Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sadly, I think I may have become a victim


  • Please log in to reply

#1
Alan1998

Alan1998

    Member

  • Member
  • PipPipPip
  • 295 posts
So, nothing new installed. Nothing abnormal until today. Was doing a bit of gaming while at home after hearing some very distrubing news about areas around where I live.

I noticed that my system would lock right up for a steady 5-10 seconds and has continued to do so. Normally this would be heat, but everything is operating under 30C right now. The hottest I've seen is 80C. So nothing wrong there. I've also been having issues regarding RAM, I belive while attempting to play a very heavily modded version of Minecraft. That could jut be lack of RAM allocated.

With my limited knowledge of OTL logs, I can guess something is wrong. THe ZA check is not normal.

OTL log is as follows.

OTL logfile created on: 6/5/2014 3:31:09 PM - Run 17
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.96 Gb Total Physical Memory | 12.65 Gb Available Physical Memory | 79.24% Memory free
31.92 Gb Paging File | 27.19 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.79 Gb Total Space | 1594.31 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive D: | 497.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 29.82 Gb Total Space | 21.26 Gb Free Space | 71.30% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/26 16:01:55 | 003,888,648 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/19 15:48:16 | 003,588,952 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2014/05/16 16:47:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2014/04/21 12:25:41 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/11 15:17:18 | 000,650,816 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
PRC - [2014/03/04 08:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/05 06:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/01/16 07:51:12 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
PRC - [2014/01/15 14:23:00 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013/12/06 13:23:18 | 000,023,552 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2013/08/26 17:15:02 | 000,029,912 | ---- | M] (AOMEI Tech Co., Ltd.) -- C:\Program Files (x86)\AOMEI Backupper\ABService.exe
PRC - [2013/07/02 16:09:00 | 003,271,168 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
PRC - [2013/07/02 16:07:56 | 002,690,560 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
PRC - [2012/12/27 21:33:56 | 000,327,296 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/12/26 01:41:44 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2012/03/27 07:44:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
PRC - [2011/06/01 17:57:16 | 000,561,984 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/19 15:48:15 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\Origin\platforms\qwindows.dll
MOD - [2014/05/19 15:48:15 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff.dll
MOD - [2014/05/19 15:48:15 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng.dll
MOD - [2014/05/19 15:48:15 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
MOD - [2014/05/19 15:48:15 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico.dll
MOD - [2014/05/19 15:48:15 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif.dll
MOD - [2014/05/19 15:48:15 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtga.dll
MOD - [2014/05/19 15:48:15 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
MOD - [2014/05/14 07:16:07 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/13 20:40:54 | 000,414,536 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/13 20:40:50 | 004,217,672 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/13 20:40:45 | 000,716,616 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014/05/13 20:40:44 | 000,126,280 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014/05/13 20:40:43 | 001,732,424 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2013/10/15 20:19:41 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/06/20 11:01:14 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
MOD - [2013/05/14 15:11:32 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/04/21 12:25:41 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/04/16 18:12:45 | 006,817,544 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2014/03/25 16:22:18 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2014/03/06 05:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/05 06:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/05/14 07:16:07 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/04 08:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/28 02:41:42 | 000,520,416 | ---- | M] (Futuremark) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2014/02/05 06:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/01/16 07:51:12 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2014/01/15 14:23:00 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2013/12/06 13:23:18 | 000,023,552 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2013/10/30 16:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/26 17:15:02 | 000,029,912 | ---- | M] (AOMEI Tech Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\AOMEI Backupper\ABService.exe -- (Backupper Service)
SRV - [2012/12/27 21:33:56 | 000,327,296 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/12/27 21:32:58 | 000,204,928 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/12/26 01:41:44 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/15 07:44:35 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/15 07:44:35 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/15 07:44:35 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/21 12:25:42 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/21 12:25:42 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/21 12:25:42 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/21 12:25:42 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/21 12:25:42 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/04/16 18:12:55 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2014/03/24 17:12:06 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2014/03/24 17:09:40 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2014/03/19 10:49:26 | 000,014,240 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspCrash64.sys -- (rspCrash)
DRV:64bit: - [2014/02/03 18:49:05 | 000,031,648 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2013/12/27 15:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 10:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/01 23:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/06 14:25:40 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/05/07 14:27:12 | 000,151,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\ammntdrv.sys -- (ammntdrv)
DRV:64bit: - [2013/05/07 14:27:12 | 000,030,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\ambakdrv.sys -- (ambakdrv)
DRV:64bit: - [2013/04/19 04:56:48 | 000,015,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvflash.sys -- (NVFLASH)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/02/19 18:02:08 | 000,024,824 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2013/02/06 15:52:48 | 000,017,848 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\amwrtdrv.sys -- (amwrtdrv)
DRV:64bit: - [2012/12/27 21:33:28 | 000,551,552 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/12/27 21:33:26 | 000,281,728 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/12/27 21:33:26 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/12/27 21:33:22 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/12/27 21:33:22 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/12/27 21:33:22 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/12/27 21:33:20 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/12/27 21:33:20 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/11/26 20:18:00 | 002,811,904 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 11:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/27 07:43:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/27 07:43:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/27 07:43:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/23 14:32:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 16:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 16:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-44774020-1802902716-358510264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
IE - HKU\S-1-5-21-44774020-1802902716-358510264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...CA&dcc=CA&opt=0
IE - HKU\S-1-5-21-44774020-1802902716-358510264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-44774020-1802902716-358510264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 86 DA B7 CD BF CE 01 [binary data]
IE - HKU\S-1-5-21-44774020-1802902716-358510264-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-44774020-1802902716-358510264-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-44774020-1802902716-358510264-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-44774020-1802902716-358510264-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-44774020-1802902716-358510264-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Michael\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\

[2013/09/26 18:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Battlelog Game Launcher (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.104 (Enabled) = C:\Users\Michael\AppData\Local\Citrix\Plugins\104\npappdetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Docs = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Adblock Plus = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: PrivDog = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\2.1.0.22_0\
CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: avast! Online Security = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Google Wallet = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/12/23 16:08:04 | 000,000,780 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (PrivDog Extension) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PrivDog Extension) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll File not found
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" File not found
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-44774020-1802902716-358510264-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-44774020-1802902716-358510264-1000..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKU\.DEFAULT..\RunOnce: [Application Restart #0] C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe (ASUS)
O4 - HKU\S-1-5-18..\RunOnce: [Application Restart #0] C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe (ASUS)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-44774020-1802902716-358510264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll File not found
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-44774020-1802902716-358510264-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.55.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{922ED5EB-6A28-44D3-896B-5FCB8EBEC38A}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E291EAF0-2545-4DD4-8D21-4450C160AE32}: DhcpNameServer = 192.168.55.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E291EAF0-2545-4DD4-8D21-4450C160AE32}: NameServer = 156.154.70.22,156.154.71.22
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-44774020-1802902716-358510264-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/02 19:23:12 | 000,000,067 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/11/02 19:23:12 | 000,253,952 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/02/28 16:41:28 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O33 - MountPoints2\{fbcf05cc-23cc-11e3-bc78-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fbcf05cc-23cc-11e3-bc78-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2001/11/02 19:23:12 | 000,253,952 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/05 15:15:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/06/04 19:36:16 | 000,024,824 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
[2014/05/31 12:48:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2014/05/31 12:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AzTools
[2014/05/25 15:44:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pawsoft
[2014/05/25 15:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pawsoft
[2014/05/25 15:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pawsoft
[2014/05/24 20:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/05/24 20:26:50 | 000,014,240 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspCrash64.sys
[2014/05/24 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2014/05/24 20:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2014/05/21 06:13:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Monster
[2014/05/19 16:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2014/05/19 16:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2014/05/19 15:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2014/05/18 13:19:52 | 001,179,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/05/18 13:19:52 | 001,048,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/05/18 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\NVIDIA
[2014/05/18 13:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014/05/18 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/05/18 13:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/05/18 13:18:52 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/05/18 13:18:41 | 006,714,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014/05/18 13:18:41 | 003,497,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014/05/18 13:18:41 | 000,386,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014/05/18 13:18:41 | 000,064,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014/05/18 13:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/05/18 13:14:02 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/05/18 13:14:02 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/05/18 13:14:02 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/05/18 13:14:02 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/05/18 13:14:02 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/05/18 13:14:02 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/05/18 13:14:02 | 015,783,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/05/18 13:14:02 | 014,709,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014/05/18 13:14:02 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/05/18 13:14:02 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/05/18 13:14:02 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/05/18 13:14:02 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/05/18 13:14:02 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/05/18 13:14:02 | 003,093,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014/05/18 13:14:02 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/05/18 13:14:02 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/05/18 13:14:02 | 002,715,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/05/18 13:14:02 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/05/18 13:14:02 | 001,885,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433523.dll
[2014/05/18 13:14:02 | 001,516,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433523.dll
[2014/05/18 13:14:02 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2014/05/18 13:14:02 | 000,947,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2014/05/18 13:14:02 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/05/18 13:14:02 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/05/18 13:14:02 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/05/18 13:14:02 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/05/18 13:14:02 | 000,832,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/05/18 13:14:02 | 000,484,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/05/18 13:14:02 | 000,409,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/05/18 13:14:02 | 000,377,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014/05/18 13:14:02 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/05/18 13:14:02 | 000,333,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014/05/18 13:14:02 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/05/18 13:14:02 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2014/05/18 13:14:02 | 000,174,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/05/18 13:14:02 | 000,148,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/05/18 13:14:02 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/05/18 13:14:02 | 000,035,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2014/05/18 13:14:02 | 000,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/05/18 13:14:02 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2014/05/17 22:24:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Wireshark
[2014/05/17 20:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2014/05/16 16:47:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2014/05/14 21:50:11 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/14 21:50:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/14 19:01:14 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 19:01:13 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 19:01:06 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 19:01:06 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 19:01:06 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 19:01:05 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 19:01:05 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 19:01:05 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 19:01:05 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 19:01:05 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 19:01:03 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 19:01:03 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 19:01:03 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 19:01:03 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 19:01:03 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 19:01:03 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 19:01:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 19:01:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 19:01:03 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 19:01:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 19:01:02 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 19:01:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 19:01:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 19:01:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 19:01:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 16:53:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Hirens.BootCD.15.2
[2014/05/13 16:52:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\grub4dos
[2014/05/06 21:39:10 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/06 19:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\EmieUserList
[2014/05/06 19:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Local\EmieSiteList

========== Files - Modified Within 30 Days ==========

[2014/06/05 15:27:50 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2014/06/05 15:23:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-44774020-1802902716-358510264-1000UA.job
[2014/06/05 15:19:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/06/05 15:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/05 15:11:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/04 17:43:50 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-44774020-1802902716-358510264-1000Core.job
[2014/06/04 07:20:09 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 07:20:09 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 07:12:55 | 4264,259,582 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/03 18:02:57 | 000,001,028 | ---- | M] () -- C:\FixitRegBackup.reg
[2014/05/31 12:48:30 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Blueline.lnk
[2014/05/30 07:57:21 | 000,021,044 | ---- | M] () -- C:\Users\Michael\Desktop\tic Tac To.odt
[2014/05/30 07:55:25 | 000,000,611 | ---- | M] () -- C:\Users\Michael\Desktop\grub4dos.zip
[2014/05/30 07:54:22 | 000,018,678 | ---- | M] () -- C:\.rar
[2014/05/25 13:16:12 | 000,007,641 | ---- | M] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2014/05/24 20:28:49 | 954,171,796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/05/22 20:27:14 | 000,011,938 | ---- | M] () -- C:\Users\Michael\Desktop\Untitled 1.odt
[2014/05/21 16:36:20 | 000,002,390 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/21 16:36:19 | 000,002,388 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2014/05/19 20:46:15 | 000,018,588 | ---- | M] () -- C:\Users\Michael\Desktop\Memoir.odt
[2014/05/19 18:30:06 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/05/19 16:59:55 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/05/19 16:46:34 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2014/05/19 16:46:34 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2014/05/19 15:48:03 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2014/05/18 13:20:29 | 000,001,360 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/05/17 20:04:09 | 000,001,559 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2014/05/17 12:35:29 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/16 16:47:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2014/05/15 07:44:35 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/15 07:44:35 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/15 07:44:35 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/14 20:31:50 | 000,021,436 | ---- | M] () -- C:\Users\Michael\Desktop\Syphilis.odt
[2014/05/14 07:16:07 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 07:16:07 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/10 17:29:03 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/10 17:29:03 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/10 17:29:03 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/10 17:26:45 | 621,283,886 | ---- | M] () -- C:\Users\Michael\Desktop\Hirens.BootCD.15.2.zip
[2014/05/09 03:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 03:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files Created - No Company Name ==========

[2014/06/03 18:02:56 | 000,001,028 | ---- | C] () -- C:\FixitRegBackup.reg
[2014/05/31 12:48:30 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Blueline.lnk
[2014/05/30 07:57:19 | 000,021,044 | ---- | C] () -- C:\Users\Michael\Desktop\tic Tac To.odt
[2014/05/30 07:54:22 | 000,018,678 | ---- | C] () -- C:\.rar
[2014/05/22 19:55:32 | 000,011,938 | ---- | C] () -- C:\Users\Michael\Desktop\Untitled 1.odt
[2014/05/19 20:46:13 | 000,018,588 | ---- | C] () -- C:\Users\Michael\Desktop\Memoir.odt
[2014/05/19 16:46:34 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2014/05/19 16:46:34 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2014/05/19 16:46:02 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/05/19 16:46:02 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/05/19 15:48:03 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2014/05/18 13:20:29 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/05/18 13:18:41 | 003,649,185 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/05/18 13:14:02 | 000,024,544 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/05/17 20:04:09 | 000,001,559 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2014/05/17 20:04:09 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2014/05/14 20:31:48 | 000,021,436 | ---- | C] () -- C:\Users\Michael\Desktop\Syphilis.odt
[2014/05/10 17:29:02 | 000,000,611 | ---- | C] () -- C:\Users\Michael\Desktop\grub4dos.zip
[2014/05/10 17:28:23 | 621,283,886 | ---- | C] () -- C:\Users\Michael\Desktop\Hirens.BootCD.15.2.zip
[2014/05/10 17:27:02 | 000,037,888 | ---- | C] () -- C:\Users\Michael\Desktop\usb_format.exe
[2014/03/03 19:40:16 | 000,007,641 | ---- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2013/11/23 08:27:44 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI
[2013/10/05 16:28:20 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/02 18:29:41 | 000,000,541 | ---- | C] () -- C:\Windows\eReg.dat
[2013/08/05 03:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2013/08/05 03:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2012/09/28 16:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

========== ZeroAccess Check ==========

[2013/11/19 21:10:19 | 000,001,094 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\BattleClient.u
[2013/11/19 21:10:21 | 000,005,545 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\BattleEditor.u
[2013/11/19 21:10:19 | 000,001,180 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\BattleGame.u
[2013/11/19 21:10:10 | 000,087,912 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\Core.u
[2013/11/19 21:10:12 | 003,771,756 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\Engine.u
[2013/11/19 21:10:13 | 000,349,623 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\GameFramework.u
[2013/11/19 21:10:13 | 000,053,845 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\GFxUI.u
[2013/11/19 21:10:22 | 000,003,823 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\GFxUIEditor.u
[2013/11/19 21:10:14 | 000,111,028 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\IpDrv.u
[2013/11/19 21:10:08 | 000,242,712 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\OnlineSubsystemGameSpy.u
[2013/11/19 21:10:09 | 000,448,879 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\OnlineSubsystemLive.u
[2013/11/19 21:10:15 | 000,047,888 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\OnlineSubsystemMcts.u
[2013/11/19 21:10:09 | 000,162,826 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\OnlineSubsystemPC.u
[2013/11/19 21:10:10 | 000,304,236 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\OnlineSubsystemSteamworks.u
[2013/11/19 21:10:14 | 000,023,504 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\PlatformCommon.u
[2013/11/19 21:10:18 | 002,189,990 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\TgClient.u
[2013/11/19 21:10:21 | 000,015,832 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\TgEditor.u
[2013/11/19 21:10:17 | 004,604,556 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\TgGame.u
[2013/11/19 21:10:25 | 000,118,267 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\TgGameContent.u
[2013/11/19 21:10:20 | 000,185,691 | R--- | M] () -- C:\$Recycle.bin\S-1-5-21-44774020-1802902716-358510264-1000\$R8VQVVS\HiRezGames\smite\BattleGame\CookedPC\UnrealEd.u
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 23:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 23:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

let me know if you require other logs.
  • 0

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Alan1998,

Fancy meeting you here. ;)

WARNING:

Yes. I do agree that you have become a victim of ZeroAccess  which is a trojan horse that uses an advanced rootkit to hide itself. It can also create a hidden file system, downloads more malware, and opens a back door on the compromised computer. This allows hackers to remotely control your computer, steal critical system information and download and execute files.
 
If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect it from the Internet until your system is cleaned. ALL passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you will need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified as soon as possible due to the possibility of the  security breach.
 
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.

Let's see if we can out this trojan horse out to pasture. :thumbsup:
  • Download  RogueKiller (by tigzy) on the desktop
  • To find the download mirror, scroll down the page a bit till you see RogueKiller under the PayPal icons.
  • You will need to choose one of the 64-bit versions.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan. Once finished, click on Report
Please post the contents of the RKreport.txt in your next Reply.

If you have any question don't hesitate to ask.

Donna :)
  • 0

#3
Alan1998

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
-_-, Thank you Donna for Helping! It is much appreciated!

RogueKiller as requested:

RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Michael [Admin rights]
Mode : Scan -- Date : 06/05/2014 20:22:31

¤¤¤ Bad processes : 1 ¤¤¤
[Hidden!] -- [x] -> KILLED [TermThr]

¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{922ED5EB-6A28-44D3-896B-5FCB8EBEC38A} | NameServer : 156.154.70.22,156.154.71.22 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E291EAF0-2545-4DD4-8D21-4450C160AE32} | NameServer : 156.154.70.22,156.154.71.22 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{922ED5EB-6A28-44D3-896B-5FCB8EBEC38A} | NameServer : 156.154.70.22,156.154.71.22 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E291EAF0-2545-4DD4-8D21-4450C160AE32} | NameServer : 156.154.70.22,156.154.71.22 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{922ED5EB-6A28-44D3-896B-5FCB8EBEC38A} | NameServer : 156.154.70.22,156.154.71.22 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E291EAF0-2545-4DD4-8D21-4450C160AE32} | NameServer : 156.154.70.22,156.154.71.22 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-44774020-1802902716-358510264-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Users\Michael\Desktop\zoek.scr -> FOUND
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-44774020-1802902716-358510264-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Users\Michael\Desktop\zoek.scr -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\{9DA056F0-E019-4AF3-8B8C-AB64981408D7} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Michael\Downloads\VirtualBox-4.2.18-88781-Win.exe -d C:\Users\Michael\Downloads) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 1 ¤¤¤
[IAT:Addr] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++
--- User ---
[MBR] 2041562824ac6ae2e2164d0814020b1f
[BSP] 776afb83bba22c658e4f46c96ef5dfd5 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: LITEONIT LMT-32L3M +++++
--- User ---
[MBR] 0d5d4fa0d9ef4648d9a1a7863817b752
[BSP] 942433675c782940f5dd812fdaa57b1b : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Any ideas on how it got here? I sadly, can't afford a reformat, not atleast right now.
  • 0

#4
Alan1998

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Sorry, has this infection been here since 2013? if so, erkkk. Passwords will be changed shortly. No online banking is done on this comp so.

Edit: Would this explain why MBAM magically went into the world of oblivion? Because I didn't uninstall it.

Edited by Alan1998, 05 June 2014 - 05:34 PM.

  • 0

#5
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Alan1998,

Sorry to make you wait. I had to research a bit to familiarize myself with HiRezGames. Those files that OTL found are not related to a ZA infection. OTL picked up on the .u extension that is associated with the unreal engine which is a game engine developed by Epic Games. Honestly, I know nothing about gaming outside of Free Cell and Spider Solitaire. Do you recall installing any games from HiRezGames back in 2013?

When you get a moment, take a look at the OTL discussion thread starting around page 90+. A discussion concerning ZA begins in that area give or take a page. You'll see why OTL picked up on that .u extension and placed it in the Zero Access section of the log.

I wouldn't worry about what RogueKiller picked. Nothing serious. You said you were having RAM issues? You may want to perform a memtest+. We have a great guide right here at GTG. See here.

Let me know if you have anymore questions. I'd be more than happy to answer what I can.

Donna :)
  • 0

#6
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Oh! My apologies. I did want to point out that you have 2 AV's running at startup:

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

That in itself could cause performance issues. You need to uninstall one or the other.

:)
  • 0

#7
Alan1998

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Comodo should've just been the Firewall. I'll double check on that. (Comodo,has been disabled).

I didn't know they also had instaled the AV. Oops.

As for the games back in 2013, yes, I installed Smite a while back for a short period of time. I uninstalled it because I didn't play it. I thought that might've been fake.

Thank you soo much for helping. ANy ideas on the monitors freezing up?
  • 0

#8
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts

Comodo should've just been the Firewall. I'll double check on that. (Comodo,has been disabled).

I didn't know they also had instaled the AV. Oops.

Michael,

You will find on many occasions users who have multiple AV's installed. Some running both at startup, some not realizing that both are running at startup. Even if they do uninstall one before reinstalling another, not all the time does the software uninstall completely when removed from Programs and Features. That is why it is best to always search to see if there is an uninstall tool for software to remove residual files left behind by the manual uninstall.

As for the monitor freezing? Basically it's not your monitor that is freezing. It's your Operating System (OS) and the monitor just happens to be the medium where this can be observed. Could be software, could be hardware. There is a possibility that something that was installed prior to your system freezing is the cause. Do you recall when the freezing began? If not, there is an area in the OTL log that will tell you when those entries were "generated" on your system, including date and time, within the last however many days you selected under File Age prior to you running the scan. See if you can pinpoint a time when the freezing may have started in association with installing software from the scan results.

You can also boot your computer to the Advanced Options Boot menu and run your system in Safe Mode to see if it still freezes. If it does not, then perform a clean boot to troubleshoot what might be causing this freezing by going back into msconfig and enabling one startup item at a time till the freezing returns. This method can be a tedious process.

How to perform a Clean Boot
  • Log on to an account that has administrator rights.
  • Click Start, type msconfig in the Start Search box, and then press Enter to start the System Configuration utility.
    Note: If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
  • On the General tab, click the Selective startup option, and then click to clear the Load startup items check box.
  • On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all.
    Note: This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points.
  • Click OK, and then click Restart.
Keep me informed to any results. If you have any questions, I'll be in and out throughout the day. :)
  • 0

#9
Alan1998

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Uhh, trouble shooting. I thought this was over. I'll tell CompCav to re-lock ( :( my PL).

I will get to this in about 3 1/2 hours. Sadly I am @ school right now. THanks.
  • 0

#10
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
You don't have to do this right now. Whenever you have time really. I don't want to keep you from your studies. If the freezing is severe and preventing you from using the computer, then you may want to look into this further.

:)
  • 0

Advertisements


#11
Alan1998

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts

Well, I can do as suggested and look into conflicts between drivers. Clean Boot etc. If it continues after that,, I'll see if I can catch Phill


  • 0

#12
Alan1998

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Okay, maybe clean boot and Safe mode won't happen.

I just tried a Safe Mode boot, it's incredibly slow, like 1 minutes to finfish and waited a bunch more to see if it'd actually go into Safe Mode. Nope! It just gives a bunch of lines within the first 2 mm of the upper part of my screen.

Also, which I forgot to note in my first post is, for the last week, when I boot, it goes straight to chkdsk. I've cancelled it, every single time except once when I thought if I let it run it'd stop. It did for a lil while and has made a return. I'm not performing anything in CMD.
  • 0

#13
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts

It did for a lil while and has made a return.

Not quite sure I understand what you meant. After you allowed the chkdsk to continue, did chkdsk finish and not happen again for a while? Were there any results fro that chkdsk after it completed?

I'm not performing anything in CMD.

Have you tried to perform a chkdsk in cmd.exe?
  • 0

#14
Alan1998

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Edit: Removed all of it.

Your Qeustions:


Not quite sure I understand what you meant. After you allowed the chkdsk to continue, did chkdsk finish and not happen again for a while? Were there any results fro that chkdsk after it completed?


I let chkdsk run once, it finished and that was (I thought) the end of chkdsk starting without me telling it too. It has returned. No results were made to my knowledge.


Have you tried to perform a chkdsk in cmd.exe?


No, do you want me too?

Edited by Alan1998, 06 June 2014 - 05:55 PM.

  • 0

#15
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Let's follow these instructions and see what happens. After the scan has completed, download the tool by SleepyDude. It will retrieve and send the resultant log to your desktop so you can post for my viewing pleasure.
  • Click on Start > Run and type in cmd
  • Press Enter
  • In the Command Prompt window type chkdsk c:/r (or copy and paste) and press Enter.
    Please Note the space between k c:/r
  • The next dialog box will now show the following:

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? <Y/N>
  • Type Y and reboot the computer.
  • Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.
To find the log that is produced please do the following:

Please download ListChkdskResult by SleepyDude to the desktop.
  • Double click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply.

Thank you,

Donna :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP