TechSpot

Computer appears to shut down within 30-60sec of use

Inactive
By Ruhbbb
Dec 12, 2013
  1. Alright so, I had just recently bought a pretty expensive computer(6 months ago). It is around 1000$ asus. And about a week ago I decided to leave my computer on while I go write an exam. It was on for about 5-6 hours( went into sleepmode) when I got home and called my friends on skype ,1-2 mins into the call, my screen goes black and I can still hear them for about 10 seconds, and then my computer sounds like a broken record( only from speakers, not from the actually computer). I then preformed a system restore to around november 30th, same problem occurs, get 30-60secs of use, screen goes black and computer restarts.I then preformed a full reinstallation of Windows 8, and I am still getting the same problem. I then check my task manager to see what is going on, and I see Service Host : Local System some with different things following them in brackets I cant remember what it said exactly in the brackets, something about networks. And this Service host process goes up to around (16). I did a google search on this many have this problem where this service host eats their CPU or Memory, this is not the case for me it will hover around 15-20% at most. I cant even use my computer to try and fix this problem as I only have about a minute of use. Please Help!

    edit:I found a post about a similar problem on here from about a year ago, a user by the name of Broni helped fix the issue, BRONI WHERE ARE YOU <3
     
  2. Broni

    Broni Malware Annihilator Posts: 48,017   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    NOTE 1. Use another working computer to download following tool.
    NOTE 2. Install Panda USB Vaccine, or BitDefenderā€™s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. Ruhbbb

    Ruhbbb TS Rookie Topic Starter

    I have a couple of question before I begin this process."How to use the Windows 8 System Recovery Environment Command Prompt" This link you sent.. the goal of it is to get into .cmd correct?? Because I cant even turn on my computer for long enough to complete this tutorial. Although, I know how to get into the exactly the same blue backgrounded set-up by hitting F11 on start up.
     
  4. Ruhbbb

    Ruhbbb TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
    Ran by SYSTEM on MININT-7KIJ7E1 on 13-12-2013 07:41:50
    Running from E:\
    Windows 8 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [213856 2012-07-25] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1374864 2012-07-25] (Trend Micro Inc.)
    HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-30] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3187360 2013-01-14] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
    HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)

    ==================== Services (Whitelisted) =================

    S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
    S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
    S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
    S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

    ==================== Drivers (Whitelisted) ====================

    S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
    S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
    S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
    S1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [106000 2012-07-12] (Trend Micro Inc.)
    S0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-07-12] (Trend Micro Inc.)
    S0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-23] (Trend Micro Inc.)
    S3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [98104 2012-08-24] (Trend Micro Inc.)
    S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [33176 2012-07-27] (trend_company_name)
    S1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [76672 2012-07-12] (Trend Micro Inc.)
    S2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [77112 2012-09-10] (Trend Micro Inc.)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-12-13 07:41 - 2013-12-13 07:41 - 00000000 ____D C:\FRST
    2013-12-13 07:35 - 2013-12-13 07:35 - 00297960 _____ C:\Windows\Minidump\121313-12890-01.dmp
    2013-12-13 07:18 - 2013-12-13 07:18 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2013-12-12 20:17 - 2013-12-13 07:35 - 00000000 ____D C:\Windows\Minidump
    2013-12-12 20:17 - 2013-12-12 20:17 - 00310968 _____ C:\Windows\Minidump\121213-14671-01.dmp
    2013-12-12 20:12 - 2013-12-13 07:35 - 762279270 _____ C:\Windows\MEMORY.DMP
    2013-12-12 19:58 - 2013-12-12 19:58 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1404446066-3111398394-3725099620-1001
    2013-12-12 19:58 - 2013-12-12 19:58 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
    2013-12-12 19:58 - 2013-12-12 19:58 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2013-12-12 19:58 - 2013-12-12 19:58 - 00000000 ____D C:\Riot Games
    2013-12-12 19:58 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2013-12-12 19:58 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2013-12-12 19:58 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2013-12-12 19:58 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2013-12-12 19:58 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2013-12-12 19:57 - 2013-12-12 19:57 - 00000000 _____ C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_CM6870.alu
    2013-12-12 19:56 - 2013-12-12 20:11 - 00000000 ____D C:\Users\Robert\AppData\Local\PMB Files
    2013-12-12 19:56 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Riot Games
    2013-12-12 19:56 - 2013-12-12 19:56 - 00000000 ____D C:\ProgramData\PMB Files
    2013-12-12 19:56 - 2013-12-12 19:56 - 00000000 ____D C:\Program Files (x86)\Pando Networks
    2013-12-12 19:55 - 2013-12-12 19:56 - 32229024 _____ (Riot Games) C:\Users\Robert\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
    2013-12-12 19:55 - 2013-12-12 19:55 - 00000000 ____D C:\Program Files\ASUS
    2013-12-12 19:54 - 2013-12-13 07:40 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-12-12 19:54 - 2013-12-12 20:01 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-12 19:54 - 2013-12-12 19:54 - 08373576 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-12-12 19:54 - 2013-12-12 19:54 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-12-12 19:54 - 2013-12-12 19:54 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-12-12 19:54 - 2013-12-12 19:54 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-12-12 19:54 - 2013-12-12 19:54 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Intel Corporation
    2013-12-12 19:54 - 2013-12-12 19:54 - 00000000 ____D C:\Program Files (x86)\Google
    2013-12-12 19:53 - 2013-12-12 19:54 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
    2013-12-12 19:53 - 2013-12-12 19:53 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Macromedia
    2013-12-12 19:53 - 2013-12-12 19:53 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment
    2013-12-12 19:53 - 2013-12-12 19:53 - 00000000 ____D C:\Users\Robert\AppData\Local\Apps\2.0
    2013-12-12 19:32 - 2013-12-12 19:32 - 00001452 _____ C:\Users\Robert\Desktop\Trend Micro Titanium Internet Security.lnk
    2013-12-12 19:32 - 2013-12-12 19:32 - 00000000 ____D C:\Users\Robert\AppData\Roaming\ASUS WebStorage
    2013-12-12 19:32 - 2013-12-12 19:32 - 00000000 ____D C:\ProgramData\CyberLink
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000020 ___SH C:\Users\Robert\ntuser.ini
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Adobe
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\Users\Robert\AppData\Local\VirtualStore
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\users\Robert
    2013-12-05 19:29 - 2013-12-05 19:29 - 00000000 _____ C:\Recovery.txt

    ==================== One Month Modified Files and Folders =======

    2013-12-13 07:41 - 2013-12-13 07:41 - 00000000 ____D C:\FRST
    2013-12-13 07:40 - 2013-12-12 19:54 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-12-13 07:40 - 2013-02-23 03:31 - 01815202 _____ C:\Windows\WindowsUpdate.log
    2013-12-13 07:40 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-12-13 07:35 - 2013-12-13 07:35 - 00297960 _____ C:\Windows\Minidump\121313-12890-01.dmp
    2013-12-13 07:35 - 2013-12-12 20:17 - 00000000 ____D C:\Windows\Minidump
    2013-12-13 07:35 - 2013-12-12 20:12 - 762279270 _____ C:\Windows\MEMORY.DMP
    2013-12-13 07:25 - 2013-01-14 18:32 - 00801000 _____ C:\Windows\System32\perfh00A.dat
    2013-12-13 07:25 - 2013-01-14 18:32 - 00166710 _____ C:\Windows\System32\perfc00A.dat
    2013-12-13 07:25 - 2013-01-14 18:25 - 00789748 _____ C:\Windows\System32\prfh0816.dat
    2013-12-13 07:25 - 2013-01-14 18:25 - 00164330 _____ C:\Windows\System32\prfc0816.dat
    2013-12-13 07:25 - 2013-01-14 18:20 - 00435896 _____ C:\Windows\System32\prfh0804.dat
    2013-12-13 07:25 - 2013-01-14 18:20 - 00136908 _____ C:\Windows\System32\prfc0804.dat
    2013-12-13 07:25 - 2013-01-14 18:15 - 00798604 _____ C:\Windows\System32\perfh013.dat
    2013-12-13 07:25 - 2013-01-14 18:15 - 00162942 _____ C:\Windows\System32\perfc013.dat
    2013-12-13 07:25 - 2013-01-14 18:09 - 00794030 _____ C:\Windows\System32\perfh010.dat
    2013-12-13 07:25 - 2013-01-14 18:09 - 00156964 _____ C:\Windows\System32\perfc010.dat
    2013-12-13 07:25 - 2013-01-14 18:04 - 00803076 _____ C:\Windows\System32\perfh00C.dat
    2013-12-13 07:25 - 2013-01-14 18:04 - 00159440 _____ C:\Windows\System32\perfc00C.dat
    2013-12-13 07:25 - 2013-01-14 17:58 - 00554846 _____ C:\Windows\System32\perfh008.dat
    2013-12-13 07:25 - 2013-01-14 17:58 - 00093214 _____ C:\Windows\System32\perfc008.dat
    2013-12-13 07:25 - 2013-01-14 17:54 - 00754854 _____ C:\Windows\System32\perfh007.dat
    2013-12-13 07:25 - 2013-01-14 17:54 - 00159716 _____ C:\Windows\System32\perfc007.dat
    2013-12-13 07:25 - 2013-01-14 17:49 - 00450216 _____ C:\Windows\System32\prfh0404.dat
    2013-12-13 07:25 - 2013-01-14 17:49 - 00136908 _____ C:\Windows\System32\prfc0404.dat
    2013-12-13 07:25 - 2012-07-25 23:28 - 08223984 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-12-13 07:18 - 2013-12-13 07:18 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2013-12-13 07:18 - 2012-07-25 23:21 - 00020550 _____ C:\Windows\setupact.log
    2013-12-12 20:17 - 2013-12-12 20:17 - 00310968 _____ C:\Windows\Minidump\121213-14671-01.dmp
    2013-12-12 20:11 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Robert\AppData\Local\PMB Files
    2013-12-12 20:09 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\ELAM
    2013-12-12 20:06 - 2013-01-14 19:07 - 00002810 _____ C:\Windows\PFRO.log
    2013-12-12 20:01 - 2013-12-12 19:54 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-12 19:59 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\LiveKernelReports
    2013-12-12 19:58 - 2013-12-12 19:58 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1404446066-3111398394-3725099620-1001
    2013-12-12 19:58 - 2013-12-12 19:58 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
    2013-12-12 19:58 - 2013-12-12 19:58 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2013-12-12 19:58 - 2013-12-12 19:58 - 00000000 ____D C:\Riot Games
    2013-12-12 19:57 - 2013-12-12 19:57 - 00000000 _____ C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_CM6870.alu
    2013-12-12 19:56 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Riot Games
    2013-12-12 19:56 - 2013-12-12 19:56 - 00000000 ____D C:\ProgramData\PMB Files
    2013-12-12 19:56 - 2013-12-12 19:56 - 00000000 ____D C:\Program Files (x86)\Pando Networks
    2013-12-12 19:56 - 2013-12-12 19:55 - 32229024 _____ (Riot Games) C:\Users\Robert\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
    2013-12-12 19:55 - 2013-12-12 19:55 - 00000000 ____D C:\Program Files\ASUS
    2013-12-12 19:54 - 2013-12-12 19:54 - 08373576 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-12-12 19:54 - 2013-12-12 19:54 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-12-12 19:54 - 2013-12-12 19:54 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-12-12 19:54 - 2013-12-12 19:54 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-12-12 19:54 - 2013-12-12 19:54 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Intel Corporation
    2013-12-12 19:54 - 2013-12-12 19:54 - 00000000 ____D C:\Program Files (x86)\Google
    2013-12-12 19:54 - 2013-12-12 19:53 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
    2013-12-12 19:53 - 2013-12-12 19:53 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Macromedia
    2013-12-12 19:53 - 2013-12-12 19:53 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment
    2013-12-12 19:53 - 2013-12-12 19:53 - 00000000 ____D C:\Users\Robert\AppData\Local\Apps\2.0
    2013-12-12 19:33 - 2013-01-14 19:07 - 00353320 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-12-12 19:33 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\BBI
    2013-12-12 19:32 - 2013-12-12 19:32 - 00001452 _____ C:\Users\Robert\Desktop\Trend Micro Titanium Internet Security.lnk
    2013-12-12 19:32 - 2013-12-12 19:32 - 00000000 ____D C:\Users\Robert\AppData\Roaming\ASUS WebStorage
    2013-12-12 19:32 - 2013-12-12 19:32 - 00000000 ____D C:\ProgramData\CyberLink
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000020 ___SH C:\Users\Robert\ntuser.ini
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Adobe
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\Users\Robert\AppData\Local\VirtualStore
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages
    2013-12-12 19:31 - 2013-12-12 19:31 - 00000000 ____D C:\users\Robert
    2013-12-12 19:31 - 2013-01-14 19:06 - 00000000 ____D C:\Windows\Panther
    2013-12-12 19:31 - 2013-01-14 17:40 - 00000000 ____D C:\Windows\SysWOW64\OEM
    2013-12-12 19:31 - 2012-07-26 00:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
    2013-12-12 19:31 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\WinStore
    2013-12-12 19:28 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache
    2013-12-05 19:29 - 2013-12-05 19:29 - 00000000 _____ C:\Recovery.txt
    2013-12-05 19:29 - 2012-07-26 00:13 - 00262144 _____ C:\Windows\System32\config\BCD-Template
    2013-12-05 19:29 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\Recovery

    Some content of TEMP:
    ====================
    C:\Users\Robert\AppData\Local\Temp\swt-win32-3349.dll


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    1
    Restore point made on: 2013-12-12 19:56:59

    ==================== Memory info ===========================

    Percentage of memory in use: 7%
    Total physical RAM: 16334.43 MB
    Available physical RAM: 15162.5 MB
    Total Pagefile: 16334.43 MB
    Available Pagefile: 15168.43 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:150 GB) (Free:93.45 GB) NTFS
    Drive d: (Data) (Fixed) (Total:1695.86 GB) (Free:1695.63 GB) NTFS
    Drive e: (VANDERHOOF) (Removable) (Total:1.95 GB) (Free:1.95 GB) FAT
    Drive j: (070519_2239) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 0D1AEC8F)

    Partition: GPT Partition Type
    ========================================================
    Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


    LastRegBack: 2013-01-14 19:07

    ==================== End Of Log ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 48,017   +271

    There is nothing malicious there.
    Since you reinstalled Windows already I suspect you may have some hardware issue.

    In any case....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
  6. Ruhbbb

    Ruhbbb TS Rookie Topic Starter

    Thank alot Broni!
     
  7. Broni

    Broni Malware Annihilator Posts: 48,017   +271

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.