Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing storage space


  • This topic is locked This topic is locked
21 replies to this topic

#1 Up Scene

Up Scene

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 06 March 2014 - 01:13 PM

So my computer is pretty much brand new (built it around 2 weeks ago) and i think i might got some kind of something. Not having any performance issues but there is  almost nothing downloaded on the hard drive but it is showing around 80% full. i dont really know that much about computers so any help would be greatly appreciated. thank you for reading.


Edited by Up Scene, 06 March 2014 - 01:14 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 06 March 2014 - 02:27 PM

Hello Up Scene. Lets run these and see if they reveal any thing as this can be the result of a few malwares.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]
  • [/list]
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Up Scene

Up Scene
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 06 March 2014 - 08:42 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by up scene (administrator) on 06-03-2014 at 19:59:09
Running from "C:\Users\up scene\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : upscene-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : neo.rr.com
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : neo.rr.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : B8-97-5A-3F-BC-B6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2605:a000:121a:40ff:9178:1386:a26d:4d31(Preferred) 
   IPv6 Address. . . . . . . . . . . : fd36:cbe2:90e6:0:9178:1386:a26d:4d31(Preferred) 
   Temporary IPv6 Address. . . . . . : 2605:a000:121a:40ff:3ca3:b3c2:ce14:47f0(Preferred) 
   Temporary IPv6 Address. . . . . . : fd36:cbe2:90e6:0:3ca3:b3c2:ce14:47f0(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::9178:1386:a26d:4d31%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.134(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, March 06, 2014 7:56:53 PM
   Lease Expires . . . . . . . . . . : Friday, March 07, 2014 7:56:53 PM
   Default Gateway . . . . . . . . . : fe80::4af8:b3ff:fe34:1191%10
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 246978394
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-9A-46-1A-B8-97-5A-3F-BC-B6
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24b0:d98:b446:55c5(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::24b0:d98:b446:55c5%12(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.neo.rr.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : neo.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Name:    google.com
Addresses:  2607:f8b0:4009:801::1004
 74.125.225.99
 74.125.225.100
 74.125.225.101
 74.125.225.102
 74.125.225.103
 74.125.225.104
 74.125.225.105
 74.125.225.110
 74.125.225.96
 74.125.225.97
 74.125.225.98
 
 
Pinging google.com [2607:f8b0:4009:806::1006] with 32 bytes of data:
Reply from 2607:f8b0:4009:806::1006: time=34ms 
Reply from 2607:f8b0:4009:806::1006: time=56ms 
 
Ping statistics for 2607:f8b0:4009:806::1006:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 56ms, Average = 45ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=63ms TTL=47
Reply from 98.139.183.24: bytes=32 time=63ms TTL=47
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 63ms, Maximum = 63ms, Average = 63ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...b8 97 5a 3f bc b6 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.134     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.134    276
    192.168.1.134  255.255.255.255         On-link     192.168.1.134    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.134    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.134    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.134    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::4af8:b3ff:fe34:1191
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:90d7:24b0:d98:b446:55c5/128
                                    On-link
 10     28 2605:a000:121a:40ff::/64 On-link
 10     36 2605:a000:121a:40ff::/64 fe80::4af8:b3ff:fe34:1191
 10    276 2605:a000:121a:40ff:3ca3:b3c2:ce14:47f0/128
                                    On-link
 10    276 2605:a000:121a:40ff:9178:1386:a26d:4d31/128
                                    On-link
 10     28 fd36:cbe2:90e6::/64      On-link
 10    276 fd36:cbe2:90e6:0:3ca3:b3c2:ce14:47f0/128
                                    On-link
 10    276 fd36:cbe2:90e6:0:9178:1386:a26d:4d31/128
                                    On-link
 10    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::24b0:d98:b446:55c5/128
                                    On-link
 10    276 fe80::9178:1386:a26d:4d31/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/03/2014 09:04:09 PM) (Source: Application Hang) (User: )
Description: The program Warframe.x64.exe version 2014.2.27.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2b0
 
Start Time: 01cf374d60783030
 
Termination Time: 54
 
Application Path: C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
 
Report Id:
 
Error: (03/02/2014 07:27:16 PM) (Source: Application Hang) (User: )
Description: The program Warframe.x64.exe version 2014.2.27.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e70
 
Start Time: 01cf3677092729ce
 
Termination Time: 45
 
Application Path: C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
 
Report Id:
 
Error: (02/27/2014 01:22:44 AM) (Source: Application Hang) (User: )
Description: The program Warframe.x64.exe version 2014.2.26.22 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10f4
 
Start Time: 01cf3382d6363c8a
 
Termination Time: 63
 
Application Path: C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
 
Report Id:
 
Error: (02/26/2014 02:10:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}
 
Error: (02/25/2014 03:46:00 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}
 
Error: (02/24/2014 08:35:59 PM) (Source: ESENT) (User: )
Description: WinMail (2952) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (02/24/2014 08:35:58 PM) (Source: ESENT) (User: )
Description: WinMail (2116) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (02/24/2014 08:34:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: UNS.exe, version: 8.1.0.1265, time stamp: 0x4ff5f2ea
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x70cc6cc4
Faulting process id: 0x2a8
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
 
Error: (02/24/2014 08:34:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: daemonu.exe, version: 1.10.8.0, time stamp: 0x50490af2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x70cc6cc4
Faulting process id: 0xb40
Faulting application start time: 0xdaemonu.exe0
Faulting application path: daemonu.exe1
Faulting module path: daemonu.exe2
Report Id: daemonu.exe3
 
Error: (02/24/2014 08:34:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: LMS.exe, version: 8.1.0.1265, time stamp: 0x4ff5f275
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x70cc6cc4
Faulting process id: 0xacc
Faulting application start time: 0xLMS.exe0
Faulting application path: LMS.exe1
Faulting module path: LMS.exe2
Report Id: LMS.exe3
 
 
System errors:
=============
Error: (02/28/2014 02:54:34 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:52:01 PM on ?2/?28/?2014 was unexpected.
 
Error: (02/27/2014 00:22:44 AM) (Source: Service Control Manager) (User: )
Description: The Update FindRight service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (02/27/2014 00:22:38 AM) (Source: Service Control Manager) (User: )
Description: The Util FindRight service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (02/26/2014 05:34:10 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/26/2014 05:30:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB2909210).
 
Error: (02/26/2014 02:10:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
 
Error: (02/25/2014 08:45:58 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:45:13 PM on ?2/?25/?2014 was unexpected.
 
Error: (02/25/2014 08:27:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
 
Error: (02/25/2014 08:25:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Windows Update Aux.
 
Error: (02/25/2014 04:31:33 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (03/03/2014 09:04:09 PM) (Source: Application Hang)(User: )
Description: Warframe.x64.exe2014.2.27.142b001cf374d6078303054C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
 
Error: (03/02/2014 07:27:16 PM) (Source: Application Hang)(User: )
Description: Warframe.x64.exe2014.2.27.14e7001cf3677092729ce45C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
 
Error: (02/27/2014 01:22:44 AM) (Source: Application Hang)(User: )
Description: Warframe.x64.exe2014.2.26.2210f401cf3382d6363c8a63C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
 
Error: (02/26/2014 02:10:40 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/25/2014 03:46:00 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/24/2014 08:35:59 PM) (Source: ESENT)(User: )
Description: WinMail2952WindowsMail0:
 
Error: (02/24/2014 08:35:58 PM) (Source: ESENT)(User: )
Description: WinMail2116WindowsMail0:
 
Error: (02/24/2014 08:34:18 PM) (Source: Application Error)(User: )
Description: UNS.exe8.1.0.12654ff5f2eaunknown0.0.0.000000000c000000570cc6cc42a801cf31c9882de4ccC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeunknownf0ff60a4-9dbc-11e3-9b23-b8975a3fbcb6
 
Error: (02/24/2014 08:34:18 PM) (Source: Application Error)(User: )
Description: daemonu.exe1.10.8.050490af2unknown0.0.0.000000000c000000570cc6cc4b4001cf31c98613edceC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeunknownf0e2d020-9dbc-11e3-9b23-b8975a3fbcb6
 
Error: (02/24/2014 08:34:18 PM) (Source: Application Error)(User: )
Description: LMS.exe8.1.0.12654ff5f275unknown0.0.0.000000000c000000570cc6cc4acc01cf31c985e1f0e8C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeunknownf0cd63be-9dbc-11e3-9b23-b8975a3fbcb6
 
 
=========================== Installed Programs ============================
 
ASUS GPU Tweak (Version: 2.2.6.0)
Battle.net
C3 (Version: 0.5.2143)
Core Temp version 0.99.8 (Version: 0.99.8)
Diablo III
Firefall
Google Chrome (Version: 33.0.1750.146)
Google Update Helper (Version: 1.3.22.5)
Intel® Control Center (Version: 1.2.1.1008)
Intel® Management Engine Components (Version: 8.1.0.1265)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NVIDIA 3D Vision Controller Driver 306.38 (Version: 306.38)
NVIDIA 3D Vision Driver 306.38 (Version: 306.38)
NVIDIA Control Panel 306.38 (Version: 306.38)
NVIDIA Graphics Driver 306.38 (Version: 306.38)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0807)
NVIDIA PhysX System Software 9.12.0807 (Version: 9.12.0807)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0638)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Origin (Version: 9.4.5.195)
Overwolf (Version: 0.50.310)
Realtek Ethernet Controller Driver (Version: 7.49.927.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6690)
RuneScape Launcher 1.2.3 (Version: 1.2.3)
Steam
TeamSpeak 3 Client (Version: 3.0.13)
Warframe (Version: 1.0.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 11%
Total physical RAM: 16333.07 MB
Available physical RAM: 14382.37 MB
Total Pagefile: 32664.31 MB
Available Pagefile: 30542.61 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.83 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:111.69 GB) (Free:24.27 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\UPSCENE-PC
 
Administrator            Guest                    up scene                 
UpdatusUser              
 
 
**** End of log ****
 
 
# AdwCleaner v3.020 - Report created 06/03/2014 at 19:55:35
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : up scene - UPSCENE-PC
# Running from : C:\Users\up scene\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\up scene\AppData\Roaming\DigitalSites
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\up scene\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [2130 octets] - [06/03/2014 19:54:00]
AdwCleaner[S0].txt - [1691 octets] - [06/03/2014 19:55:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1751 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by up scene on Thu 03/06/2014 at 20:02:03.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/06/2014 at 20:06:37.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
C:\Users\up scene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M69OLQRK\Setup[1].exe Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\up scene\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe a variant of Win32/TrojanDownloader.FakeNSIS.A trojan cleaned by deleting - quarantined
C:\Users\up scene\AppData\Local\Temp\is1590112554\14099172_stp\Mysearchdial.exe a variant of Win32/Toolbar.Funmoods.D potentially unwanted application deleted - quarantined
C:\Users\up scene\AppData\Local\Temp\is1590112554\14099432_stp\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 06 March 2014 - 09:35 PM

Hi, was TDSSKiller clean?

There are many errors lets see if we can fix them.

Let me know how it's running after this...

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Up Scene

Up Scene
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 07 March 2014 - 12:47 AM

ystem Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: UPSCENE-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\up scene
Current Profile SID: S-1-5-21-4225417110-420033379-3667336340-1000
Current Profile Classes: S-1-5-21-4225417110-420033379-3667336340-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\up scene\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 04:31:16
 
Process Count: 58
Commit Total: 2.56 GB
Commit Limit: 31.90 GB
Commit Peak: 4.47 GB
Handle Count: 18688
Kernel Total: 896.10 MB
Kernel Paged: 692.07 MB
Kernel Non Paged: 204.03 MB
System Cache: 13.55 GB
Thread Count: 779
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.95 GB
Memory Used: 2.51 GB(15.7518%)
Memory Avail.: 13.44 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.95 GB
Memory Used: 1.91 GB(11.9504%)
Memory Avail.: 14.04 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Start (3/7/2014 12:28:01 AM)
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (3/7/2014 12:28:01 AM)
   Running Repair Under Current User Account
   Done (3/7/2014 12:28:04 AM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/7/2014 12:28:04 AM)
   Running Repair Under System Account
   Done (3/7/2014 12:28:57 AM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (3/7/2014 12:28:57 AM)
   Running Repair Under System Account
   Done (3/7/2014 12:29:18 AM)
 
03 - Register System Files
   Start (3/7/2014 12:29:18 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:29:31 AM)
 
04 - Repair WMI
   Start (3/7/2014 12:29:31 AM)
   Running Repair Under Current User Account
   Done (3/7/2014 12:30:54 AM)
 
05 - Repair Windows Firewall
   Start (3/7/2014 12:30:54 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:31:19 AM)
 
06 - Repair Internet Explorer
   Start (3/7/2014 12:31:19 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:31:37 AM)
 
07 - Repair MDAC/MS Jet
   Start (3/7/2014 12:31:37 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:31:46 AM)
 
08 - Repair Hosts File
   Start (3/7/2014 12:31:46 AM)
   Running Repair Under System Account
   Done (3/7/2014 12:31:48 AM)
 
09 - Remove Policies Set By Infections
   Start (3/7/2014 12:31:48 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:31:53 AM)
 
11 - Repair Icons
   Start (3/7/2014 12:31:53 AM)
   Running Repair Under Current User Account
   Done (3/7/2014 12:31:55 AM)
 
12 - Repair Winsock & DNS Cache
   Start (3/7/2014 12:31:55 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:32:08 AM)
 
14 - Repair Proxy Settings
   Start (3/7/2014 12:32:08 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:32:13 AM)
 
16 - Repair Windows Updates
   Start (3/7/2014 12:32:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:32:37 AM)
 
17 - Repair CD/DVD Missing/Not Working
   Start (3/7/2014 12:32:37 AM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (3/7/2014 12:32:37 AM)
 
18 - Repair Volume Shadow Copy Service
   Start (3/7/2014 12:32:37 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:32:41 AM)
 
20 - Repair MSI (Windows Installer)
   Start (3/7/2014 12:32:41 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:32:50 AM)
 
22.01 - Repair bat Association
   Start (3/7/2014 12:32:50 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:32:55 AM)
 
22.02 - Repair cmd Association
   Start (3/7/2014 12:32:55 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:32:59 AM)
 
22.03 - Repair com Association
   Start (3/7/2014 12:32:59 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:04 AM)
 
22.04 - Repair Directory Association
   Start (3/7/2014 12:33:04 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:09 AM)
 
22.05 - Repair Drive Association
   Start (3/7/2014 12:33:09 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:13 AM)
 
22.06 - Repair exe Association
   Start (3/7/2014 12:33:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:18 AM)
 
22.07 - Repair Folder Association
   Start (3/7/2014 12:33:18 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:22 AM)
 
22.08 - Repair inf Association
   Start (3/7/2014 12:33:22 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:27 AM)
 
22.09 - Repair lnk (Shortcuts) Association
   Start (3/7/2014 12:33:27 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:32 AM)
 
22.10 - Repair msc Association
   Start (3/7/2014 12:33:32 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:36 AM)
 
22.11 - Repair reg Association
   Start (3/7/2014 12:33:36 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:41 AM)
 
22.12 - Repair scr Association
   Start (3/7/2014 12:33:41 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:46 AM)
 
23 - Repair Windows Safe Mode
   Start (3/7/2014 12:33:46 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:33:50 AM)
 
24 - Repair Print Spooler
   Start (3/7/2014 12:33:50 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:34:03 AM)
 
25 - Restore Important Windows Services
   Start (3/7/2014 12:34:03 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:34:16 AM)
 
26 - Set Windows Services To Default Startup
   Start (3/7/2014 12:34:16 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/7/2014 12:34:20 AM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (3/7/2014 12:34:20 AM)
   Total Repair Time: 00:06:20


#6 Up Scene

Up Scene
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 07 March 2014 - 12:48 AM

yes TDSSKiller was clean



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 07 March 2014 - 04:00 PM

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Up Scene

Up Scene
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 07 March 2014 - 06:31 PM

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : up scene [Admin rights]
Mode : Scan -- Date : 03/07/2014 18:29:38
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Samsung SSD 840 EVO 120GB ATA Device +++++
--- User ---
[MBR] 6a79899692c626b7eb21112560b4f43c
[BSP] b4b5dede23cc02e0b7838e2119597b03 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_03072014_182938.txt >>


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 07 March 2014 - 08:21 PM

  • Close all programs and disconnect any USB or external drives before running the tool.
  • Double-click RogueKiller.exe to run the tool again (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", this time click the Delete button.
  • Copy and paste the report that opens into your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Up Scene

Up Scene
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 07 March 2014 - 08:56 PM

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : up scene [Admin rights]
Mode : Remove -- Date : 03/07/2014 20:54:11
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Samsung SSD 840 EVO 120GB ATA Device +++++
--- User ---
[MBR] 6a79899692c626b7eb21112560b4f43c
[BSP] b4b5dede23cc02e0b7838e2119597b03 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_03072014_205411.txt >>
RKreport[0]_S_03072014_182938.txt;RKreport[0]_S_03072014_205029.txt


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 07 March 2014 - 09:03 PM

Re run Mintoolbox and only check.... List Users, Partitions and Memory size.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Up Scene

Up Scene
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 07 March 2014 - 10:04 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by up scene (administrator) on 07-03-2014 at 22:03:38
Running from "C:\Users\up scene\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Memory info: ===================================
 
Percentage of memory in use: 13%
Total physical RAM: 16333.07 MB
Available physical RAM: 14195.19 MB
Total Pagefile: 32664.31 MB
Available Pagefile: 30317.92 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.45 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:111.69 GB) (Free:25.92 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\UPSCENE-PC
 
Administrator            Guest                    up scene                 
UpdatusUser              
 
 
**** End of log ****


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 07 March 2014 - 10:42 PM

Hmmm
1 Drive c: () (Fixed) (Total:111.69 GB) (Free:24.27 GB) NTFS
1 Drive c: () (Fixed) (Total:111.69 GB) (Free:25.92 GB) NTFS
Not much of a gain.
This app appears to have may errors, Uninstall it and reboot
Warframe
 
Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
  • Install your game.
Check the drive space again

Edited by boopme, 07 March 2014 - 10:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Up Scene

Up Scene
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 07 March 2014 - 11:00 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by up scene (administrator) on 07-03-2014 at 22:58:11
Running from "C:\Users\up scene\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Memory info: ===================================
 
Percentage of memory in use: 10%
Total physical RAM: 16333.07 MB
Available physical RAM: 14539.87 MB
Total Pagefile: 32664.31 MB
Available Pagefile: 30798.47 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.95 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:111.69 GB) (Free:26.57 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\UPSCENE-PC
 
Administrator            Guest                    up scene                 
UpdatusUser              
 
 
**** End of log ****


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:16 PM

Posted 07 March 2014 - 11:06 PM

I think we have to get a deeper look, unless you are saving a lot of pics or videos or music. Some hidden rootkits do this.
 
You will have to make a new topic... Lost drive space
 
Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users