31:26 | 000,708,627 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
MOD - [2014.02.05 03:31:26 | 000,417,811 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll
MOD - [2014.02.05 03:31:26 | 000,023,059 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll
MOD - [2014.02.05 03:31:26 | 000,014,867 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
MOD - [2014.02.05 03:31:24 | 000,531,475 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
MOD - [2014.02.05 03:31:24 | 000,060,947 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
MOD - [2014.02.05 03:31:22 | 000,113,171 | ---- | M] () -- C:\Windows.old\Program Files\VideoLAN\VLC\libvlc.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2014.06.20 19:47:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.05.30 10:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.04.12 01:26:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2014.03.21 10:32:44 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014.03.21 10:32:44 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2014.07.05 17:42:54 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014.06.16 09:27:08 | 000,016,064 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2014.05.23 21:57:06 | 000,214,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2014.05.21 01:09:02 | 000,017,088 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV - [2014.05.12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014.05.12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014.03.11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014.03.04 16:29:02 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011.08.15 22:34:56 | 000,108,544 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2011.01.20 17:57:01 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011.01.20 17:56:51 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.01.20 17:56:24 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2011.01.20 17:56:24 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2011.01.20 17:56:24 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2011.01.20 17:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2011.01.20 17:56:24 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2011.01.20 17:56:24 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2011.01.20 17:56:23 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2011.01.20 17:56:23 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2011.01.20 17:56:23 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2011.01.20 17:56:22 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2011.01.20 17:56:22 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2007.01.10 21:03:20 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\BIOSTools\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2005.10.13 16:41:32 | 000,156,800 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPC610NC.sys -- (SPC610NC)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U221DHP&pc=U221
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledAddons: %7BCB454AEB-2F60-4441-ADEB-2CB43BB33B20%7D:3.0
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.5.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014.04.09 15:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andro\AppData\Roaming\Mozilla\Extensions
[2014.06.27 22:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\y3nc44k1.default\extensions
[2014.06.27 22:56:49 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\y3nc44k1.default\extensions\[email protected]
[2014.04.26 21:32:53 | 000,027,540 | ---- | M] () (No name found) -- C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\y3nc44k1.default\extensions\{CB454AEB-2F60-4441-ADEB-2CB43BB33B20}.xpi
[2014.06.20 19:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.06.20 19:47:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB6992B4-DBC4-4494-B388-7D68562CAA9B}: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6da17a85-c02c-11e3-9169-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6da17a85-c02c-11e3-9169-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014.07.03 15:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014.07.03 15:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014.07.03 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014.06.25 12:47:52 | 000,101,664 | ---- | C] (Glarysoft Ltd) -- C:\Windows\System32\BootDefrag.exe
[2014.06.25 12:47:52 | 000,016,064 | ---- | C] (Glarysoft Ltd) -- C:\Windows\System32\drivers\BootDefragDriver.sys
[2014.06.20 19:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.06.18 13:52:42 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Local\NVIDIA Corporation
[2014.06.18 13:52:42 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Local\NVIDIA
[2014.06.18 13:43:44 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014.06.08 20:55:48 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014.06.06 01:29:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014.06.06 01:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014.06.06 01:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014.06.05 21:02:21 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Roaming\ParetoLogic
[2014.06.05 21:02:21 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Roaming\DriverCure
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014.07.05 20:10:02 | 000,030,698 | ---- | M] () -- C:\Users\Andro\Desktop\DMP.zip
[2014.07.05 17:49:20 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.05 17:49:20 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.05 17:42:54 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.07.05 17:42:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.05 17:41:55 | 1609,420,800 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.04 21:02:23 | 192,949,087 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.07.03 15:58:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014.07.03 15:33:06 | 000,001,226 | ---- | M] () -- C:\Users\Andro\Desktop\Revo Uninstaller.lnk
[2014.07.01 21:01:40 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\GlaryOneClickOptimizer 5.job
[2014.07.01 14:13:12 | 000,060,610 | ---- | M] () -- C:\Users\Andro\Documents\DSC0131.jpg
[2014.06.25 20:57:53 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014.06.25 12:47:58 | 000,001,066 | ---- | M] () -- C:\Users\Andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014.06.25 12:47:58 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014.06.23 16:08:58 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.06.23 16:08:58 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.06.20 22:12:54 | 000,000,833 | ---- | M] () -- C:\Users\Andro\Desktop\BitTorrent.lnk
[2014.06.20 22:12:54 | 000,000,813 | ---- | M] () -- C:\Users\Andro\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014.06.16 10:37:42 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- C:\Windows\System32\BootDefrag.exe
[2014.06.16 09:27:08 | 000,016,064 | ---- | M] (Glarysoft Ltd) -- C:\Windows\System32\drivers\BootDefragDriver.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014.07.05 20:10:02 | 000,030,698 | ---- | C] () -- C:\Users\Andro\Desktop\DMP.zip
[2014.07.03 15:58:04 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014.07.03 15:33:06 | 000,001,226 | ---- | C] () -- C:\Users\Andro\Desktop\Revo Uninstaller.lnk
[2014.07.01 14:13:12 | 000,060,610 | ---- | C] () -- C:\Users\Andro\Documents\DSC0131.jpg
[2014.06.20 22:12:54 | 000,000,813 | ---- | C] () -- C:\Users\Andro\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014.06.18 13:11:17 | 192,949,087 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.05.23 22:30:19 | 000,757,301 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.04.14 21:24:10 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PAStiSvc.exe
[2014.04.14 21:14:53 | 000,470,016 | ---- | C] () -- C:\Windows\VPro500.exe
[2014.04.12 22:38:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014.04.10 21:46:55 | 000,218,200 | ---- | C] () -- C:\Windows\System32\unrar.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011.01.20 17:56:46 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014.06.23 01:16:06 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\BitTorrent
[2014.07.01 12:55:23 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\DiskDefrag
[2014.06.05 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\DriverCure
[2014.05.21 01:09:19 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\GlarySoft
[2014.05.23 21:40:56 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\IObit
[2014.06.05 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\ParetoLogic
[2014.04.17 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\SumatraPDF
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Attached Files

  • Attached File  DMP.zip   29.98KB   163 downloads

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP