Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer shuts off during/after bootup


  • Please log in to reply

#1
Hollz

Hollz

    Member

  • Member
  • PipPip
  • 55 posts
I originally posted in the hardware forum and was referred here by my friend phillpower2. My computer has started shutting off randomly during Windows bootup or within the first 5 minutes or so afterwards. It could take me anywhere from 1-5 attempts to get my computer to stay on, but currently it's more like 3-5. This started a month or two ago. A week ago, I wiped my harddrive. I've run lots of diagnostic tests (results posted in forum) and they appear to be inconclusive. Phill mentioned my CPU bars looked a little off, but I noticed looking at speedfan the other day the bars were more erratic before they both calmed down.

I used to have Norton Antivirus (it drives me crazy so I'm trying to switch) and would try to run scans every week. Since I wiped my drive, I first got microsoft essentials but in the last few days switched to AVG at the recommendation of a friend. I ran the scan and also got the one-day trial of the tuneup program and ran all those tests until it gave me a complete thumbs up. So I'm not even sure if I have malware or not? I don't know much about it. I was also wondering if my second internal harddrive could be somehow infected? I didn't wipe that one. Just throwing ideas out. At this point I'm wondering if my computer is haunted!

Anyways, thanks in advance for your time, I have no idea what's going on with my computer! My computer was built originally in 2008 with some parts swapped out, so I know I need a new one soon but I'd like to avoid dishing out all the money for a bit if I can! Thanks!

Here's my OTL log:
OTL logfile created on: 3/16/2013 1:47:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hollz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 65.68% Memory free
8.00 Gb Paging File | 6.38 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 568.50 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 29.48 Gb Free Space | 12.66% Space Free | Partition Type: NTFS

Computer Name: HOLLZ-PC | User Name: Hollz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/13 21:05:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hollz\Desktop\OTL.exe
PRC - [2013/03/10 19:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/03/05 23:45:06 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/10 19:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 19:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 19:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 19:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 19:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 19:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/07/04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 4C C9 07 82 1B CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://mail.google....l/?shva=1#inbox
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Stitches = C:\Users\Hollz\AppData\Local\Google\Chrome\User Data\Default\Extensions\annpjgednbdhheijbefcpeaipapajkof\1.0_0\
CHR - Extension: Google Docs = C:\Users\Hollz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Hollz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Hollz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Hollz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Hollz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Gmail = C:\Users\Hollz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB179F97-07DF-4D26-805D-B800553CDE8F}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/13 23:19:33 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2013/03/13 23:19:33 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2013/03/13 23:19:32 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2013/03/13 23:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2013/03/13 23:19:13 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\AVG
[2013/03/13 23:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/03/13 23:18:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/03/13 23:10:20 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\AVG2013
[2013/03/13 23:03:21 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\TuneUp Software
[2013/03/13 23:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/13 23:02:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/03/13 23:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/03/13 23:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/03/13 22:58:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/13 22:58:23 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\MFAData
[2013/03/13 22:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/13 22:58:23 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\Avg2013
[2013/03/13 22:58:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/13 21:05:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hollz\Desktop\OTL.exe
[2013/03/12 21:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2013/03/12 21:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital Corporation
[2013/03/12 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\Hollz\Desktop\WinDlg_124
[2013/03/11 20:51:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/03/11 20:51:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/03/11 20:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/03/11 20:26:35 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\acccore
[2013/03/11 20:26:34 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\AIM
[2013/03/11 20:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2013/03/11 20:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2013/03/11 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2013/03/11 20:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2013/03/11 20:24:55 | 006,653,096 | ---- | C] (AOL Inc.) -- C:\Users\Hollz\Desktop\Install_AIM.exe
[2013/03/11 20:02:25 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\Spotify
[2013/03/11 20:01:54 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\Spotify
[2013/03/11 19:29:48 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\Macromedia
[2013/03/11 19:29:48 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\Adobe
[2013/03/11 19:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2013/03/11 19:29:33 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\AOL
[2013/03/10 16:49:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/03/10 16:49:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/03/07 17:24:28 | 004,812,216 | ---- | C] (Piriform Ltd) -- C:\Users\Hollz\Desktop\spsetup120 (1).exe
[2013/03/07 17:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/03/07 17:23:05 | 004,812,216 | ---- | C] (Piriform Ltd) -- C:\Users\Hollz\Desktop\spsetup120.exe
[2013/03/06 23:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013/03/06 23:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013/03/06 23:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/03/06 00:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/03/05 20:27:21 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/03/05 20:26:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/03/05 20:26:12 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/03/05 20:25:58 | 000,000,000 | -HSD | C] -- C:\Boot
[2013/03/05 18:55:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/03/05 18:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/05 18:50:34 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\Google
[2013/03/05 18:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/05 18:50:19 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\Apps
[2013/03/05 18:50:18 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\Deployment
[2013/03/05 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\InstallShield
[2013/03/05 18:39:15 | 000,000,000 | R--D | C] -- C:\Users\Hollz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/03/05 18:39:15 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Searches
[2013/03/05 18:39:15 | 000,000,000 | R--D | C] -- C:\Users\Hollz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/03/05 18:39:15 | 000,000,000 | -H-D | C] -- C:\Users\Hollz\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/03/05 18:39:08 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\Identities
[2013/03/05 18:39:07 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Contacts
[2013/03/05 18:39:05 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\VirtualStore
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\AppData\Local\Temporary Internet Files
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\Templates
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\Start Menu
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\SendTo
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\Recent
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\PrintHood
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\NetHood
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\Documents\My Videos
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\Documents\My Pictures
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\Documents\My Music
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\My Documents
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\Local Settings
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\AppData\Local\History
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\Cookies
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\Application Data
[2013/03/05 18:39:01 | 000,000,000 | -HSD | C] -- C:\Users\Hollz\AppData\Local\Application Data
[2013/03/05 18:39:00 | 000,000,000 | --SD | C] -- C:\Users\Hollz\AppData\Roaming\Microsoft
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Videos
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Saved Games
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Pictures
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Music
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Links
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Favorites
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Downloads
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Documents
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\Desktop
[2013/03/05 18:39:00 | 000,000,000 | R--D | C] -- C:\Users\Hollz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/03/05 18:39:00 | 000,000,000 | -H-D | C] -- C:\Users\Hollz\AppData
[2013/03/05 18:39:00 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\Temp
[2013/03/05 18:39:00 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Local\Microsoft
[2013/03/05 18:39:00 | 000,000,000 | ---D | C] -- C:\Users\Hollz\AppData\Roaming\Media Center Programs
[2013/03/05 18:38:45 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/03/05 18:38:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/02/26 23:40:46 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

========== Files - Modified Within 30 Days ==========

[2013/03/16 13:50:03 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/16 13:50:03 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/16 13:50:03 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/16 13:45:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/16 13:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/16 13:45:31 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/16 13:35:43 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/16 13:35:43 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/16 12:55:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/14 23:52:20 | 000,002,095 | ---- | M] () -- C:\Users\Hollz\Documents\Hadeon - Business Matters.rtf
[2013/03/14 23:24:36 | 000,003,397 | ---- | M] () -- C:\Users\Hollz\Documents\3-14-13 Wolf in Sheeps Clothing.rtf
[2013/03/14 22:49:44 | 000,014,102 | ---- | M] () -- C:\Users\Hollz\Documents\3-11-13 rok kray rp.rtf
[2013/03/14 21:59:21 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/13 23:03:21 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/13 22:58:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/13 22:41:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/03/13 22:34:29 | 000,275,435 | ---- | M] () -- C:\Users\Hollz\Documents\3-13-13.html
[2013/03/13 21:05:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hollz\Desktop\OTL.exe
[2013/03/12 21:20:49 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2013/03/11 20:32:08 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/03/11 20:32:08 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/03/11 20:26:35 | 000,000,376 | -H-- | M] () -- C:\IPH.PH
[2013/03/11 20:26:23 | 000,001,937 | ---- | M] () -- C:\Users\Hollz\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2013/03/11 20:26:23 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2013/03/11 20:25:17 | 006,653,096 | ---- | M] (AOL Inc.) -- C:\Users\Hollz\Desktop\Install_AIM.exe
[2013/03/11 20:02:25 | 000,001,809 | ---- | M] () -- C:\Users\Hollz\Desktop\Spotify.lnk
[2013/03/11 19:51:49 | 000,161,229 | ---- | M] () -- C:\Users\Hollz\Desktop\549916_551650794866487_1072704032_n.png
[2013/03/07 18:39:39 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/07 17:28:35 | 000,155,469 | ---- | M] () -- C:\Users\Hollz\Desktop\HWMss1.jpg
[2013/03/07 17:24:48 | 004,812,216 | ---- | M] (Piriform Ltd) -- C:\Users\Hollz\Desktop\spsetup120 (1).exe
[2013/03/07 17:23:19 | 004,812,216 | ---- | M] (Piriform Ltd) -- C:\Users\Hollz\Desktop\spsetup120.exe
[2013/03/07 17:14:27 | 000,001,439 | ---- | M] () -- C:\Users\Hollz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/06 23:54:08 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/06 23:54:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/06 23:40:20 | 000,091,015 | ---- | M] () -- C:\Users\Hollz\Desktop\speedfan.jpg
[2013/03/06 23:37:36 | 004,157,552 | ---- | M] ( ) -- C:\Users\Hollz\Desktop\hwmonitor_1.21-setup.exe
[2013/03/06 23:24:22 | 000,001,009 | ---- | M] () -- C:\Users\Hollz\Desktop\SpeedFan.lnk
[2013/03/06 23:24:19 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/03/06 20:54:09 | 002,787,328 | ---- | M] () -- C:\Users\Hollz\Desktop\dft32_v416_b00.iso
[2013/03/06 00:05:12 | 000,002,281 | ---- | M] () -- C:\Users\Hollz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/05 23:56:45 | 001,196,032 | ---- | M] () -- C:\Users\Hollz\Desktop\Memtest86-4.1.0.iso
[2013/03/05 20:30:13 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/03/05 20:30:13 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/03/05 20:26:00 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

========== Files Created - No Company Name ==========

[2013/03/14 23:26:25 | 000,002,095 | ---- | C] () -- C:\Users\Hollz\Documents\Hadeon - Business Matters.rtf
[2013/03/14 22:53:52 | 000,003,397 | ---- | C] () -- C:\Users\Hollz\Documents\3-14-13 Wolf in Sheeps Clothing.rtf
[2013/03/13 23:19:22 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2013/03/13 23:03:21 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/13 22:41:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/03/13 22:34:29 | 000,275,435 | ---- | C] () -- C:\Users\Hollz\Documents\3-13-13.html
[2013/03/12 21:20:49 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2013/03/11 21:28:25 | 000,014,102 | ---- | C] () -- C:\Users\Hollz\Documents\3-11-13 rok kray rp.rtf
[2013/03/11 20:26:23 | 000,001,937 | ---- | C] () -- C:\Users\Hollz\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2013/03/11 20:26:23 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2013/03/11 20:26:09 | 000,000,376 | -H-- | C] () -- C:\IPH.PH
[2013/03/11 20:02:25 | 000,001,809 | ---- | C] () -- C:\Users\Hollz\Desktop\Spotify.lnk
[2013/03/11 20:02:25 | 000,001,795 | ---- | C] () -- C:\Users\Hollz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/03/11 19:51:49 | 000,161,229 | ---- | C] () -- C:\Users\Hollz\Desktop\549916_551650794866487_1072704032_n.png
[2013/03/07 17:28:35 | 000,155,469 | ---- | C] () -- C:\Users\Hollz\Desktop\HWMss1.jpg
[2013/03/07 17:24:08 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/03/06 23:54:08 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/06 23:54:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/06 23:40:19 | 000,091,015 | ---- | C] () -- C:\Users\Hollz\Desktop\speedfan.jpg
[2013/03/06 23:38:19 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/03/06 23:37:28 | 004,157,552 | ---- | C] ( ) -- C:\Users\Hollz\Desktop\hwmonitor_1.21-setup.exe
[2013/03/06 23:24:22 | 000,001,009 | ---- | C] () -- C:\Users\Hollz\Desktop\SpeedFan.lnk
[2013/03/06 23:24:19 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/03/06 23:18:22 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/06 20:54:01 | 002,787,328 | ---- | C] () -- C:\Users\Hollz\Desktop\dft32_v416_b00.iso
[2013/03/05 20:29:57 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/03/05 20:29:54 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/03/05 20:26:51 | 3220,627,456 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/05 20:26:00 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2013/03/05 20:25:58 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013/03/05 18:51:13 | 000,002,281 | ---- | C] () -- C:\Users\Hollz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/05 18:51:13 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/05 18:50:36 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/05 18:50:35 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/05 18:49:36 | 000,001,439 | ---- | C] () -- C:\Users\Hollz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/05 18:47:09 | 000,001,732 | R--- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2013/03/05 18:40:03 | 000,001,411 | ---- | C] () -- C:\Users\Hollz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/03/05 18:40:00 | 000,001,445 | ---- | C] () -- C:\Users\Hollz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/03/05 18:39:00 | 000,000,290 | ---- | C] () -- C:\Users\Hollz\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/03/05 18:39:00 | 000,000,272 | ---- | C] () -- C:\Users\Hollz\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/11 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Hollz\AppData\Roaming\acccore
[2013/03/13 23:19:13 | 000,000,000 | ---D | M] -- C:\Users\Hollz\AppData\Roaming\AVG
[2013/03/13 23:10:20 | 000,000,000 | ---D | M] -- C:\Users\Hollz\AppData\Roaming\AVG2013
[2013/03/13 23:02:05 | 000,000,000 | ---D | M] -- C:\Users\Hollz\AppData\Roaming\Spotify
[2013/03/13 23:03:21 | 000,000,000 | ---D | M] -- C:\Users\Hollz\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello Hollz,

We can surely run some checks for malware, though nothing shows in this posted log so far.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.
  • 0

#3
Hollz

Hollz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thank you for getting back to me :)

Gmer results:

GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-23 14:28:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD6400AAKS-00A7B2 rev.01.03B01 596.17GB
Running: 6sp3dgpn.exe; Driver: C:\Users\Hollz\AppData\Local\Temp\kgloipod.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1580] C:\Windows\SysWOW64\MSVCP100.dll![email protected]?$[email protected]@[email protected]@2IB + 508 00000000730f2fdc 16 bytes [A1, B6, 7F, CE, F0, 0E, 15, ...]

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3208:3580] 000007fefac22a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3208:3588] 000007fef1c3d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3208:3860] 000007fef8685124

---- EOF - GMER 2.1 ----




RogueKiller Results:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Hollz [Admin rights]
Mode : Scan -- Date : 03/23/2013 14:29:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-00A7B2 ATA Device +++++
--- User ---
[MBR] a38702148a68e6a595417567a2d214b8
[BSP] 29c91555f68c22c3a3594fd58eea2a4b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500AAJS-22B4A0 ATA Device +++++
--- User ---
[MBR] e2bd125dfc7e93162ca5290b2a205d81
[BSP] 625623a2617c3a3fc94194589610cfb5 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03232013_02d1429.txt >>
RKreport[1]_S_03232013_02d1429.txt
  • 0

#4
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Really nothing of note yet.

It could take me anywhere from 1-5 attempts to get my computer to stay on, but currently it's more like 3-5.



The computer presents a shutdown warning, or just quits working - immediately shuts down like you pulled the power plug?
  • 0

#5
Hollz

Hollz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
There is no warning, it just shuts down instantly as if I had pressed the power button on my computer. Nothing is overheating, and if I boot windows with safemode it seems to work without issue.
  • 0

#6
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I reread your original post. So this problem was occurring before you completely reformatted your hard drive, and reinstalled Windows?
  • 0

#7
Hollz

Hollz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Yes. I do have a second internal drive that I have not reformatted or done any fixes with, wasn't sure if something could sneak onto that one and cause issues?
  • 0

#8
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
No likely. Out of curiosity, have you disconnected the second drive, to see if the problem stops?
  • 0

#9
Hollz

Hollz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Just tried disconnecting second drive, didn't seem to help any :( guessing its back to the hardware forum? Starting to think psu or motherboard is to blame
  • 0

#10
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Yes, back to the hardware forum.
  • 0

Advertisements


#11
Hollz

Hollz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
alrighty, thanks so much for the assistance, anyway!
  • 0

#12
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Where did your get you video drivers from? The latest version? Some graphics functions don't work in Safe Mode.
  • 0

#13
Hollz

Hollz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I update from the nvidia site and pick the corresponding driver for my card. I'm actually not sure if the drivers are up to date right now since I just wiped everything, but I was having the issue before anyway and believe it was up to date then. I can try updating when I get the chance later. But at any rate, I hadn't had the shutdown problem before in safemode until yesterday so thought I'd mention safemode doesn't make me immune to the issue.
  • 0

#14
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Just see what updating the driver will do.
  • 0

#15
Hollz

Hollz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Sorry haven't had much time to mess with my computer but I did get the video driver updated just haven't been able to see if it helped anything. Honestly though, I had updated drivers before I wiped my harddrive so not sure if it will improve anything. Ill be able to check tomorrow though!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP