Hi !
When i try to put my computer in sleep mode the BSOD appears for a moment (with stop code 0x0000000A) then restarts itself or shuts down. WhoCrashed report shows that problem is caused by ntkrnlpa.exe and ntkrpamp.exe. I've tried to solve the problem with memory test, PSU test and by updating drivers. I've checked the disk and verified files. I've also checked my computer with MBAM but no errors (steps already taken can be found on this link http://www.geekstogo...#entry2412071).
Thank you for your help
Below is OTL report
OTL logfile created on: 24.6.2014 14:42:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andro\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,62% Memory free
4,00 Gb Paging File | 2,18 Gb Available in Paging File | 54,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 114,34 Gb Free Space | 49,10% Space Free | Partition Type: NTFS
Computer Name: BESTINTHEWORLD | User Name: Andro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.06.24 14:39:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andro\Downloads\OTL.exe
PRC - [2014.06.20 19:47:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.06.14 12:39:04 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
PRC - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.05.12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.04.09 20:19:03 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014.03.11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014.03.11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014.03.11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014.03.04 14:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.01.20 17:56:46 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
========== Modules (No Company Name) ==========
MOD - [2014.06.20 19:46:38 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.06.14 12:39:01 | 017,024,688 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_14_0_0_125.dll
========== Services (SafeList) ==========
SRV - [2014.06.20 19:47:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.05.30 10:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.04.12 01:26:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2014.03.11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014.03.11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E47A5BE-3E15-4A87-A87E-503D2E21653C}\MpKsla0cb6fbe.sys -- (MpKsla0cb6fbe)
DRV - [2014.06.24 14:19:15 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014.05.23 21:57:06 | 000,214,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2014.05.21 01:09:02 | 000,017,088 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV - [2014.05.12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014.05.12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014.03.11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014.03.04 16:29:02 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011.08.15 22:34:56 | 000,108,544 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2011.01.20 17:57:01 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011.01.20 17:56:51 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.01.20 17:56:24 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2011.01.20 17:56:24 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2011.01.20 17:56:24 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2011.01.20 17:56:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2011.01.20 17:56:24 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2011.01.20 17:56:24 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2011.01.20 17:56:23 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2011.01.20 17:56:23 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2011.01.20 17:56:23 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2011.01.20 17:56:22 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2011.01.20 17:56:22 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2007.01.10 21:03:20 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\BIOSTools\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2005.10.13 16:41:32 | 000,156,800 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPC610NC.sys -- (SPC610NC)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...U221DHP&pc=U221
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7BCB454AEB-2F60-4441-ADEB-2CB43BB33B20%7D:3.0
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014.04.09 15:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andro\AppData\Roaming\Mozilla\Extensions
[2014.06.22 15:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\y3nc44k1.default\extensions
[2014.06.22 15:47:42 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\y3nc44k1.default\extensions\[email protected]
[2014.04.26 21:32:53 | 000,027,540 | ---- | M] () (No name found) -- C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\y3nc44k1.default\extensions\{CB454AEB-2F60-4441-ADEB-2CB43BB33B20}.xpi
[2014.06.20 19:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.06.20 19:47:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB6992B4-DBC4-4494-B388-7D68562CAA9B}: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6da17a85-c02c-11e3-9169-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6da17a85-c02c-11e3-9169-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014.06.20 19:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.06.18 13:52:42 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Local\NVIDIA Corporation
[2014.06.18 13:52:42 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Local\NVIDIA
[2014.06.18 13:43:44 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014.06.08 20:55:48 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014.06.06 01:29:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014.06.06 01:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014.06.06 01:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014.06.05 21:02:21 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Roaming\ParetoLogic
[2014.06.05 21:02:21 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Roaming\DriverCure
[2014.06.05 20:10:17 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Local\Diagnostics
[2014.06.02 01:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2014.06.02 01:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2014.06.02 01:00:50 | 000,000,000 | ---D | C] -- C:\Users\Andro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014.06.02 01:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014.06.02 01:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2014.05.31 18:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.06.24 14:19:15 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.06.24 13:16:08 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.24 13:16:08 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.24 13:08:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.24 13:08:38 | 1609,420,800 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.23 16:08:58 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.06.23 16:08:58 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.06.20 22:12:54 | 000,000,833 | ---- | M] () -- C:\Users\Andro\Desktop\BitTorrent.lnk
[2014.06.20 22:12:54 | 000,000,813 | ---- | M] () -- C:\Users\Andro\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014.06.20 08:23:42 | 216,943,391 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.06.10 21:01:36 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\GlaryOneClickOptimizer 5.job
[2014.06.04 13:41:16 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014.06.03 21:54:02 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.06.02 01:08:02 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2014.06.02 01:00:50 | 000,000,969 | ---- | M] () -- C:\Users\Andro\Desktop\SpeedFan.lnk
[2014.06.02 01:00:46 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2014.05.31 18:27:41 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.06.20 22:12:54 | 000,000,813 | ---- | C] () -- C:\Users\Andro\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014.06.18 13:11:17 | 216,943,391 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.06.04 01:26:51 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\GlaryOneClickOptimizer 5.job
[2014.06.02 01:08:02 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2014.06.02 01:00:50 | 000,000,969 | ---- | C] () -- C:\Users\Andro\Desktop\SpeedFan.lnk
[2014.06.02 01:00:45 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2014.05.31 18:27:41 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014.05.23 22:30:19 | 000,757,301 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2014.04.14 21:24:10 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PAStiSvc.exe
[2014.04.14 21:14:53 | 000,470,016 | ---- | C] () -- C:\Windows\VPro500.exe
[2014.04.12 22:38:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014.04.10 21:46:55 | 000,218,200 | ---- | C] () -- C:\Windows\System32\unrar.dll
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011.01.20 17:56:46 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014.06.23 01:16:06 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\BitTorrent
[2014.05.19 12:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\DiskDefrag
[2014.06.05 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\DriverCure
[2014.05.21 01:09:19 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\GlarySoft
[2014.05.23 21:40:56 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\IObit
[2014.06.05 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\ParetoLogic
[2014.04.17 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\Andro\AppData\Roaming\SumatraPDF
========== Purity Check ==========
< End of report >
Edited by Andro, 24 June 2014 - 01:03 PM.