Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

poor performance, locks up randomly restarts [Solved]


  • This topic is locked This topic is locked

#46
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

hitachi hts545025b9a300

 

you made a point of the ide vs sata so i switched it to ide and the program on the flash drive worked :)

 

i performed a chkdsk c: /r  and it took 20 seconds and found no errors

 

i am now running startup repair and it found errors and is repairing... keeping fingers crossed now

 

it now boots fine now with the bios set back to ahci

 

wierd stuff

 

many thanks

 

i guess let GeekU Mammoth know we fixed it and now we can complete the virus removal


Edited by richclan, 20 January 2015 - 08:26 PM.

  • 0

Advertisements


#47
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

My personal thanks to phillpower2 for the assistance.

For now lets have a fresh review of the overall status of the machine as follows...

Scan with aswMBR:

Please download aswMBR to the desktop.

Alternate downloads are here and here.
  • Right-click on aswMBR.exe and select Run as Administrator to launch the application.
  • If a prompt stating: The computer supports "Virtualization Technology" appears >> select Yes
  • When prompted with: The application can use the Avast! Free Antivirus for scanning >> select Yes
  • The Avast! virus definitions database will automatically be downloaded. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once it has downloaded >> ensure the option next to AV scan: >> QuickScan is selected only. It should be by default.
  • Now click on the Scan button to start the scan.
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
  • Click on Exit.
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to the desktop.
  • Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
  • After the tool has checked for any updates and The tool is ready to use is denoted:-
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Next:

When completed the above, please post back the following in the order asked for:
  • How is the computer performing now, any further symptoms and or problems encountered ?
  • aswMBR Log.
  • Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#48
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

still has major issues

boots ok but everything after takes forever. just got "kernal dump inscreen" or something like that on a blue screen.  web browsers lock up and i cant really do anything on it. unable to post the logs. i am using a different PC to post this

 

will keep trying to get the logs posted


Edited by richclan, 21 January 2015 - 11:40 AM.

  • 0

#49
phillpower2

phillpower2

    Tech Staff

  • Technician
  • 21,511 posts

You are both most welcome  :)

 

Best of luck with the malware removal  :thumbsup:


  • 0

#50
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

still has major issues

boots ok but everything after takes forever. just got "kernal dump inscreen" or something like that on a blue screen. web browsers lock up and i cant really do anything on it. unable to post the logs.

Fair enough, lets try to ascertain what the root cause may be via another methodology...

Go to post #31 and follow the instructions I posted in that prior and in turn provide the log created for my review.
  • 0

#51
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

i can get  it to work via safe mode w/ networking

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-01-21 10:03:16
-----------------------------
10:03:16.852    OS Version: Windows x64 6.1.7600
10:03:16.852    Number of processors: 1 586 0x603
10:03:16.852    ComputerName: MADDIE-PC  UserName: JPR
10:03:17.804    Initialize success
10:03:17.835    VM: initialized successfully
10:03:17.835    VM: Amd CPU supported
10:30:50.661    AVAST engine defs: 15012100
10:40:57.418    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:40:57.434    Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC60F Size: 238475MB BusType: 11
10:42:58.081    Disk 0 MBR read successfully
10:42:58.081    Disk 0 MBR scan
10:45:41.944    Disk 0 Windows 7 default MBR code
10:45:42.100    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14336 MB offset 2048
10:45:42.303    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 29362176
10:45:42.428    Disk 0 Boot: NTFS     code=1
10:45:42.443    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       224037 MB offset 29566976
10:45:43.457    Disk 0 scanning C:\Windows\system32\drivers
10:45:59.416    Service scanning
10:46:39.056    Modules scanning
10:46:39.056    Disk 0 trace - called modules:
10:46:39.103    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:46:39.103    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003099060]
10:46:39.103    3 CLASSPNP.SYS[fffff880018be43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800303e060]
10:46:40.366    AVAST engine scan C:\Windows
10:46:46.669    AVAST engine scan C:\Windows\system32
11:27:40.393    AVAST engine scan C:\Windows\system32\drivers
11:28:31.643    AVAST engine scan C:\Users\JPR
11:30:23.887    AVAST engine scan C:\ProgramData
11:32:00.671    Disk 0 statistics 3476150/0/0 @ 3.89 MB/s
11:32:00.686    Scan finished successfully
11:37:10.050    Disk 0 MBR has been saved successfully to "C:\Users\JPR\Desktop\MBR.dat"
11:37:10.066    The log file has been saved successfully to "C:\Users\JPR\Desktop\aswMBR.txt"

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by JPR at 2015-01-21 11:45:46
Running from C:\Users\JPR\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (x32 Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{21958FA9-A346-4745-E831-98013FA0C203}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.3.0.176 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MMI (HKLM-x32\...\{0DEDD4FD-2846-40E0-94E9-2CAB56F108DD}) (Version: 1.00.0000 - MMI)
Mozilla Firefox (3.6.13) (HKLM-x32\...\Mozilla Firefox (3.6.13)) (Version: 3.6.13 (en-US) - Mozilla)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 6.4.1 - MP3 TechSupport Inc)
MP3 Rocket FileBulldog Toolbar (HKLM-x32\...\MP3 Rocket FileBulldog Toolbar) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Reader for PC (HKLM-x32\...\{02F29E25-2B7A-43BA-AF95-D0978593F399}) (Version: 2.0.00.07121 - Sony Corporation)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Rhapsody Player Engine (HKLM-x32\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
SaveTheChildren Reminder by We-Care.com v4.0.20.4 (HKLM-x32\...\{EE88303A-4DBB-4EC1-8C63-26EC1CAB599B}) (Version: 4.0.20.4 - We-Care.com)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{21AFD9CF-046A-41F1-9A6E-EE48483DA864}) (Version: 1.11.0602 - SAMSUNG)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-01-21 19:50 - 2011-01-21 19:50 - 00000036 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6C756678-C973-4D2A-8728-E2097F836078} - System32\Tasks\{C5375FBF-F752-42C6-A317-E2A917D89335} => pcalua.exe -a C:\Users\maddie\Downloads\avira_antivir_personal_en.exe -d C:\Users\maddie\Downloads
Task: {90369526-0888-487C-B4DE-4CE930E08393} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {951A9677-199B-4114-887E-BD4EB99D0AA8} - System32\Tasks\{16B8AB01-DDCC-4908-8F53-60B89F802321} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {CD1F74DA-A939-40E6-8C60-A7FDCF8EAF13} - System32\Tasks\{645CEFCF-7D6B-44DA-B4D1-9D8ECD972DC4} => pcalua.exe -a C:\Users\JPR\Downloads\avira_antivir_personal_en.exe -d C:\Users\JPR\Downloads
Task: {D32D08FF-C21D-4921-9851-FF4C3244B372} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {DBDE8D80-CB5A-4C0E-9CB8-86F04FA7E5F3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2149775182-1744775763-1669362473-1001Core => C:\Users\maddie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {DD01E6C6-1934-436F-B69C-B9F5CCE51A1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2149775182-1744775763-1669362473-1001UA => C:\Users\maddie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E30CE851-9544-4B4B-9F5F-1ABF0F2777FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {E506C932-F641-4053-B282-A4A5453E2BFF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2149775182-1744775763-1669362473-1001UA => C:\Users\maddie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F29C274A-F16C-4CC9-8298-55196EFE6729} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F445DF88-AFEF-42C2-8616-842B8A2F4120} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2149775182-1744775763-1669362473-1001Core => C:\Users\maddie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2149775182-1744775763-1669362473-1001Core.job => C:\Users\maddie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2149775182-1744775763-1669362473-1001UA.job => C:\Users\maddie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2149775182-1744775763-1669362473-1001Core.job => C:\Users\maddie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2149775182-1744775763-1669362473-1001UA.job => C:\Users\maddie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-09 13:06 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-03-08 12:57 - 2010-03-08 12:57 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-25 05:40 - 2010-09-25 05:40 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 17:20 - 2010-06-28 17:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 17:12 - 2010-06-28 17:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-07-19 23:43 - 2009-05-20 01:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-07-12 17:12 - 2012-07-12 17:12 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2012-07-12 17:09 - 2012-07-12 17:09 - 00033792 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2012-07-12 17:09 - 2012-07-12 17:09 - 00233472 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2012-07-12 17:10 - 2012-07-12 17:10 - 00020480 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2012-05-23 13:50 - 2012-05-23 13:50 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2012-07-12 17:09 - 2012-07-12 17:09 - 00118784 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2012-07-12 17:10 - 2012-07-12 17:10 - 00009728 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2012-07-12 17:10 - 2012-07-12 17:10 - 00018432 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2012-07-12 17:09 - 2012-07-12 17:09 - 00010752 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2012-07-12 17:10 - 2012-07-12 17:10 - 00008704 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2012-07-12 17:10 - 2012-07-12 17:10 - 00028160 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2012-07-12 17:10 - 2012-07-12 17:10 - 00012288 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2012-05-23 13:09 - 2012-05-23 13:09 - 00086016 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2012-07-12 17:11 - 2012-07-12 17:11 - 00143360 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2012-07-12 17:11 - 2012-07-12 17:11 - 00172032 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-12-14 11:43 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-14 11:43 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-14 11:43 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-14 11:43 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2149775182-1744775763-1669362473-500 - Administrator - Disabled)
Guest (S-1-5-21-2149775182-1744775763-1669362473-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2149775182-1744775763-1669362473-1002 - Limited - Enabled)
JPR (S-1-5-21-2149775182-1744775763-1669362473-1003 - Administrator - Enabled) => C:\Users\JPR
maddie (S-1-5-21-2149775182-1744775763-1669362473-1001 - Limited - Enabled) => C:\Users\maddie

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 11:23:05 AM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.25.11;lang=en;guid=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\867afc6e-61b0-413a-9b92-8418af9f4338.dmp

Error: (01/21/2015 11:23:04 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/21/2015 11:23:04 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=3800}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/21/2015 11:09:24 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\sysmain.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\sysmain.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (01/21/2015 11:09:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000006
Fault offset: 0x0000000000015972
Faulting process id: 0x3b4
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (01/21/2015 11:04:52 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 0

Error: (01/21/2015 11:04:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mpengine.dll, version: 1.1.6603.0, time stamp: 0x4d54e518
Exception code: 0xc0000006
Fault offset: 0x00000000000ecdb0
Faulting process id: 0x1114
Faulting application start time: 0xsvchost.exe_WinDefend0
Faulting application path: svchost.exe_WinDefend1
Faulting module path: svchost.exe_WinDefend2
Report Id: svchost.exe_WinDefend3

Error: (01/21/2015 10:45:42 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\esent.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\esent.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (01/21/2015 10:45:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000006
Fault offset: 0x00000000000158e5
Faulting process id: 0xf1c
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (01/21/2015 10:31:18 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Failed to get state for bits job HResult: 0x800706be.

System errors:
=============
Error: (01/21/2015 11:44:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (01/21/2015 11:43:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/21/2015 11:43:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/21/2015 11:43:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/21/2015 11:43:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/21/2015 11:43:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/21/2015 11:43:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/21/2015 11:43:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/21/2015 11:43:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/21/2015 11:43:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Microsoft Office Sessions:
=========================
Error: (09/13/2012 03:40:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 167704 seconds with 360 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2011-07-22 02:19:16.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-07-22 02:19:16.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-16 18:07:07.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-16 18:07:07.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-16 13:53:51.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-16 13:53:51.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-16 13:35:27.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-04-16 13:35:27.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-03-26 10:26:32.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-03-26 10:26:32.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD V140 Processor
Percentage of memory in use: 44%
Total physical RAM: 2810.9 MB
Available physical RAM: 1566.09 MB
Total Pagefile: 5619.93 MB
Available Pagefile: 4013.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:218.79 GB) (Free:142.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6CD43650)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by JPR (administrator) on MADDIE-PC on 21-01-2015 11:43:36
Running from C:\Users\JPR\Desktop
Loaded Profiles: JPR (Available profiles: maddie & JPR & Guest)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928 2012-07-12] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-2149775182-1744775763-1669362473-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2149775182-1744775763-1669362473-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
IFEO: [Debugger] svchost.exe
Startup: C:\Users\maddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\JPR\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
GroupPolicyUsers\S-1-5-21-2149775182-1744775763-1669362473-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:25432
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-2149775182-1744775763-1669362473-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> URL http://www.google.co...Page={startPage}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> URL http://www.google.co...Page={startPage}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> URL http://www.google.co...Page={startPage}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

FireFox:
========
FF ProfilePath: C:\Users\JPR\AppData\Roaming\Mozilla\Firefox\Profiles\257xl4w6.default
FF SelectedSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2149775182-1744775763-1669362473-1003: @real.com/RhapsodyPlayerEngine -> C:\Users\JPR\AppData\Roaming\nprhapengine.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-12-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-29]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Users\JPR\AppData\Roaming\Mozilla\Firefox\Profiles\257xl4w6.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\JPR\AppData\Roaming\Mozilla\Firefox\Profiles\257xl4w6.default\extensions\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-13]
CHR Extension: (Google Docs) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-13]
CHR Extension: (Google Drive) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]
CHR Extension: (YouTube) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-13]
CHR Extension: (Google Search) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-13]
CHR Extension: (Google Sheets) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-13]
CHR Extension: (Google Wallet) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-13]
CHR Extension: (Gmail) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-13]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-05-23] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S2 MCSTRM; No ImagePath
U3 aswMBR; \??\C:\Users\JPR\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\JPR\AppData\Local\Temp\aswVmm.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atipmdag.sys D3E6B2E1394D93FE9DB0BA24814B0D8F
C:\Windows\System32\DRIVERS\atikmpag.sys CC4D915D786D3DA973B2EA9B95D59A29
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AtiPcie.sys C07A040D6B5A42DD41EE386CF90974C8
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 2D659B569A76CDB83B815675A80D7096
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 3F1DC527070ACB87E40AFE46EF6DA749
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 235362D403D9D677514649D88DB31914
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 37E053A2CF8F0082B689ED74106E0CEC
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys B7F3D2C40BDF8FFB73EBFB19C77734E2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 86C6F88B5168CE21CF8D69D0B3FF5D19
C:\Windows\System32\DRIVERS\mrxsmb20.sys B081069251C8E9F42CB8769D07148F9C
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A
C:\Windows\System32\drivers\RtHDMIVX.sys D6D381B76056C668679723938F06F16C
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 064A2530A4A7C7CEC1BE6A1945645BE4
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\system32\drivers\UBHelper.sys A17D5E1A6DF4EAB0A480F2C490DE4C9D
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\System32\drivers\usbaudio.sys 77B01BC848298223A95D4EC23E1785A1
C:\Windows\System32\DRIVERS\usbccgp.sys 537A4E03D7103C12D42DFD8FFDB5BDC9
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys FBB21EBE49F6D560DB37AC25FBC68E66
C:\Windows\System32\DRIVERS\usbhub.sys 6B7A8A99C4A459E73C286A6763EA24CC
C:\Windows\System32\DRIVERS\usbohci.sys 8C88AA7617B4CBC2E4BED61D26B33A27
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys 0B5B3B2DF3FD1709618ACFA50B8392B0
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 11:43 - 2015-01-21 11:45 - 00033223 _____ () C:\Users\JPR\Desktop\FRST.txt
2015-01-21 11:41 - 2015-01-21 11:41 - 02126848 _____ (Farbar) C:\Users\JPR\Desktop\FRST64.exe
2015-01-21 11:37 - 2015-01-21 11:37 - 00002124 _____ () C:\Users\JPR\Desktop\aswMBR.txt
2015-01-21 11:37 - 2015-01-21 11:37 - 00000512 _____ () C:\Users\JPR\Desktop\MBR.dat
2015-01-21 09:50 - 2015-01-21 09:50 - 00000000 ____D () C:\Users\JPR\Desktop\virus repair 2015
2015-01-21 09:45 - 2015-01-21 09:45 - 05200384 _____ (AVAST Software) C:\Users\JPR\Desktop\aswmbr.exe
2015-01-20 21:14 - 2015-01-20 21:14 - 00006392 _____ () C:\Windows\system32\PerfStringBackup.TMP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 11:43 - 2014-12-13 19:27 - 00000000 ____D () C:\FRST
2015-01-21 11:18 - 2013-12-18 12:36 - 00009306 _____ () C:\Windows\setupact.log
2015-01-21 10:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 10:45 - 2010-09-25 05:39 - 02056653 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 10:45 - 2009-07-14 00:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-21 10:32 - 2014-12-17 21:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 09:49 - 2011-08-16 00:50 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2149775182-1744775763-1669362473-1001UA.job
2015-01-21 09:47 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 09:47 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

==================== Files in the root of some directories =======
2011-12-25 18:30 - 2011-12-25 18:30 - 0000268 ___RH () C:\Users\JPR\AppData\Roaming\Dance Kit
2011-12-25 18:30 - 2011-12-25 18:30 - 0000268 ___RH () C:\Users\JPR\AppData\Roaming\Database
2011-12-25 18:30 - 2011-12-25 18:30 - 0000268 ___RH () C:\Users\JPR\AppData\Roaming\Definition Bundle
2011-12-25 18:30 - 2011-12-25 18:30 - 0000268 ___RH () C:\ProgramData\Developer Tools
2011-12-25 18:30 - 2011-12-25 18:30 - 0000268 ___RH () C:\ProgramData\Devices
2011-12-25 18:30 - 2011-12-25 18:30 - 0000268 ___RH () C:\ProgramData\Dialogs
2011-12-25 18:30 - 2011-12-25 18:30 - 0000012 ___RH () C:\ProgramData\Drums
2011-12-25 18:30 - 2011-12-25 18:30 - 0000012 ___RH () C:\ProgramData\Echo
2011-12-25 18:30 - 2011-12-25 18:30 - 0000012 ___RH () C:\ProgramData\Electric Clav
2011-12-25 18:30 - 2011-12-25 18:30 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-12-25 18:30 - 2011-12-25 20:03 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-12-25 18:30 - 2011-12-25 18:30 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some content of TEMP:
====================
C:\Users\JPR\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JPR\AppData\Local\Temp\Quarantine.exe
C:\Users\JPR\AppData\Local\Temp\sqlite3.dll
C:\Users\JPR\AppData\Local\Temp\SymCCIS.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-15 19:24

==================== End Of Log ============================

 


  • 0

#52
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

i can get it to work via safe mode w/ networking

Hmmm strange you said the machine running in this mode when FRST denotes:-

Boot Mode: Normal

Can you confirm please which exact mode the machine was running in time of the scan before we proceed any further, thank you
  • 0

#53
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

the scans were in normal mode

 

the laptop works great in safe w/networking mode if that helps


Edited by richclan, 22 January 2015 - 08:18 AM.

  • 0

#54
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

the scans were in normal mode

the laptop works great in safe w/networking mode if that helps

Acknolwedged, see if the below can be ran whilst the machine is running in Normal Mode please...

Download/run Rkill:

(If one fails to work delete it and download/try another):

One, Two,Three, Four or Five
  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Post the log created, found on the desktop rkill.txt. in your next reply.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the desktop.

  • Now right-click on FRST.exe and select Run as Administrator to start FRST.
  • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
  • Your machine should now automatically reboot itself.
  • Post the contents of the newly created Fixlog in your next reply.
Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • 0

#55
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

here you go

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 01/22/2015 11:33:18 AM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!

Performing miscellaneous checks:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by JPR at 2015-01-22 14:27:25 Run:1
Running from C:\Users\JPR\Desktop\virus repair 2015
Loaded Profiles: JPR (Available profiles: maddie & JPR & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-2149775182-1744775763-1669362473-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2149775182-1744775763-1669362473-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
IFEO: [Debugger] svchost.exe
GroupPolicyUsers\S-1-5-21-2149775182-1744775763-1669362473-1001\User: Group Policy restriction detected <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:25432
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-2149775182-1744775763-1669362473-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab
S2 MCSTRM; No ImagePath
Task: {6C756678-C973-4D2A-8728-E2097F836078} - System32\Tasks\{C5375FBF-F752-42C6-A317-E2A917D89335} => pcalua.exe -a C:\Users\maddie\Downloads\avira_antivir_personal_en.exe -d C:\Users\maddie\Downloads
Task: {CD1F74DA-A939-40E6-8C60-A7FDCF8EAF13} - System32\Tasks\{645CEFCF-7D6B-44DA-B4D1-9D8ECD972DC4} => pcalua.exe -a C:\Users\JPR\Downloads\avira_antivir_personal_en.exe -d C:\Users\JPR\Downloads
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
HKU\S-1-5-21-2149775182-1744775763-1669362473-1003\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
HKU\S-1-5-21-2149775182-1744775763-1669362473-1003\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\\Debugger => value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2149775182-1744775763-1669362473-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-2149775182-1744775763-1669362473-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{3860DD98-0549-4D50-AA72-5D17D200EE10}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3860DD98-0549-4D50-AA72-5D17D200EE10}" => Key deleted successfully.
MCSTRM => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C756678-C973-4D2A-8728-E2097F836078}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C756678-C973-4D2A-8728-E2097F836078}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C5375FBF-F752-42C6-A317-E2A917D89335} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C5375FBF-F752-42C6-A317-E2A917D89335}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD1F74DA-A939-40E6-8C60-A7FDCF8EAF13}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD1F74DA-A939-40E6-8C60-A7FDCF8EAF13}" => Key deleted successfully.
C:\Windows\System32\Tasks\{645CEFCF-7D6B-44DA-B4D1-9D8ECD972DC4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{645CEFCF-7D6B-44DA-B4D1-9D8ECD972DC4}" => Key deleted successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {2EA529E4-03AF-4180-B1A0-60D2A951F410}.
Unable to cancel {5EC03ADC-25D6-4B31-8385-8737429036F1}.
Unable to cancel {C1565EFC-FF72-4EFF-93F2-5AA199BED40F}.
Unable to cancel {3996EE6A-D793-4B90-AFBB-E4A03B7124E8}.
Unable to cancel {725F297D-047F-432E-998A-5BED481B0EF3}.
Unable to cancel {2D55664E-1509-42D8-B723-F37C8585B873}.
Unable to cancel {E30D525E-5D7A-41E8-A162-EA19892D1954}.
Unable to cancel {81025572-73AE-45B5-B3C2-0B3B747F5A29}.
Unable to cancel {8E3DD9BC-9EAF-4C7D-809C-FD5B8AB8A096}.
Unable to cancel {6BA126CE-6C8F-4D7A-AE8B-AFCECE278644}.
Unable to cancel {8C0C73B9-D404-4C72-AD1A-82B28EE778A9}.
Unable to cancel {E1EB204C-091C-4569-A6AA-9E4FBDDD41A1}.
Unable to cancel {1275ED2C-C707-4740-B02C-F6CCD67486F0}.
Unable to cancel {A5705315-E19A-4F9B-B6C4-4551B738877F}.
Unable to cancel {F4C56E75-5D5E-4B79-BFB4-5BF093BEF557}.
Unable to cancel {5408CC3D-20CB-4141-BFCF-68A7AAD3061C}.
Unable to cancel {34B95441-377B-46C1-A758-E42D7729BB78}.
Unable to cancel {BC473273-DA06-4AF4-AB32-A00D47756435}.
Unable to cancel {FF90FC0E-A450-45A1-B768-97BEBC9F5522}.
0 out of 19 jobs canceled.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 650.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog 14:28:46 ====


  • 0

Advertisements


#56
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Lets proceed as follows...

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.
  • Launch the application, once the program has loaded, select Scan >> Threat Scan.
  • Then click on Scan Now >> and a check for updates will begin then the actual scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click on Quarantine All
  • When disinfection is completed, a dialogue will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History >> Application Logs.
  • Double click on the last scan done, then on Copy to Clipboard.
  • To submit your reply, click on Add Reply, then right click on the window and select Paste.
  • Submit your reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with FSS:

Please download Farbar Service Scanner and save to your Desktop.
  • Right-click FSS.exe and select Run as Administrator to start the program.
  • Select all available options.
  • Then click on the Scan tab.
  • When the scan is complete, it will produce a log named FSS.txt.
  • Post the contents in your next reply.
Next:

When completed the above, please post back the following in the order asked for:
  • How is the computer performing now, any further symptoms and or problems encountered?
  • Malwarebytes Anti-Malware Log.
  • Farbar Service Scanner Log.

  • 0

#57
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

hi

it still locks up after a near  normal boot. i have to force shut down and re-boot in safe w/networking in order to post logs

 

 

 

threat scan took less than 2 min. and found nothing

 

 

 

Farbar Service Scanner Version: 17-01-2015
Ran by JPR (administrator) on 23-01-2015 at 09:18:52
Running from "C:\Users\JPR\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
 
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 1/23/2015 8:56:52 AM, SYSTEM, MADDIE-PC, Scheduler, Failed, Unable to access update server, 
Update, 1/23/2015 8:58:01 AM, SYSTEM, MADDIE-PC, Scheduler, Failed, Unable to access update server, 
Update, 1/23/2015 9:10:04 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Scan, 1/23/2015 9:11:49 AM, SYSTEM, MADDIE-PC, Manual, Start:1/23/2015 9:10:04 AM, Duration:1 min 44 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 1/23/2015 9:14:25 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:14:29 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:14:30 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:14:39 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:14:40 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:14:41 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:14:42 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:14:44 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:14:45 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:16:16 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:16:17 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:18:02 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:18:08 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Update, 1/23/2015 9:39:44 AM, SYSTEM, MADDIE-PC, Manual, Failed, Unable to access update server, 
Scan, 1/23/2015 9:41:05 AM, SYSTEM, MADDIE-PC, Manual, Start:1/23/2015 9:39:44 AM, Duration:1 min 20 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)

Edited by richclan, 23 January 2015 - 08:53 AM.

  • 0

#58
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

it still locks up after a near normal boot. i have to force shut down and re-boot in safe w/networking in order to post logs

Acknowledged...

Perform a Clean Boot:

Go to this page:

How to perform a clean boot in Windows

Scroll down to:-

How to perform a clean boot and click on the plus sign to expand the menu.

Then click on Windows 7 and Windows Vista >> follow the instructions; then reboot the machine afterwards.

Note: Ensure when disabling services the option Hide all Microsoft services is selected.

Check Hard Disk For Errors:

Download the attached hddcheck.bat below and save to your Desktop:-



Now right-click on hddcheck.bat and select Run as Administrator to run the batch file. A blank command window will open on your desktop, then close in a few minutes. This is normal and the batch file itself will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

Check for Startup Errors:
  • Depress the Windows + R keys together to launch the Run... box.
  • Cut & paste in eventvwr.msc into the box and click on OK
  • If prompted by the User Account Control, allow this.
  • In the left pane of Event Viewer, double click on Windows Logs to expand the drop down menu.
  • Now left click once on Application then right click on Application and select Find.
  • Cut & paste in wininit into the Find box and click on Find Next.
  • When the search completes you should see the log displayed in the central pane, close the Find window.
  • In the right hand pane click on Copyand select Copy details as text.
  • Come back to this topic and right click in the message box and select Paste, the log should appear etc

  • 0

#59
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
hey thanks; this on seems to be a real PITA

The type of the file system is NTFS.
Volume label is Acer.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
541 large file records processed.

0 bad file records processed.

0 EA records processed.

92 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...

Errors found. CHKDSK cannot continue in read-only mode.








Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 1/22/2015 2:45:58 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: maddie-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is Acer.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x11ec07 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x19c4d is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 105549.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x11d35f for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0x1aadc is already in use.
Deleted corrupt attribute list entry
with type code 128 in file 109276.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1200000001bb42. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 113474.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1d00000001fdf1. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 130545.
226048 file records processed.

File verification completed.
545 large file records processed.

0 bad file records processed.

0 EA records processed.

92 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
The multi-sector header signature for VCN 0x0 of index $I30
in file 0x406 is incorrect.
4d 00 4f 00 52 00 59 00 2e 00 44 00 4d 00 50 00 M.O.R.Y...D.M.P.
0d 00 0a 00 0d 00 0a 00 0d 00 0a 00 5b 00 30 00 ............[.0.
Correcting error in index $I30 for file 1030.
The index bitmap $I30 in file 0x406 is incorrect.
Correcting error in index $I30 for file 1030.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 ................
ff ff ff ff ff ff ff ff 44 68 89 9e 30 eb cb 01 ........Dh..0...
66 7b 63 58 32 eb cb 01 66 7b 63 58 32 eb cb 01 f{cX2...f{cX2...
Sorting index $I30 in file 1030.
296160 index entries processed.

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file AMD64_~1.MAN (2095) into directory file 1030.
Recovering orphaned file amd64_52aef195cc13c223f902b20a34186baa_31bf3856ad364e35_6.1.7600.17700_none_ee65c694160d2f10.manifest (2095) into directory file 1030.
Recovering orphaned file AMD64_~2.MAN (2097) into directory file 1030.
Recovering orphaned file amd64_b0dc6d7cedd48dac96a30d17119c86fb_31bf3856ad364e35_6.1.7600.17700_none_842e140413d2d73b.manifest (2097) into directory file 1030.
Recovering orphaned file AMD64_~3.MAN (2214) into directory file 1030.
Recovering orphaned file amd64_be80366691fda8b1ead6f31aeed1bf2f_31bf3856ad364e35_6.1.7600.17700_none_09e2f62dd5035e56.manifest (2214) into directory file 1030.
Recovering orphaned file AMD64_~4.MAN (2219) into directory file 1030.
Recovering orphaned file amd64_d836cf2301eb13947d175d2003750329_31bf3856ad364e35_6.1.7600.17700_none_eb5c3a9847fbb36b.manifest (2219) into directory file 1030.
Recovering orphaned file AM07C7~1.MAN (2609) into directory file 1030.
Recovering orphaned file amd64_ee21facaa97b6000b4b30442ab6115d5_31bf3856ad364e35_6.1.7600.17700_none_4033ff5c49ab6f1d.manifest (2609) into directory file 1030.
Recovering orphaned file AMD64_~1.177 (5467) into directory file 1030.
Recovering orphaned file amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7600.17700_none_e3f29b5412ca4a56 (5467) into directory file 1030.
7 unindexed files scanned.

Recovering orphaned file AMD64_~2.177 (89440) into directory file 1030.
Recovering orphaned file amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7600.17700_none_646a3f4c63725845 (89440) into directory file 1030.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
226048 file SDs/SIDs processed.

Cleaning up 85 unused index entries from index $SII of file 0x9.
Cleaning up 85 unused index entries from index $SDH of file 0x9.
Cleaning up 85 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 105549.
Inserting data attribute into file 109276.
35059 data files processed.

CHKDSK is verifying Usn Journal...
8395072 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

229413887 KB total disk space.
78603688 KB in 186194 files.
116532 KB in 35058 indexes.
4 KB in bad sectors.
310859 KB in use by the system.
65536 KB occupied by the log file.
150382804 KB available on disk.

4096 bytes in each allocation unit.
57353471 total allocation units on disk.
37595701 allocation units available on disk.

Internal Info:
00 73 03 00 51 60 03 00 bc 4a 06 00 00 00 00 00 .s..Q`...J......
ac 0e 00 00 5c 00 00 00 00 00 00 00 00 00 00 00 ....\...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-22T19:45:58.000000000Z" />
<EventRecordID>53041</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>maddie-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is Acer.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x11ec07 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x19c4d is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 105549.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x11d35f for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0x1aadc is already in use.
Deleted corrupt attribute list entry
with type code 128 in file 109276.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1200000001bb42. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 113474.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1d00000001fdf1. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 130545.
226048 file records processed.

File verification completed.
545 large file records processed.

0 bad file records processed.

0 EA records processed.

92 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
The multi-sector header signature for VCN 0x0 of index $I30
in file 0x406 is incorrect.
4d 00 4f 00 52 00 59 00 2e 00 44 00 4d 00 50 00 M.O.R.Y...D.M.P.
0d 00 0a 00 0d 00 0a 00 0d 00 0a 00 5b 00 30 00 ............[.0.
Correcting error in index $I30 for file 1030.
The index bitmap $I30 in file 0x406 is incorrect.
Correcting error in index $I30 for file 1030.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 ................
ff ff ff ff ff ff ff ff 44 68 89 9e 30 eb cb 01 ........Dh..0...
66 7b 63 58 32 eb cb 01 66 7b 63 58 32 eb cb 01 f{cX2...f{cX2...
Sorting index $I30 in file 1030.
296160 index entries processed.

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file AMD64_~1.MAN (2095) into directory file 1030.
Recovering orphaned file amd64_52aef195cc13c223f902b20a34186baa_31bf3856ad364e35_6.1.7600.17700_none_ee65c694160d2f10.manifest (2095) into directory file 1030.
Recovering orphaned file AMD64_~2.MAN (2097) into directory file 1030.
Recovering orphaned file amd64_b0dc6d7cedd48dac96a30d17119c86fb_31bf3856ad364e35_6.1.7600.17700_none_842e140413d2d73b.manifest (2097) into directory file 1030.
Recovering orphaned file AMD64_~3.MAN (2214) into directory file 1030.
Recovering orphaned file amd64_be80366691fda8b1ead6f31aeed1bf2f_31bf3856ad364e35_6.1.7600.17700_none_09e2f62dd5035e56.manifest (2214) into directory file 1030.
Recovering orphaned file AMD64_~4.MAN (2219) into directory file 1030.
Recovering orphaned file amd64_d836cf2301eb13947d175d2003750329_31bf3856ad364e35_6.1.7600.17700_none_eb5c3a9847fbb36b.manifest (2219) into directory file 1030.
Recovering orphaned file AM07C7~1.MAN (2609) into directory file 1030.
Recovering orphaned file amd64_ee21facaa97b6000b4b30442ab6115d5_31bf3856ad364e35_6.1.7600.17700_none_4033ff5c49ab6f1d.manifest (2609) into directory file 1030.
Recovering orphaned file AMD64_~1.177 (5467) into directory file 1030.
Recovering orphaned file amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7600.17700_none_e3f29b5412ca4a56 (5467) into directory file 1030.
7 unindexed files scanned.

Recovering orphaned file AMD64_~2.177 (89440) into directory file 1030.
Recovering orphaned file amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7600.17700_none_646a3f4c63725845 (89440) into directory file 1030.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
226048 file SDs/SIDs processed.

Cleaning up 85 unused index entries from index $SII of file 0x9.
Cleaning up 85 unused index entries from index $SDH of file 0x9.
Cleaning up 85 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 105549.
Inserting data attribute into file 109276.
35059 data files processed.

CHKDSK is verifying Usn Journal...
8395072 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

229413887 KB total disk space.
78603688 KB in 186194 files.
116532 KB in 35058 indexes.
4 KB in bad sectors.
310859 KB in use by the system.
65536 KB occupied by the log file.
150382804 KB available on disk.

4096 bytes in each allocation unit.
57353471 total allocation units on disk.
37595701 allocation units available on disk.

Internal Info:
00 73 03 00 51 60 03 00 bc 4a 06 00 00 00 00 00 .s..Q`...J......
ac 0e 00 00 5c 00 00 00 00 00 00 00 00 00 00 00 ....\...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
  • 0

#60
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

hey thanks; this on seems to be a real PITA

You're welcome and aye it is just a tad. For the time being leave the machine in the clean boot state until I advise otherwise please.

Hard-Drive Maintenance/Repair:
  • Click Start(Windows 7 Orb) >> Run..(or the Windows key and R together) to bring up the Run box.
  • Cut and paste in cleanmgr into the Run box and press OK >> OK
  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Delete Files.
Next:-
  • Click on Start(Windows 7 Orb).
  • Click on All Programs >> Accessories
  • Right click on Command Prompt and select Run as Administrator.
  • Click on Continue at the UAC prompt.
  • At the Command Prompt C:\Windows\System32> type in the following exactly:
  • CD C:\
  • Then depress the Enter/Return key, then type in the following exactly:
  • DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Windows7CHKDSK.jpg

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Next:

Let myself know when completed the above and we will then go from there, thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP