Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

requested resource is in use.. cannot run mc Affee or any other antivi

antivirus disabled virus cannot access files can not delete virus

  • Please log in to reply

#61
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

I tried to run the malware and got the prompt that the requested resource is in use.   ugggh... now what? was I supposed to run them as administrator?

even as administrator I got the prompt.. 


  • 0

Advertisements


#62
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,166 posts
I know what you mean when you say it was easier when the kids were gone. Mine are all grown though they came home for Thanksgiving. They left again to visit other family and came back. They finally all went home yesterday, though in the meantime my daughter decided my house was the go to house to kill time and save gas till the hubby got off work and my 2 yr old granddaughter is a handful.

Also, can we not use the mbar file we already downloaded previously? the one that kept freezing? or is this different?


The Malwarebytes Anti-malware that I had you download here is different than the Malwarebytes Anti-rootkit that I had you download here.

Whenever new rootkits emerge, Malwarebytes Anti-Rootkit BETA will be updated and released to address the new threats as soon as possible and once the time comes for the next Malwarebytes Anti-Malware release after that, it will then integrate those changes into that database engine. This enables the researchers/developers at Malwarebytes to stay on top of the latest rootkit threats.

I have no idea why we are having so much trouble with this infection. Every time we run a fix script a little more is removed each time but then fresh FRST logs show that it was not removed, yet if we run a fix again it says "not found" in the fix logs. I am obviously missing something here.

Let's see a fresh set of logs. Go ahead and run FRST64.exe from the desktop in normal mode. I want to see if anything respawned.
  • 0

#63
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

ok!!

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-11-2017
Ran by April (30-11-2017 12:19:03)
Running from C:\Users\April\Desktop
Windows 10 Home Version 1703 15063.726 (X64) (2017-05-22 11:11:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2751042415-2246998964-2558403214-500 - Administrator - Disabled)
April (S-1-5-21-2751042415-2246998964-2558403214-1001 - Administrator - Enabled) => C:\Users\April
DefaultAccount (S-1-5-21-2751042415-2246998964-2558403214-503 - Limited - Disabled)
Guest (S-1-5-21-2751042415-2246998964-2558403214-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2751042415-2246998964-2558403214-1005 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
4 Elements II (HKLM-x32\...\WTA-ef65e410-974d-46a7-bc19-e92d9f4d7e90) (Version: 2.2.0.98 - WildTangent) Hidden
[email protected] Boot Disk 10 (HKLM-x32\...\{9770BCC6-C50D-41D7-AE07-5B796D630052}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.6 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{49F51ACB-7CDD-3728-1E9E-49398FF8BA95}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AVIGenerator 1.8.0.0 (HKLM-x32\...\AVIGenerator) (Version: 1.8.0.0 - )
Bejeweled 3 (HKLM-x32\...\WTA-e35bc750-31fc-4947-b563-7eeaf2884b61) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-c6f54e1e-b78f-4eb7-b83f-9dc46e5b44c6) (Version: 2.2.0.98 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
Canon TS5000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5000_series) (Version: 1.01 - Canon Inc.)
Canon TS5000 series On-screen Manual (HKLM-x32\...\Canon TS5000 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
Canon TS5000 series User Registration (HKLM-x32\...\Canon TS5000 series User Registration) (Version:  - ‭Canon Inc.)
Chuzzle Deluxe (HKLM-x32\...\WTA-742ccb6f-b1bf-49dc-a215-1e958ad66a38) (Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-837a9cfe-991c-46c5-b0bb-e7008be29aad) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-89dfc2e3-cf01-4092-9088-1e0a87819cbb) (Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DragonBoost (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\DragonBoost) (Version:  - ) <==== ATTENTION
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WTA-073d8289-e4b7-451f-9203-b739d5aeab0c) (Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (HKLM-x32\...\WTA-be44d8a2-c7ed-4257-ad57-67a66b8e946b) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-96e9659b-ea02-4dbe-a569-4803e370d1ac) (Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (HKLM-x32\...\WTA-c9eba096-c976-4c75-ad23-db15430a459d) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-86cbf3bf-b897-4b80-9d18-e7e1aa6b6e0c) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-65da518b-433c-448f-8303-616cb8dbc34b) (Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.37.11 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1434 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
IHA_MessageCenter (HKLM-x32\...\{3EECDAD2-50D8-41B2-A8BA-359ED85D2D5F}) (Version: 1.9.1 - Verizon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.2.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-db329c41-02b5-4c0d-90c5-0a422c4a4ace) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-fea4321d-d522-4a20-b715-1e89256e3701) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Codec Pack 13.1.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.1.6 - KLCP)
KMSpico v9.0.4.20131110 (Beta2) (HKLM\...\KMSpico_is1) (Version: 9.0.4.20131110 - )
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Luxor Evolved (HKLM-x32\...\WTA-40a1e484-65e8-44b4-ac98-65377b9ab27b) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-61987586-0ab0-4606-9df6-c27b15c18995) (Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) ENU  (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 9.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-e380f873-2320-4813-9a4e-f3148386489e) (Version: 2.2.0.98 - WildTangent) Hidden
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (HKLM-x32\...\{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}) (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (HKLM\...\{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}) (Version: 5.4.0 - Motorola Inc.) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-385406e8-ac4b-4241-b42a-408bfc920bbe) (Version: 2.2.0.98 - WildTangent) Hidden
Nero 8 Micro 8.3.6.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
NetViewer 2.1.348.0 (HKLM-x32\...\NetViewer) (Version: 2.1.348.0 - )
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-6a634b0f-fe68-4c90-bd5c-7d3226690a21) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-93ddd3cf-ffcf-4017-969d-8cf4a8fc7763) (Version: 2.2.0.98 - WildTangent) Hidden
PlayBack 1.0.1.14 (HKLM-x32\...\PlayBack) (Version: 1.0.1.14 - )
Polar Bowler (HKLM-x32\...\WTA-9bdfb1ba-787f-40f6-8803-2da3af3a1938) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-201ac228-bcd5-4839-95a2-cb5a9f228b17) (Version: 2.2.0.98 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-e7fce72e-fa39-48d9-b326-239dae7772d0) (Version: 2.2.0.98 - WildTangent) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-692ce175-eb92-4d57-a952-b0d69f8f66fc) (Version: 2.2.0.110 - WildTangent) Hidden
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\UserTestingPlugin) (Version:  - UserTesting.com)
Vacation Quest™ - Australia (HKLM-x32\...\WTA-7e5996d0-ae63-495c-8e4c-942a5e5e23f8) (Version: 2.2.0.98 - WildTangent) Hidden
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.9 - Verizon)
Verizon Online Backup and Sharing for PC (HKLM-x32\...\{00CBEAB1-3FF4-4A94-AA71-237297D75526}) (Version: 5.1.24.11 - Verizon)
Verizon Online Share Drive (HKLM-x32\...\{606DBC4C-CFC8-4437-A2D8-64A88351BB47}) (Version: 2.1.11 - Verizon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
ZPlayer version 1.0.15.0 (HKLM-x32\...\{A75F6799-58BE-4cfa-AA94-8A9173C6AA7B}_is1) (Version: 1.0.15.0 - )
Zuma's Revenge (HKLM-x32\...\WTA-bb74e17d-6a9d-4992-a1bf-59e639543a0a) (Version: 2.2.0.98 - WildTangent) Hidden
Zviewer version 2.0.0.10 (HKLM-x32\...\{1B00336F-393F-4DC7-9956-42C69ED6565E}_is1) (Version: 2.0.0.10 - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers1: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers4: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers6: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FF914FB-019D-4A3B-B2E2-A42FFF4E2177} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1893CD82-97F3-4F46-9241-A24F6000BF51} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {1EABA3E7-E481-4536-B0F7-8E7998D9D39C} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {1F70A3FF-F9A3-4C92-AE67-75E107E6C729} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {2A23B3FB-93B4-424D-B4B8-3142D95620FC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-16] ()
Task: {2A5C7EE7-67F5-4D07-A6CE-BA80D704CEE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {2B4BC560-AF1C-4EDE-A075-E1010AFD3CBC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-31] (McAfee, Inc.)
Task: {305D3FF9-FD13-4933-8213-DE556BAC4318} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA1d257efe2e63987 => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3795C737-5A09-4980-91E8-DB965BD343CB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {3D641F02-80B9-488E-A6EC-39BC981AB4D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3E5D69AD-FAAE-47E9-9512-ED83D6EB8328} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {41B20BC2-667A-4FF3-8B74-C0CB73F78C8C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {453BF074-2835-4457-BD55-567FC4BC13F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {4C873FCD-2F87-44C3-AE28-2CECF9BB4645} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {4DC54EBE-6786-460F-839E-7319EC553868} - System32\Tasks\HPCeeScheduleForApril => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {516DC611-9D8F-472E-A5FA-E0BC96E04CCB} - System32\Tasks\HPCeeScheduleForAPRILKAY$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {52AF8A46-4A6F-4BBD-B107-12B5D66D8637} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {53ACC885-D0EF-446D-97DB-5B5B9A368ED4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {58CFF2E0-178A-4D57-8421-34C36A6E0196} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {59E8A881-1394-45E8-9721-AE22227B6186} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {5C3E60E8-2B3C-4A6E-B88A-9488084B00B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6AC31E10-BBB9-49B7-8820-2EBBE618CCF0} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-05-10] ()
Task: {6BB952AB-9BE0-4CE2-A6BA-B9C486B0F50A} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {7C55B1F4-8F4E-4C5C-9170-FF8A65D3FCF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {88126F71-7126-4B04-AD7D-6D848BEAB97B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {8AB20F1F-B79E-4C1C-B636-AEFCE85B0434} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {8E98C408-C55D-47EA-AC21-28F7E696F55E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {90DB022D-742E-43C4-B006-2D5679C1DA89} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {94D35FC4-BF49-44F8-A3BC-50282E2A59FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BD74DDFA-4AB0-4379-B2F4-D558BFE44FCF} - System32\Tasks\{531BBD63-DB5D-4531-A255-17EEC2DEB6F2} => C:\WINDOWS\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {C6687B24-0D24-49E1-AF81-8CAA842D2F9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CA1A7FB1-DF48-429F-A1B2-67374C921951} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-04-27] (Synaptics Incorporated)
Task: {CD321F0F-AA3B-4033-879F-B9FB731F6C76} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {D917C74E-6C91-4389-B1B9-528600A7069C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core1d257efe2a75280 => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FC108894-32D3-4230-80D4-90824E1AA4E3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {FC9A8789-6F92-4F92-BD92-1CFCA142A738} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core.job => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA.job => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForApril.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAPRILKAY$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\April\Desktop\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\April\Desktop\Vorsprung.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=henidbeahjgfpjmfakeeimkiikbijiph
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vorsprung.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=henidbeahjgfpjmfakeeimkiikbijiph
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
==================== Loaded Modules (Whitelisted) ==============
2017-03-18 12:57 - 2017-03-18 12:57 - 000377344 _____ () c:\windows\system32\SSDM.dll
2014-05-06 02:37 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-12-06 13:00 - 2011-12-06 13:00 - 000214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2017-03-21 02:26 - 2017-01-31 04:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-12-06 13:00 - 2011-12-06 13:00 - 000784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-29 22:43 - 2017-11-29 22:44 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-29 22:43 - 2017-11-29 22:44 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-29 22:43 - 2017-11-29 22:44 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-29 22:43 - 2017-11-29 22:44 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-29 22:43 - 2017-11-29 22:44 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2013-05-29 09:38 - 2012-06-07 19:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\hola.org -> hxxp://hola.org
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2017-11-26 13:32 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\April\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Dataup =>
MSCONFIG\Services: srcsrv => 2
HKLM\...\StartupApproved\StartupFolder: => "Verizon Online Backup and Sharing for PC.lnk"
HKLM\...\StartupApproved\Run: => "VerizonCloud"
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"
HKLM\...\StartupApproved\Run32: => "ICF"
HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "NielsenOnline"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "SynchronossPC"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "AccelerometerSysTrayApplet"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{E2C10728-7DA8-4810-A169-EBB96B066434}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{9F926CA7-725A-40A9-AFAD-39A3ACFC576E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{470A75AB-3770-48A0-A040-8CB9C5387520}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{A13FAC58-F555-42FA-B628-9DEA767EFF86}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{399279A7-320C-4C4B-999D-B479947A4DE7}C:\users\april\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\april\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{62B976F3-28CB-48AC-BA01-9B04511C540A}C:\users\april\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\april\appdata\roaming\utorrent\utorrent.exe
==================== Restore Points =========================
15-11-2017 14:29:22 Windows Update
24-11-2017 22:40:14 Restore Point Created by FRST
28-11-2017 16:31:23 Windows Update
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (11/29/2017 10:08:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0xc0000005
Fault offset: 0x000000000001d36d
Faulting process id: 0x1f08
Faulting application start time: 0x01d369a197820b89
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e0901726-f4c6-437c-8a46-435a6c6938f8
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/29/2017 10:02:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0xc0000005
Fault offset: 0x000000000001d36d
Faulting process id: 0x3048
Faulting application start time: 0x01d369a0c08a5cb2
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 19795456-3e56-4da6-8c61-cb1d7348c14f
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/29/2017 10:01:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0xc0000005
Fault offset: 0x000000000001d36d
Faulting process id: 0x225c
Faulting application start time: 0x01d369a0ae67dfcc
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5f9ecfc5-4489-4765-abc8-46750e6844c5
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/29/2017 09:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000409
Fault offset: 0x000000000009626f
Faulting process id: 0x2f08
Faulting application start time: 0x01d3699ff900c0d2
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 267be133-f009-45dc-bb9d-ccb39f37e796
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/29/2017 09:51:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000409
Fault offset: 0x000000000009626f
Faulting process id: 0x1a60
Faulting application start time: 0x01d3699f34791d34
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 25fc020f-ff24-4b12-b161-8d7091c7f3fa
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/29/2017 05:13:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0xc0000005
Fault offset: 0x000000000001d36d
Faulting process id: 0x2258
Faulting application start time: 0x01d369787481e55a
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 04445692-289a-40a6-9633-3bf90cd0614d
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/29/2017 05:07:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0xc0000005
Fault offset: 0x000000000001d36d
Faulting process id: 0x2fec
Faulting application start time: 0x01d369779d984990
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: c7b8dc97-0944-408b-a8bf-fa28b66fca52
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/29/2017 05:01:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0xc0000005
Fault offset: 0x000000000001d36d
Faulting process id: 0x13e8
Faulting application start time: 0x01d36976c591dce7
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f13efbff-f5f0-49b1-9d6b-e55cdd99e8b5
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/29/2017 04:56:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0xc0000005
Fault offset: 0x000000000001d36d
Faulting process id: 0x2154
Faulting application start time: 0x01d36975fdea0225
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: a7e28f4b-463e-4e83-8a9c-784c791948d3
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/29/2017 04:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b
Exception code: 0xc0000005
Fault offset: 0x000000000001d36d
Faulting process id: 0x2130
Faulting application start time: 0x01d36975292227e0
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 25809f98-bdf5-466c-ab00-37605b5d3ae0
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

System errors:
=============
Error: (11/30/2017 12:17:24 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/30/2017 12:17:22 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/30/2017 12:17:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/30/2017 12:17:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/30/2017 12:17:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/30/2017 12:17:14 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/30/2017 12:17:12 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/30/2017 12:17:10 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/30/2017 12:17:08 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/30/2017 12:17:06 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

CodeIntegrity:
===================================
  Date: 2017-11-30 12:20:10.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-30 12:20:10.486
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-30 12:20:09.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-30 12:20:09.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-30 12:18:48.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-30 12:18:48.111
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-30 12:12:31.993
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-30 12:12:31.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-30 05:23:29.716
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-30 05:23:29.711
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 6036.27 MB
Available physical RAM: 3688.29 MB
Total Virtual: 7686.27 MB
Available Virtual: 5223.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:672.21 GB) (Free:477.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.8 GB) (Free:2.92 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:29.31 GB) (Free:29.29 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7F2D3A4D)
Partition: GPT.
========================================================
Disk: 1 (Size: 29.3 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2017
Ran by April (administrator) on APRILKAY (30-11-2017 12:14:27)
Running from C:\Users\April\Desktop
Loaded Profiles: April (Available Profiles: April & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [VerizonCloud] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files (x86)\Verizon\Verizon Online Share Drive\vewatch.exe [17408 2012-07-31] (DigiData Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-21] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [cpx] => "C:\Users\April\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup <==== ATTENTION
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [Google Update] => C:\Users\April\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [uTorrent] => C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe [1982144 2017-10-12] (BitTorrent Inc.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [SynchronossPC] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [B6DBB8B0EDF4FDF67A5BF46CB3DA12E3F5D4E945._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [74144 2012-08-10] (Hewlett-Packard Company)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {39843cd8-3120-11e3-be7b-b8763f38aa42} - "F:\TL_Bootstrap.exe"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {5595447e-4ef7-11e7-bfe1-b8763f38aa42} - "G:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Online Backup and Sharing for PC.lnk [2015-01-24]
ShortcutTarget: Verizon Online Backup and Sharing for PC.lnk -> C:\Program Files (x86)\Verizon\Verizon Online Backup and Sharing for PC\DigiData.Host.exe (DigiData)
Startup: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beautify.exe.lnk [2017-04-27]
Startup: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-11-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{00d87d5b-ced8-43ce-9d2e-c589f797a6c2}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9889cd4c-6234-4a7c-85ec-fdb5698dbf18}: [DhcpNameServer] 10.12.30.254 10.12.15.254
Tcpip\..\Interfaces\{eaadcf75-4d3f-478c-8478-412273d618fe}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {37745BC3-A4F1-40D2-BED1-CBDE5CDF93DA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {37745BC3-A4F1-40D2-BED1-CBDE5CDF93DA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {37745BC3-A4F1-40D2-BED1-CBDE5CDF93DA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {A22EA8C9-539D-45F8-83B1-A8BD7130CE8B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_01a233fd_1201_1401_20160526_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: Solution Real 1.0.0.7 -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> C:\Program Files (x86)\Solution Real\SolutionRealBHO.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
IE Session Restore: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> is enabled.
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-07-10] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-25] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-07-22] [Lagacy]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-04-27] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-03-13] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\April\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @talk.google.com/O1DPlugin -> C:\Users\April\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @tools.google.com/Google Update;version=3 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @tools.google.com/Google Update;version=9 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: hp.com/HPDetect -> C:\Users\April\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Users\April\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\April\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.imesh.net/?sver=3&appid=73","hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default [2017-11-30]
CHR Extension: (Google Translate) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-19]
CHR Extension: (Duolingo on the Web) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2017-04-17]
CHR Extension: (Google Voice Extension) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aladafhcgmligibhilgpfncgdfccepgh [2013-10-02]
CHR Extension: (Docs) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Fotor Photo Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2017-09-04]
CHR Extension: (YouTube) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Guitarist's Reference) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2014-11-30]
CHR Extension: (One Number) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi [2013-10-02]
CHR Extension: (Plugins) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop [2016-10-22]
CHR Extension: (Google Search) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Guitar Tuner) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhglmpmegfnbclojedloihcbkemoiddi [2013-10-02]
CHR Extension: (Polarr Photo Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-11-25]
CHR Extension: (Guitar Tab Viewer) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng [2013-10-02]
CHR Extension: (Fotor Extension) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\eicdknplohdampjgndodmhblklhhnkbn [2017-05-08]
CHR Extension: (Google Docs Offline) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-21]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-07-08]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-29]
CHR Extension: (Vorsprung) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\henidbeahjgfpjmfakeeimkiikbijiph [2016-10-28]
CHR Extension: (Auto Show Texts in Google Voiceâ„¢) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhbkniagfcnoomhcaaoalkjmdejfmml [2013-10-02]
CHR Extension: (Kindle Cloud Reader) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-02-04]
CHR Extension: (Pixlr Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-05-28]
CHR Extension: (SIGNtalk) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbninbhmfefcmefgkapeaflfagppahi [2017-06-25]
CHR Extension: (iPiccy Photo Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2017-05-08]
CHR Extension: (Google Voice (by Google)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-04-09]
CHR Extension: (Google Hangouts) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-04]
CHR Extension: (Google Play) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-10-22]
CHR Extension: (Tweaks for Google Voice™) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomidmppcdmojcgfnpfkmhbnakbnmaff [2016-12-07]
CHR Extension: (AdRemover for Google Chrome™) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2017-04-13]
CHR Extension: (Guitar Chords) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\megglpjmadjmghjegnallnhiknjnnjhh [2013-10-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-28]
CHR Extension: (Google Hangouts) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-01]
CHR Extension: (Google Voice Paginated Texts) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\necmgnhmkphmjpddncmklalagjebbbea [2016-12-07]
CHR Extension: (No Name) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-10-02]
CHR Extension: (Gmail) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2014-04-09]
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-26]
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350576 2017-03-13] (WildTangent)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-16] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KMSServerService; C:\Program Files\KMSpico\KMSServer.exe [38454 2017-06-20] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188264 2017-04-18] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-17] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-21] (Intel Security, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
S2 0291631511534851mcinstcleanup; C:\WINDOWS\TEMP\029163~1.EXE -cleanup -nolog [X]
S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 364369A6; C:\WINDOWS\system32\drivers\364369A6.sys [255928 2017-11-26] (Malwarebytes)
S3 57B12115; C:\WINDOWS\system32\drivers\57B12115.sys [255928 2017-11-26] (Malwarebytes)
S3 6215017A; C:\WINDOWS\system32\drivers\6215017A.sys [255928 2017-11-27] (Malwarebytes)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [192952 2017-11-27] (Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-18] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-18] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
R1 MpKsl3acf4e62; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0D1C93A8-AF37-4281-8EAB-10E7775EF7E9}\MpKsl3acf4e62.sys [58120 2017-11-28] (Microsoft Corporation)
R1 MpKsl77b18701; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FFFA0729-8FA0-4CBC-8018-9FF873439704}\MpKsl77b18701.sys [58120 2017-11-30] (Microsoft Corporation)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-30 12:14 - 2017-11-30 12:18 - 000040681 _____ C:\Users\April\Desktop\FRST.txt
2017-11-30 12:13 - 2017-11-30 12:13 - 002391552 _____ (Farbar) C:\Users\April\Desktop\FRST64.exe
2017-11-29 10:06 - 2017-11-29 10:06 - 001129816 _____ (Google Inc.) C:\Users\April\Desktop\ChromeSetup.exe
2017-11-29 09:27 - 2017-11-29 09:27 - 078346672 _____ (Malwarebytes ) C:\Users\April\Desktop\mb3-setup-consumer-3.3.1.2183.exe
2017-11-29 08:40 - 2017-11-29 08:43 - 078346672 _____ (Malwarebytes ) C:\Users\April\Desktop\mb3-setup-adwc.adwc100.3.3.1.2183.exe
2017-11-29 08:39 - 2017-11-29 08:39 - 008261584 _____ (Malwarebytes) C:\Users\April\Desktop\adwcleaner_7.0.4.0.exe
2017-11-28 21:53 - 2017-11-28 21:53 - 000000000 ___HD C:\OneDriveTemp
2017-11-28 14:19 - 2017-11-28 14:23 - 000521700 _____ C:\WINDOWS\Minidump\112817-38500-01.dmp
2017-11-28 12:21 - 2017-11-28 12:25 - 000427292 _____ C:\WINDOWS\Minidump\112817-88875-01.dmp
2017-11-27 12:40 - 2017-11-27 12:40 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6215017A.sys
2017-11-27 12:39 - 2017-11-27 12:39 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-26 20:25 - 2017-11-26 20:37 - 000033792 _____ C:\WINDOWS\system32\UserMgrLog.etl
2017-11-26 20:25 - 2017-11-26 20:37 - 000021504 _____ C:\WINDOWS\system32\umstartup.etl
2017-11-26 18:49 - 2017-11-26 18:59 - 000501220 _____ C:\WINDOWS\Minidump\112617-170390-01.dmp
2017-11-26 17:28 - 2017-11-26 20:45 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\57B12115.sys
2017-11-26 17:13 - 2017-11-26 17:16 - 000556940 _____ C:\WINDOWS\Minidump\112617-40890-01.dmp
2017-11-26 13:20 - 2017-11-26 13:20 - 000007852 _____ C:\Users\April\Downloads\fixlist (1).txt
2017-11-25 15:47 - 2017-11-26 16:47 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\364369A6.sys
2017-11-25 15:47 - 2017-11-25 15:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-25 15:46 - 2017-11-27 17:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-25 15:46 - 2017-11-27 12:39 - 000000000 ____D C:\Users\April\Desktop\mbar
2017-11-25 15:45 - 2017-11-25 15:42 - 014161479 _____ C:\Users\April\Desktop\mbar-1.10.3.1001-nr.exe
2017-11-25 15:42 - 2017-11-25 15:42 - 014161479 _____ C:\Users\April\Downloads\mbar-1.10.3.1001-nr.exe
2017-11-24 21:47 - 2017-11-24 21:47 - 000007852 _____ C:\Users\April\Downloads\fixlist.txt
2017-11-24 18:33 - 2017-11-30 12:13 - 000000000 ____D C:\Users\April\Desktop\FRST-OlderVersion
2017-11-24 18:32 - 2017-11-30 12:14 - 000000000 ____D C:\FRST
2017-11-24 14:53 - 2017-11-24 14:56 - 000557084 _____ C:\WINDOWS\Minidump\112417-100531-01.dmp
2017-11-23 23:33 - 2017-11-23 23:34 - 002393088 _____ (Farbar) C:\Users\April\Downloads\FRST64 (1).exe
2017-11-17 22:31 - 2017-11-17 22:34 - 000557036 _____ C:\WINDOWS\Minidump\111717-49921-01.dmp
2017-11-17 22:19 - 2017-11-17 22:21 - 000419404 _____ C:\WINDOWS\Minidump\111717-64156-01.dmp
2017-11-17 21:31 - 2017-11-17 21:31 - 002392576 _____ (Farbar) C:\Users\April\Downloads\FRST64.exe
2017-11-16 17:31 - 2017-11-16 17:31 - 000116847 _____ C:\Users\April\Downloads\social security online Create a Login Account.pdf
2017-11-16 02:18 - 2017-11-16 02:18 - 000000000 ____D C:\ProgramData\HP
2017-11-16 02:18 - 2017-11-16 02:18 - 000000000 ____D C:\Program Files\HP
2017-11-15 14:05 - 2017-11-01 20:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 14:05 - 2017-11-01 20:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 14:05 - 2017-11-01 20:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 14:05 - 2017-11-01 20:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 14:05 - 2017-10-15 06:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 14:04 - 2017-11-01 21:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 14:04 - 2017-11-01 20:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 14:04 - 2017-11-01 20:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 14:04 - 2017-11-01 20:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 14:04 - 2017-11-01 20:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 14:04 - 2017-11-01 20:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 14:04 - 2017-11-01 20:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 14:04 - 2017-11-01 20:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 14:04 - 2017-11-01 20:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 14:04 - 2017-11-01 20:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 14:04 - 2017-11-01 20:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 14:04 - 2017-11-01 20:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 14:04 - 2017-11-01 20:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 14:04 - 2017-11-01 20:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 14:04 - 2017-11-01 20:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 14:04 - 2017-11-01 20:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 14:04 - 2017-11-01 20:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 14:04 - 2017-10-24 23:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 14:04 - 2017-10-15 07:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 14:04 - 2017-10-15 06:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 14:04 - 2017-10-15 06:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 14:04 - 2017-10-15 06:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 14:03 - 2017-11-01 20:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 14:03 - 2017-11-01 20:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 14:03 - 2017-11-01 20:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 14:03 - 2017-11-01 20:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 14:03 - 2017-11-01 20:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 14:03 - 2017-11-01 20:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 14:03 - 2017-11-01 20:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 14:03 - 2017-11-01 20:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 14:03 - 2017-11-01 20:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 14:03 - 2017-11-01 20:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 14:03 - 2017-11-01 20:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 14:03 - 2017-10-15 06:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 14:03 - 2017-10-15 06:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 14:03 - 2017-10-15 06:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 14:03 - 2017-10-15 06:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 14:03 - 2017-10-15 06:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 14:00 - 2017-11-01 20:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 14:00 - 2017-11-01 20:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 14:00 - 2017-11-01 20:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 14:00 - 2017-11-01 20:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 14:00 - 2017-11-01 20:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 14:00 - 2017-11-01 20:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 14:00 - 2017-11-01 20:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 14:00 - 2017-11-01 20:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 14:00 - 2017-11-01 20:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 14:00 - 2017-11-01 20:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 14:00 - 2017-11-01 20:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 14:00 - 2017-10-15 06:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 13:59 - 2017-11-01 21:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 13:59 - 2017-11-01 20:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 13:59 - 2017-11-01 20:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 13:59 - 2017-11-01 20:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 13:59 - 2017-11-01 20:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 13:59 - 2017-11-01 20:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 13:59 - 2017-10-15 07:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 13:59 - 2017-10-15 07:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 13:59 - 2017-10-15 06:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 13:45 - 2017-11-01 21:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 13:45 - 2017-11-01 20:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 13:45 - 2017-11-01 20:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 13:45 - 2017-11-01 20:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 13:45 - 2017-11-01 20:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 13:45 - 2017-11-01 20:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 13:44 - 2017-11-01 20:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 13:43 - 2017-11-01 21:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 13:43 - 2017-11-01 21:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 13:43 - 2017-11-01 21:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 13:43 - 2017-11-01 20:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 13:43 - 2017-11-01 20:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 13:43 - 2017-11-01 20:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 13:43 - 2017-11-01 20:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 13:43 - 2017-11-01 20:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 13:43 - 2017-11-01 20:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 13:43 - 2017-11-01 20:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 13:43 - 2017-11-01 20:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 13:43 - 2017-11-01 20:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 13:43 - 2017-11-01 20:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 13:43 - 2017-11-01 20:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 13:43 - 2017-11-01 20:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 13:43 - 2017-11-01 20:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 13:43 - 2017-10-15 06:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 13:43 - 2017-10-15 06:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 13:43 - 2017-10-15 06:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 13:43 - 2017-10-15 06:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 13:42 - 2017-11-01 21:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 13:42 - 2017-11-01 20:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 13:42 - 2017-11-01 20:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 13:42 - 2017-11-01 20:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 13:42 - 2017-11-01 20:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 13:42 - 2017-11-01 20:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 13:42 - 2017-11-01 20:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 13:42 - 2017-11-01 20:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 13:42 - 2017-11-01 20:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 13:42 - 2017-11-01 20:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 13:42 - 2017-11-01 20:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 13:42 - 2017-11-01 20:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 13:42 - 2017-10-15 06:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 13:41 - 2017-11-01 21:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 13:41 - 2017-11-01 21:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 13:41 - 2017-11-01 21:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 13:41 - 2017-11-01 20:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 13:41 - 2017-11-01 20:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 13:41 - 2017-11-01 20:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 13:41 - 2017-11-01 20:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 13:41 - 2017-11-01 20:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 13:41 - 2017-11-01 20:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 13:41 - 2017-11-01 20:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 13:41 - 2017-11-01 20:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 13:41 - 2017-11-01 20:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 13:41 - 2017-10-15 06:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 13:41 - 2017-10-15 06:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 13:41 - 2017-10-15 06:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 13:40 - 2017-11-01 21:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 13:40 - 2017-11-01 20:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 13:40 - 2017-11-01 20:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 13:40 - 2017-11-01 20:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 13:40 - 2017-10-15 06:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 13:40 - 2017-10-15 06:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 13:39 - 2017-11-01 21:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 13:39 - 2017-11-01 21:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 13:39 - 2017-11-01 21:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 13:39 - 2017-11-01 21:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 13:39 - 2017-11-01 20:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 13:39 - 2017-11-01 20:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 13:39 - 2017-11-01 20:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 13:39 - 2017-11-01 20:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 13:39 - 2017-10-15 06:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 13:39 - 2017-10-15 06:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 13:39 - 2017-10-15 06:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 13:38 - 2017-11-01 21:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 13:38 - 2017-11-01 21:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 13:38 - 2017-11-01 21:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 13:38 - 2017-11-01 20:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 13:38 - 2017-11-01 20:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 13:38 - 2017-11-01 20:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 13:38 - 2017-11-01 20:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 13:38 - 2017-11-01 20:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 13:38 - 2017-11-01 20:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 13:38 - 2017-11-01 20:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 13:38 - 2017-11-01 20:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 13:38 - 2017-11-01 20:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 13:38 - 2017-11-01 20:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 13:38 - 2017-11-01 20:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 13:38 - 2017-11-01 20:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 13:38 - 2017-11-01 20:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 13:38 - 2017-10-15 06:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 13:38 - 2017-10-15 06:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 13:38 - 2017-10-15 06:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 13:37 - 2017-11-01 21:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 13:37 - 2017-11-01 21:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 13:37 - 2017-11-01 21:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 13:37 - 2017-11-01 21:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 13:37 - 2017-11-01 21:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 13:37 - 2017-11-01 21:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 13:37 - 2017-11-01 21:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 13:37 - 2017-11-01 21:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 13:37 - 2017-11-01 20:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 13:37 - 2017-11-01 20:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 13:37 - 2017-11-01 20:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 13:37 - 2017-11-01 20:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 13:37 - 2017-11-01 20:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 13:37 - 2017-11-01 20:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 13:37 - 2017-11-01 20:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 13:37 - 2017-11-01 20:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 13:37 - 2017-11-01 20:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 13:37 - 2017-10-15 06:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 13:37 - 2017-10-15 06:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 13:36 - 2017-11-01 21:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 13:36 - 2017-10-15 06:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 13:36 - 2017-10-15 06:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 13:35 - 2017-11-01 21:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 13:35 - 2017-11-01 21:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 13:35 - 2017-11-01 21:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 13:35 - 2017-11-01 21:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 13:35 - 2017-11-01 21:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 13:35 - 2017-11-01 21:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 13:35 - 2017-11-01 21:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 13:35 - 2017-11-01 21:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 13:35 - 2017-11-01 21:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 13:35 - 2017-11-01 21:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 13:35 - 2017-11-01 20:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 13:35 - 2017-11-01 20:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 13:35 - 2017-11-01 20:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 13:35 - 2017-11-01 20:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 13:35 - 2017-11-01 20:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 13:35 - 2017-10-15 06:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 13:35 - 2017-10-15 06:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-12 21:20 - 2017-11-12 21:20 - 000830656 _____ C:\Users\April\Downloads\kilo credit.pdf
2017-11-12 19:56 - 2017-11-12 19:56 - 000137669 _____ C:\Users\April\Downloads\DAVID ARREST.pdf
2017-11-08 04:55 - 2017-11-08 04:57 - 000509980 _____ C:\WINDOWS\Minidump\110817-35312-01.dmp
2017-11-06 19:00 - 2017-11-06 19:00 - 000002029 _____ C:\Users\April\Desktop\Canon IJ Network Tool (2).lnk
2017-11-06 19:00 - 2017-11-06 19:00 - 000001291 _____ C:\Users\April\Desktop\Google Chrome (2).lnk
2017-11-06 19:00 - 2017-11-06 19:00 - 000001099 _____ C:\Users\April\Desktop\Connected Music powered by Meridian.lnk
2017-11-06 19:00 - 2017-11-06 19:00 - 000000903 _____ C:\Users\April\Desktop\Adobe Acrobat XI - Shortcut.lnk
2017-11-05 01:38 - 2017-11-05 01:39 - 000412108 _____ C:\WINDOWS\Minidump\110517-37015-01.dmp
2017-11-04 01:56 - 2017-11-04 01:56 - 000000279 _____ C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-30 12:05 - 2017-05-22 01:15 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E0E4AD9-125A-46E6-839B-185C01240A94}
2017-11-30 12:00 - 2017-05-22 00:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-30 02:55 - 2017-08-23 23:24 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForApril
2017-11-30 02:55 - 2017-08-23 23:24 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForApril.job
2017-11-29 22:44 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-29 22:44 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-29 08:21 - 2016-05-19 00:27 - 000000000 __SHD C:\Users\April\IntelGraphicsProfiles
2017-11-29 08:21 - 2015-04-04 14:19 - 000000000 ____D C:\Temp
2017-11-29 08:21 - 2013-10-31 18:25 - 000000000 __RDO C:\Users\April\SkyDrive
2017-11-29 05:16 - 2017-05-22 00:28 - 000000000 ____D C:\Users\April
2017-11-29 05:10 - 2017-05-22 01:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-28 21:36 - 2017-05-23 21:46 - 000000000 ____D C:\WINDOWS\pss
2017-11-28 21:36 - 2017-03-18 03:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-28 21:34 - 2017-05-23 21:48 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-28 20:26 - 2017-05-22 01:02 - 002064642 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-28 20:26 - 2017-05-22 01:02 - 000543686 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-28 20:26 - 2017-05-22 00:27 - 000007208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-28 17:04 - 2013-10-03 07:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-28 16:43 - 2017-10-11 20:17 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-28 16:37 - 2013-10-03 07:00 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-28 14:19 - 2017-05-22 10:03 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-28 14:19 - 2014-03-06 20:04 - 870964096 _____ C:\WINDOWS\MEMORY.DMP
2017-11-28 14:16 - 2017-07-15 21:50 - 000001291 _____ C:\Users\April\Desktop\Google Chrome.lnk
2017-11-28 14:10 - 2017-03-18 03:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-26 17:11 - 2014-04-09 21:25 - 000000000 ____D C:\Users\April\AppData\Roaming\uTorrent
2017-11-26 15:19 - 2017-08-09 14:23 - 000000000 ____D C:\Users\April\AppData\LocalLow\uTorrent
2017-11-26 13:35 - 2016-07-31 01:04 - 000000000 ____D C:\Users\April\AppData\LocalLow\Temp
2017-11-25 11:47 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-24 23:12 - 2017-06-20 14:21 - 000000000 ____D C:\Users\April\AppData\Roaming\Hola
2017-11-24 22:45 - 2015-01-21 17:49 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-11-24 22:41 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-24 22:41 - 2013-08-22 07:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-24 18:46 - 2017-03-18 13:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-24 18:44 - 2013-10-09 11:18 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-11-24 14:53 - 2015-01-31 06:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-11-24 08:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-24 06:53 - 2015-01-22 12:33 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-11-24 06:52 - 2017-05-22 01:15 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-11-24 06:47 - 2015-01-22 12:33 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-11-24 02:45 - 2017-04-27 21:51 - 000000000 ____D C:\Users\April\AppData\Local\BeautifyDesktop
2017-11-23 23:09 - 2015-01-31 06:47 - 000000000 __RSD C:\Users\April\Documents\McAfee Vaults
2017-11-21 20:18 - 2017-10-13 13:59 - 000000000 ____D C:\Users\April\AppData\LocalLow\Canon Easy-WebPrint EX
2017-11-20 22:08 - 2015-01-22 12:09 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-17 19:49 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-15 18:54 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-15 18:46 - 2013-10-10 21:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-11-15 18:45 - 2013-08-22 05:25 - 000000301 _____ C:\WINDOWS\win.ini
2017-11-15 18:32 - 2013-10-02 07:03 - 000000000 ____D C:\Users\April\AppData\Local\ElevatedDiagnostics
2017-11-15 18:05 - 2016-02-13 05:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-15 17:58 - 2017-05-22 00:19 - 000405488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 17:56 - 2014-06-12 10:19 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAPRILKAY$.job
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 17:30 - 2017-05-22 01:15 - 000003290 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAPRILKAY$
2017-11-15 15:04 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-15 12:49 - 2017-05-22 01:15 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 12:46 - 2016-10-21 21:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-14 23:56 - 2017-05-22 01:15 - 000003710 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA1d257efe2e63987
2017-11-14 23:56 - 2017-05-22 01:15 - 000003442 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core1d257efe2a75280
2017-11-14 23:51 - 2017-05-22 01:15 - 000004538 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 23:51 - 2017-05-22 01:15 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 23:51 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 23:51 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 13:49 - 2013-10-02 07:27 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 23:33 - 2017-05-22 01:15 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 23:33 - 2017-05-22 01:15 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-06 19:01 - 2017-07-22 03:08 - 000000000 ____D C:\Users\April\Desktop\Adobe Acrobat XI
2017-11-05 01:58 - 2017-05-24 03:29 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-04 17:40 - 2017-03-18 13:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 17:40 - 2017-03-18 13:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-02 14:17 - 2017-07-22 10:07 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2751042415-2246998964-2558403214-1001
2017-11-02 14:16 - 2016-05-19 00:41 - 000002405 _____ C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
==================== Files in the root of some directories =======
2016-01-26 04:35 - 2017-01-05 01:05 - 000007595 _____ () C:\Users\April\AppData\Local\Resmon.ResmonCfg
2017-04-27 21:40 - 2017-04-27 21:40 - 000002048 _____ () C:\Users\April\AppData\Local\uninstallro.exe
2014-09-30 00:01 - 2014-09-30 00:01 - 000000000 _____ () C:\Users\April\AppData\Local\{26A95307-47D9-44BF-AF14-EABC861C7C64}
2014-09-29 00:01 - 2014-09-29 00:01 - 000000000 _____ () C:\Users\April\AppData\Local\{50328719-06DF-49DB-8B69-7C03A6642321}
2014-09-23 00:01 - 2014-09-23 00:01 - 000000000 _____ () C:\Users\April\AppData\Local\{6C04BF0D-0783-4B63-A191-87208C96AA0B}
2015-09-06 12:34 - 2015-09-06 12:34 - 000000000 _____ () C:\Users\April\AppData\Local\{7D82360C-B7B5-4ECC-B169-205C12967018}
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\fwcfg.dll
C:\Windows\SysWOW64\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll
C:\Windows\System32\fwcfg.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
LastRegBack: 2017-11-27 13:27
==================== End of FRST.txt ============================

Edited by aKay47, 30 November 2017 - 03:25 PM.

  • 0

#64
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,166 posts
Hi aKay47,
I have been concerned about the following from the get go:

System errors:
=============
Error: (11/30/2017 12:17:24 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


I am starting to think that there could be more issues with the hard drive than one bad sector. Could this be why we are having difficulty here. Not sure, could be though, so let's rule out a failing hard drive before we move forward.

Please do as follows:
  • Right click on the Windows start button and choose Command Prompt (admin).
  • In the Command Prompt window type chkdsk c:/r (or copy and paste) and press Enter.
    Please Note the space between k c:/r
  • The next dialog box will now show the following:

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? <Y/N>
  • Type Y and reboot the computer.
  • Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.
To find the log that is produced please do the following:

Please download ListChkdskResult by SleepyDude to the desktop.
  • Double click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply.

Thank you,

Donna :)
  • 0

#65
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

How did you learn all of this awesome stuff. ?  sorry I have been incommunicado, but I  have all day off today so im ready to rumble.  will do the chkdisk now.  I did want to mention that when I tried a few days ago to run the Malware bytes scan that it said in the beginning before it got stuck that there was a rootkit infection.  I think I snapped a pic of it.. let me check and if I did I will  post it 


  • 0

#66
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,166 posts
I learned all this awesome stuff the same way your are right now. I had a problem with my computer, joined a forum, started a topic, snooped around to see what the forum was all about and thought wow, people from around the world helping total strangers. How cool is that? Stuck around to read and learn more. Too much fun!

Unfortunately I do have to work tomorrow. :( Sunday is a guaranteed day off. :)

I did want to mention that when I tried a few days ago to run the Malware bytes scan that it said in the beginning before it got stuck that there was a rootkit infection.

Yes. You are infected with an older variant of the Smart Service rootkit. I have never had so much trouble removing the infection or running tools. I hope I am wrong but I have a feeling a failing hard drive may be part of the reason.

Looking forward to seeing the results of the chkdsk scan.
  • 0

#67
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
 
listchkdskresults.exe was not available at the link you posted, and I could not find it anywhere .. weird there are so many people referring to it but it is grayed out.  So I did some research and found out how to find the logs.,  the weird thing is that the chkdsk log for todays scan ... I can not find it.. im a dork.  but it took forever to actually finish the check and repair.  I posted the last one that I could find in the event logs.  If you have the file for listchkdsk...  is there another way you could get it to me .. Sorry did the best that I could . 
 
 
this is pre-fix.. as 
this log was dated 11/28/2017
 
Chkdsk was executed in scan mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Stage 1: Examining basic file system structure ...
    Found corrupt basic file structure for "\Users\April\AppData\Local\llssoft\winvmx\data659\Local Storage\https_content.shoprunner.com_0.localstorage-journal <0x9,0xbc0e5>"
        ... repaired online.
                                                                                      
  868352 file records processed.                                                         File verification completed.
                                                                                      
  18401 large file records processed.                                                                                                                          
  0 bad file records processed.                                     
Stage 2: Examining file name linkage ...
                                                                                      
  1074936 index entries processed.                                                        Index verification completed.
    Found corrupt basic file structure for "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi\1.5.6.18_0\_metadata\VERIFI~1.JSO <0x9e,0x101da>"
        ... repaired online.
                                                                                            Found lost file "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Bookmarks <0x62,0x135d5>"; requesting reconnection to index "$I30" of directory "\Users\April\AppData\Local\Google\Chrome\User Data\Default <0x7,0x260dc>"
        ... repaired online.
    Found lost file "\Windows\WinSxS\Temp\InFlight\f24e699c925ed301eb0800003c123819\amd64_netfx4-clr_dll_b03f5f7f11d50a3a_4.0.14917.141_none_52ff0b27b0608d82\clr.dll <0x15,0x8a724>"; requesting reconnection to index "$I30" of directory "\Windows\Microsoft.NET\Framework64\v4.0.30319 <0xf,0x9a383>"
        ... repaired online.
    Found lost file "\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.15063.0_none_5f465bd4c3d3daff\fhuxadapter.dll <0x7,0xa864c>"; requesting reconnection to index "$I30" of directory "\Windows\System32 <0xf,0x9a433>"
        ... repaired online.
    Found 3 missing entries (\Windows\WinSxS\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_10.0.15063.0_none_b09c3ac9b109c7c5\USBCAMD2.sys <0x1,0xb330d>, ...) in index "$I30" of directory "\Windows\System32\drivers <0xf,0x9a47a>"
        ... repaired online.
    Found a file "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi\1.5.6.18_0\_metadata\verified_contents.json <0x9e,0x101da>" with bad links
        ... repaired online.
                                                                                       
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                      
  103294 data files processed.                                            CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has found problems and some were fixed online;
the remaining problems must be fixed offline.
Please run "chkdsk /f" to fix the issues.
 704867485 KB total disk space.
 220598544 KB in 656613 files.
    402348 KB in 103294 indexes.
    964629 KB in use by the system.
     65536 KB occupied by the log file.
 482901908 KB available on disk.
      4096 bytes in each allocation unit.
 176216871 total allocation units on disk.
 120725477 allocation units available on disk.
----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
The attribute of type 0x80 and instance tag 0x4 in file 0xbc0e5
has allocated length of 0x95000000000000 instead of 0x0.
Deleting corrupt attribute record (0x80, "")
from file record segment 0xBC0E5.
Stage 2: Examining file name linkage ...
CHKDSK is scanning unindexed files for reconnect to their original directory.
There is no NTFS file name attribute in file 0x101da.
Correcting minor file name errors in file 101DA.
Recovering orphaned file Bookmarks (135D5) into directory file 260DC.
Recovering orphaned file Bookmarks (135D5) into directory file 260DC.
Recovering orphaned file clr.dll (8A724) into directory file 9A383.
Recovering orphaned file clr.dll (8A724) into directory file 9A383.
Recovering orphaned file fhuxadapter.dll (A864C) into directory file 9A433.
Recovering orphaned file fhuxadapter.dll (A864C) into directory file 9A433.
Recovering orphaned file USBCAMD2.sys (B330D) into directory file 9A47A.
Recovering orphaned file USBCAMD2.sys (B330D) into directory file 9A47A.
Recovering orphaned file usbcir.sys (B330E) into directory file 9A47A.
Recovering orphaned file usbcir.sys (B330E) into directory file 9A47A.
Skipping further messages about recovering orphans.
  7 unindexed files recovered to original directory.
Stage 3: Examining security descriptors ...
Inserting data attribute into file BC0E5.

Edited by aKay47, 01 December 2017 - 07:31 PM.

  • 0

#68
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,166 posts
Darn it. I am sorry. I must not have updated the link the last time that Sleepydude posted the update.

You can find the download for listchkdsk here.

Just click on > MBAR1.JPG
  • 0

#69
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

went to powershell and exported this if it helps. still no record of the chkdsk I ran today.. 

 

 

 
TimeCreated : 11/26/2017 1:59:23 PM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
             
             
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                        
             
              Stage 1: Examining basic file system structure ...
                868352 file records processed.                                                       
              File verification completed.
                16677 large file records processed.                                  
                0 bad file records processed.                                    
             
              Stage 2: Examining file name linkage ...
              Deleted invalid filename
              amd64_1a1b76a1097fb59d943d335c9135c937_31bf3856ad364e35_10.0.15063.608_non_c4268982c4eadc8d.manifest
              (C86EB) in directory 199.
              The NTFS file name attribute in file 0xc86eb is incorrect.
              61 00 6d 00 64 00 36 00 34 00 5f 00 31 00 61 00  a.m.d.6.4._.1.a.
              31 00 62 00 37 00 36 00 61 00 31 00 30 00 39 00  1.b.7.6.a.1.0.9.
              37 00 66 00 62 00 35 00 39 00 64 00 39 00 34 00  7.f.b.5.9.d.9.4.
              33 00 64 00 33 00 33 00 35 00 63 00 39 00 31 00  3.d.3.3.5.c.9.1.
              33 00 35 00 63 00 39 00 33 00 37 00 5f 00 33 00  3.5.c.9.3.7._.3.
              31 00 62 00 66 00 33 00 38 00 35 00 36 00 61 00  1.b.f.3.8.5.6.a.
              64 00 33 00 36 00 34 00 65 00 33 00 35 00 5f 00  d.3.6.4.e.3.5._.
              31 00 30 00 2e 00 30 00 2e 00 31 00 35 00 30 00  1.0...0...1.5.0.
              36 00 33 00 2e 00 36 00 30 00 38 00 5f 00 6e 00  6.3...6.0.8._.n.
              6f 00 6e 00 05 00 5f 00 63 00 34 00 32 00 36 00  o.n..._.c.4.2.6.
              38 00 39 00 38 00 32 00 63 00 34 00 65 00 61 00  8.9.8.2.c.4.e.a.
              64 00 63 00 38 00 64 00 2e 00 6d 00 61 00 6e 00  d.c.8.d...m.a.n.
              69 00 66 00 65 00 73 00 74 00 ?? ?? ?? ?? ?? ??  i.f.e.s.t.......
              There is no NTFS file name attribute in file 0xc86eb.
              Correcting minor file name errors in file C86EB.
              Unable to locate the file name attribute of index entry AM7034~1.MAN
              of index $I30 with parent 0x199 in file 0xc86eb.
              Deleting index entry AM7034~1.MAN in index $I30 of file 199.
              Unable to locate the file name attribute of index entry
              amd64_1a1b76a1097fb59d943d335c9135c937_31bf3856ad364e35_10.0.15063.608_none_c4268982c4eadc8d.manifest
              of index $I30 with parent 0x199 in file 0xc86eb.
              Deleting index entry
              amd64_1a1b76a1097fb59d943d335c9135c937_31bf3856ad364e35_10.0.15063.608_none_c4268982c4eadc8d.manifest in
              index $I30 of file 199.
                1074766 index entries processed.                                                      
              Index verification completed.
              CHKDSK is scanning unindexed files for reconnect to their original directory.
              Recovering orphaned file srchadmin.dll (A94D6) into directory file 9A433.
                2 unindexed files scanned.                                       
              Recovering orphaned file AM7034~1.MAN (C86EB) into directory file 199.
                2 unindexed files recovered to original directory.
                0 unindexed files recovered to lost and found.                   
             
              Stage 3: Examining security descriptors ...
              Cleaning up 309 unused index entries from index $SII of file 0x9.
              Cleaning up 309 unused index entries from index $SDH of file 0x9.
              Cleaning up 309 unused security descriptors.
              Security descriptor verification completed.
                103208 data files processed.                                          
              CHKDSK is verifying Usn Journal...
              Usn Journal verification completed.
              CHKDSK discovered free space marked as allocated in the volume bitmap.
             
              Windows has made corrections to the file system.
              No further action is required.
             
               704867485 KB total disk space.
               203746112 KB in 650749 files.
                  414188 KB in 103209 indexes.
                      52 KB in bad sectors.
                  964477 KB in use by the system.
                   65536 KB occupied by the log file.
               499742656 KB available on disk.
             
                    4096 bytes in each allocation unit.
               176216871 total allocation units on disk.
               124935664 allocation units available on disk.
             
              Internal Info:
              00 40 0d 00 52 80 0b 00 e7 90 14 00 00 00 00 00  [email protected]
              c8 12 00 00 95 02 00 00 00 00 00 00 00 00 00 00  ................
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             
TimeCreated : 11/5/2017 1:39:24 AM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
             
             
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                        
             
              Stage 1: Examining basic file system structure ...
                834304 file records processed.                                                       
              File verification completed.
                16075 large file records processed.                                  
                0 bad file records processed.                                    
             
              Stage 2: Examining file name linkage ...
              The multi-sector header signature for VCN 0x0 of index $I30
              in file 0x4e281 is incorrect.
              ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
              Correcting error in index $I30 for file 4E281.
              The index bitmap $I30 in file 0x4e281 is incorrect.
              CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 4E281.
              The down pointer of current index entry with length 0x18 is invalid.
              00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
              ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
              Sorting index $I30 in file 4E281.
              The multi-sector header signature for VCN 0x0 of index $I30
              in file 0x93a33 is incorrect.
              ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
              Correcting error in index $I30 for file 93A33.
              The index bitmap $I30 in file 0x93a33 is incorrect.
              CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 93A33.
              The down pointer of current index entry with length 0x18 is invalid.
              00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
              ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
              Sorting index $I30 in file 93A33.
                1038046 index entries processed.                                                      
              Index verification completed.
              CHKDSK is scanning unindexed files for reconnect to their original directory.
              Recovering orphaned file LOG (4E283) into directory file 4E281.
              Recovering orphaned file LOCK (4E29A) into directory file 4E281.
              Recovering orphaned file MANIFE~1 (4E2CB) into directory file 4E281.
              Recovering orphaned file MANIFEST-000001 (4E2CB) into directory file 4E281.
              Recovering orphaned file CURRENT (4E335) into directory file 4E281.
              Recovering orphaned file 000003.log (4EC25) into directory file 4E281.
              Recovering orphaned file LOG.old (790F1) into directory file 4E281.
              Recovering orphaned file lost (92B0F) into directory file 4E281.
              Recovering orphaned file Apps.index (93EB8) into directory file 93A33.
              Recovering orphaned file APPS~1.IND (93EB8) into directory file 93A33.
              Skipping further messages about recovering orphans.
                12 unindexed files scanned.                                       
                12 unindexed files recovered to original directory.
                0 unindexed files recovered to lost and found.                   
             
              Stage 3: Examining security descriptors ...
              Cleaning up 95 unused index entries from index $SII of file 0x9.
              Cleaning up 95 unused index entries from index $SDH of file 0x9.
              Cleaning up 95 unused security descriptors.
              Security descriptor verification completed.
                101872 data files processed.                                          
              CHKDSK is verifying Usn Journal...
              Read failure with status 0xc000009c at offset 0x250275d000 for 0x10000 bytes.
              Read failure with status 0xc000009c at offset 0x2502761000 for 0x1000 bytes.
              Usn Journal verification completed.
              Adding 1 bad clusters to the Bad Clusters File.
              Correcting errors in the Volume Bitmap.
             
              Windows has made corrections to the file system.
              No further action is required.
             
               704867485 KB total disk space.
               195906420 KB in 665751 files.
                  404236 KB in 101873 indexes.
                      48 KB in bad sectors.
                  929177 KB in use by the system.
                   65536 KB occupied by the log file.
               507627604 KB available on disk.
             
                    4096 bytes in each allocation unit.
               176216871 total allocation units on disk.
               126906901 allocation units available on disk.
             
              Internal Info:
              00 bb 0c 00 b5 b5 0b 00 9f da 14 00 00 00 00 00  ................
              da 12 00 00 96 02 00 00 00 00 00 00 00 00 00 00  ................
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             
TimeCreated : 10/23/2017 2:34:08 AM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
              Windows will now check the disk.                        
             
              Examining 1 corruption record ...
             
              Record 1 of 1: Corrupt File
              "\Windows\servicing\Packages\Package_2245_for_KB4041676~31bf3856ad364e35~amd64~~10.0.1.8.cat
              <0x2b,0xc07f0>" ... The record length 0x20048 is too large for attribute of type 0x80
              and instance tag 0x2 in file 0xc2bd3.  The maximum value is 0x1f8.
              Truncating badly linked attribute records
              from file record segment C2BD3.
              Deleted corrupt attribute list entry
              with type code 80 in file C07F0.
              Unable to locate attribute of type 0x80, lowest vcn 0x0,
              instance tag 0x2 in file 0xc2bd3.
              corruption found and fixed.
             
              1 corruption record processed in 0.2 seconds.
             
              Windows has fixed all previously identified issues with this drive.
              No further action is required.
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             
TimeCreated : 10/21/2017 3:30:46 AM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
             
             
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                        
             
              Stage 1: Examining basic file system structure ...
                834304 file records processed.                                                       
              File verification completed.
                17448 large file records processed.                                  
                0 bad file records processed.                                    
             
              Stage 2: Examining file name linkage ...
              The file reference 0xba000000030137 of index entry Local State of index $I30
              with parent 0x260d5 is not the same as 0xbb000000030137.
              Deleting index entry Local State in index $I30 of file 260D5.
              The file reference 0xba000000030137 of index entry LOCALS~1 of index $I30
              with parent 0x260d5 is not the same as 0xbb000000030137.
              Deleting index entry LOCALS~1 in index $I30 of file 260D5.
              Unable to locate the file name attribute of index entry FO05B3~1.DAT
              of index $I30 with parent 0xb4305 in file 0x42b7.
              Deleting index entry FO05B3~1.DAT in index $I30 of file B4305.
              Unable to locate the file name attribute of index entry FontCache-S-1-5-18.dat
              of index $I30 with parent 0xb4305 in file 0x42b7.
              Deleting index entry FontCache-S-1-5-18.dat in index $I30 of file B4305.
              The file reference 0xcd00000003b66a of index entry UPPS.bin of index $I30
              with parent 0xb8787 is not the same as 0xce00000003b66a.
              Deleting index entry UPPS.bin in index $I30 of file B8787.
                1030322 index entries processed.                                                      
              Index verification completed.
              CHKDSK is scanning unindexed files for reconnect to their original directory.
              Recovering orphaned file ~FONTC~4.DAT (42B7) into directory file B4305.
              Recovering orphaned file ~FontCache-S-1-5-18.dat (42B7) into directory file B4305.
              Recovering orphaned file UPPS.bin (30137) into directory file B8787.
                3 unindexed files scanned.                                       
              Recovering orphaned file SC5716~1.ETL (3B66A) into directory file B43A8.
              Recovering orphaned file ScreenOnPowerStudyTraceSession-2017-10-21-02-53-36.etl (3B66A) into directory
              file B43A8.
                3 unindexed files recovered to original directory.
                0 unindexed files recovered to lost and found.                   
             
              Stage 3: Examining security descriptors ...
              Cleaning up 230 unused index entries from index $SII of file 0x9.
              Cleaning up 230 unused index entries from index $SDH of file 0x9.
              Cleaning up 230 unused security descriptors.
              CHKDSK is compacting the security descriptor stream
              Security descriptor verification completed.
                98010 data files processed.                                          
              CHKDSK is verifying Usn Journal...
              Usn Journal verification completed.
              Correcting errors in the Volume Bitmap.
             
              Windows has made corrections to the file system.
              No further action is required.
             
               704867485 KB total disk space.
               200447992 KB in 653038 files.
                  380288 KB in 98013 indexes.
                      12 KB in bad sectors.
                  928773 KB in use by the system.
                   65536 KB occupied by the log file.
               503110420 KB available on disk.
             
                    4096 bytes in each allocation unit.
               176216871 total allocation units on disk.
               125777605 allocation units available on disk.
             
              Internal Info:
              00 bb 0c 00 fd 74 0b 00 13 ad 14 00 00 00 00 00  .....t..........
              b6 12 00 00 96 02 00 00 00 00 00 00 00 00 00 00  ................
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             

  • 0

#70
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,166 posts
Ugh... not good. Yes. That helps plenty. No need for the chkdsk that you ran today. You can see the evidence below.
 

TimeCreated : 10/21/2017 3:30:46 AM

12 KB in bad sectors.
 

TimeCreated : 11/5/2017 1:39:24 AM

48 KB in bad sectors.
 

TimeCreated : 11/26/2017 1:59:23 PM

52 KB in bad sectors.


At this point, it would be a waste of time to continue trying to remove the malware. These scans could just add more stress to the hard drive and send it over the edge sooner. Any number of bad sectors, being it 1, 50 or 100 on a hard drive is not good as far as I am concerned and the hard drive should be replaced for peace of mind. If you or the boys have any personal files on this computer that you can not live without, I would recommned that you copy them to an external means of storage as soon as possible and not add anymore till you had the drive replaced.
  • 0

Advertisements


#71
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

went to powershell and exported this if it helps. still no record of the chkdsk I ran today.. 

 

 

 
TimeCreated : 11/26/2017 1:59:23 PM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
             
             
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                        
             
              Stage 1: Examining basic file system structure ...
                868352 file records processed.                                                       
              File verification completed.
                16677 large file records processed.                                  
                0 bad file records processed.                                    
             
              Stage 2: Examining file name linkage ...
              Deleted invalid filename
              amd64_1a1b76a1097fb59d943d335c9135c937_31bf3856ad364e35_10.0.15063.608_non_c4268982c4eadc8d.manifest
              (C86EB) in directory 199.
              The NTFS file name attribute in file 0xc86eb is incorrect.
              61 00 6d 00 64 00 36 00 34 00 5f 00 31 00 61 00  a.m.d.6.4._.1.a.
              31 00 62 00 37 00 36 00 61 00 31 00 30 00 39 00  1.b.7.6.a.1.0.9.
              37 00 66 00 62 00 35 00 39 00 64 00 39 00 34 00  7.f.b.5.9.d.9.4.
              33 00 64 00 33 00 33 00 35 00 63 00 39 00 31 00  3.d.3.3.5.c.9.1.
              33 00 35 00 63 00 39 00 33 00 37 00 5f 00 33 00  3.5.c.9.3.7._.3.
              31 00 62 00 66 00 33 00 38 00 35 00 36 00 61 00  1.b.f.3.8.5.6.a.
              64 00 33 00 36 00 34 00 65 00 33 00 35 00 5f 00  d.3.6.4.e.3.5._.
              31 00 30 00 2e 00 30 00 2e 00 31 00 35 00 30 00  1.0...0...1.5.0.
              36 00 33 00 2e 00 36 00 30 00 38 00 5f 00 6e 00  6.3...6.0.8._.n.
              6f 00 6e 00 05 00 5f 00 63 00 34 00 32 00 36 00  o.n..._.c.4.2.6.
              38 00 39 00 38 00 32 00 63 00 34 00 65 00 61 00  8.9.8.2.c.4.e.a.
              64 00 63 00 38 00 64 00 2e 00 6d 00 61 00 6e 00  d.c.8.d...m.a.n.
              69 00 66 00 65 00 73 00 74 00 ?? ?? ?? ?? ?? ??  i.f.e.s.t.......
              There is no NTFS file name attribute in file 0xc86eb.
              Correcting minor file name errors in file C86EB.
              Unable to locate the file name attribute of index entry AM7034~1.MAN
              of index $I30 with parent 0x199 in file 0xc86eb.
              Deleting index entry AM7034~1.MAN in index $I30 of file 199.
              Unable to locate the file name attribute of index entry
              amd64_1a1b76a1097fb59d943d335c9135c937_31bf3856ad364e35_10.0.15063.608_none_c4268982c4eadc8d.manifest
              of index $I30 with parent 0x199 in file 0xc86eb.
              Deleting index entry
              amd64_1a1b76a1097fb59d943d335c9135c937_31bf3856ad364e35_10.0.15063.608_none_c4268982c4eadc8d.manifest in
              index $I30 of file 199.
                1074766 index entries processed.                                                      
              Index verification completed.
              CHKDSK is scanning unindexed files for reconnect to their original directory.
              Recovering orphaned file srchadmin.dll (A94D6) into directory file 9A433.
                2 unindexed files scanned.                                       
              Recovering orphaned file AM7034~1.MAN (C86EB) into directory file 199.
                2 unindexed files recovered to original directory.
                0 unindexed files recovered to lost and found.                   
             
              Stage 3: Examining security descriptors ...
              Cleaning up 309 unused index entries from index $SII of file 0x9.
              Cleaning up 309 unused index entries from index $SDH of file 0x9.
              Cleaning up 309 unused security descriptors.
              Security descriptor verification completed.
                103208 data files processed.                                          
              CHKDSK is verifying Usn Journal...
              Usn Journal verification completed.
              CHKDSK discovered free space marked as allocated in the volume bitmap.
             
              Windows has made corrections to the file system.
              No further action is required.
             
               704867485 KB total disk space.
               203746112 KB in 650749 files.
                  414188 KB in 103209 indexes.
                      52 KB in bad sectors.
                  964477 KB in use by the system.
                   65536 KB occupied by the log file.
               499742656 KB available on disk.
             
                    4096 bytes in each allocation unit.
               176216871 total allocation units on disk.
               124935664 allocation units available on disk.
             
              Internal Info:
              00 40 0d 00 52 80 0b 00 e7 90 14 00 00 00 00 00  [email protected]
              c8 12 00 00 95 02 00 00 00 00 00 00 00 00 00 00  ................
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             
TimeCreated : 11/5/2017 1:39:24 AM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
             
             
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                        
             
              Stage 1: Examining basic file system structure ...
                834304 file records processed.                                                       
              File verification completed.
                16075 large file records processed.                                  
                0 bad file records processed.                                    
             
              Stage 2: Examining file name linkage ...
              The multi-sector header signature for VCN 0x0 of index $I30
              in file 0x4e281 is incorrect.
              ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
              Correcting error in index $I30 for file 4E281.
              The index bitmap $I30 in file 0x4e281 is incorrect.
              CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 4E281.
              The down pointer of current index entry with length 0x18 is invalid.
              00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
              ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
              Sorting index $I30 in file 4E281.
              The multi-sector header signature for VCN 0x0 of index $I30
              in file 0x93a33 is incorrect.
              ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
              Correcting error in index $I30 for file 93A33.
              The index bitmap $I30 in file 0x93a33 is incorrect.
              CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 93A33.
              The down pointer of current index entry with length 0x18 is invalid.
              00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
              ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
              Sorting index $I30 in file 93A33.
                1038046 index entries processed.                                                      
              Index verification completed.
              CHKDSK is scanning unindexed files for reconnect to their original directory.
              Recovering orphaned file LOG (4E283) into directory file 4E281.
              Recovering orphaned file LOCK (4E29A) into directory file 4E281.
              Recovering orphaned file MANIFE~1 (4E2CB) into directory file 4E281.
              Recovering orphaned file MANIFEST-000001 (4E2CB) into directory file 4E281.
              Recovering orphaned file CURRENT (4E335) into directory file 4E281.
              Recovering orphaned file 000003.log (4EC25) into directory file 4E281.
              Recovering orphaned file LOG.old (790F1) into directory file 4E281.
              Recovering orphaned file lost (92B0F) into directory file 4E281.
              Recovering orphaned file Apps.index (93EB8) into directory file 93A33.
              Recovering orphaned file APPS~1.IND (93EB8) into directory file 93A33.
              Skipping further messages about recovering orphans.
                12 unindexed files scanned.                                       
                12 unindexed files recovered to original directory.
                0 unindexed files recovered to lost and found.                   
             
              Stage 3: Examining security descriptors ...
              Cleaning up 95 unused index entries from index $SII of file 0x9.
              Cleaning up 95 unused index entries from index $SDH of file 0x9.
              Cleaning up 95 unused security descriptors.
              Security descriptor verification completed.
                101872 data files processed.                                          
              CHKDSK is verifying Usn Journal...
              Read failure with status 0xc000009c at offset 0x250275d000 for 0x10000 bytes.
              Read failure with status 0xc000009c at offset 0x2502761000 for 0x1000 bytes.
              Usn Journal verification completed.
              Adding 1 bad clusters to the Bad Clusters File.
              Correcting errors in the Volume Bitmap.
             
              Windows has made corrections to the file system.
              No further action is required.
             
               704867485 KB total disk space.
               195906420 KB in 665751 files.
                  404236 KB in 101873 indexes.
                      48 KB in bad sectors.
                  929177 KB in use by the system.
                   65536 KB occupied by the log file.
               507627604 KB available on disk.
             
                    4096 bytes in each allocation unit.
               176216871 total allocation units on disk.
               126906901 allocation units available on disk.
             
              Internal Info:
              00 bb 0c 00 b5 b5 0b 00 9f da 14 00 00 00 00 00  ................
              da 12 00 00 96 02 00 00 00 00 00 00 00 00 00 00  ................
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             
TimeCreated : 10/23/2017 2:34:08 AM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
              Windows will now check the disk.                        
             
              Examining 1 corruption record ...
             
              Record 1 of 1: Corrupt File
              "\Windows\servicing\Packages\Package_2245_for_KB4041676~31bf3856ad364e35~amd64~~10.0.1.8.cat
              <0x2b,0xc07f0>" ... The record length 0x20048 is too large for attribute of type 0x80
              and instance tag 0x2 in file 0xc2bd3.  The maximum value is 0x1f8.
              Truncating badly linked attribute records
              from file record segment C2BD3.
              Deleted corrupt attribute list entry
              with type code 80 in file C07F0.
              Unable to locate attribute of type 0x80, lowest vcn 0x0,
              instance tag 0x2 in file 0xc2bd3.
              corruption found and fixed.
             
              1 corruption record processed in 0.2 seconds.
             
              Windows has fixed all previously identified issues with this drive.
              No further action is required.
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             
TimeCreated : 10/21/2017 3:30:46 AM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
             
             
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                        
             
              Stage 1: Examining basic file system structure ...
                834304 file records processed.                                                       
              File verification completed.
                17448 large file records processed.                                  
                0 bad file records processed.                                    
             
              Stage 2: Examining file name linkage ...
              The file reference 0xba000000030137 of index entry Local State of index $I30
              with parent 0x260d5 is not the same as 0xbb000000030137.
              Deleting index entry Local State in index $I30 of file 260D5.
              The file reference 0xba000000030137 of index entry LOCALS~1 of index $I30
              with parent 0x260d5 is not the same as 0xbb000000030137.
              Deleting index entry LOCALS~1 in index $I30 of file 260D5.
              Unable to locate the file name attribute of index entry FO05B3~1.DAT
              of index $I30 with parent 0xb4305 in file 0x42b7.
              Deleting index entry FO05B3~1.DAT in index $I30 of file B4305.
              Unable to locate the file name attribute of index entry FontCache-S-1-5-18.dat
              of index $I30 with parent 0xb4305 in file 0x42b7.
              Deleting index entry FontCache-S-1-5-18.dat in index $I30 of file B4305.
              The file reference 0xcd00000003b66a of index entry UPPS.bin of index $I30
              with parent 0xb8787 is not the same as 0xce00000003b66a.
              Deleting index entry UPPS.bin in index $I30 of file B8787.
                1030322 index entries processed.                                                      
              Index verification completed.
              CHKDSK is scanning unindexed files for reconnect to their original directory.
              Recovering orphaned file ~FONTC~4.DAT (42B7) into directory file B4305.
              Recovering orphaned file ~FontCache-S-1-5-18.dat (42B7) into directory file B4305.
              Recovering orphaned file UPPS.bin (30137) into directory file B8787.
                3 unindexed files scanned.                                       
              Recovering orphaned file SC5716~1.ETL (3B66A) into directory file B43A8.
              Recovering orphaned file ScreenOnPowerStudyTraceSession-2017-10-21-02-53-36.etl (3B66A) into directory
              file B43A8.
                3 unindexed files recovered to original directory.
                0 unindexed files recovered to lost and found.                   
             
              Stage 3: Examining security descriptors ...
              Cleaning up 230 unused index entries from index $SII of file 0x9.
              Cleaning up 230 unused index entries from index $SDH of file 0x9.
              Cleaning up 230 unused security descriptors.
              CHKDSK is compacting the security descriptor stream
              Security descriptor verification completed.
                98010 data files processed.                                          
              CHKDSK is verifying Usn Journal...
              Usn Journal verification completed.
              Correcting errors in the Volume Bitmap.
             
              Windows has made corrections to the file system.
              No further action is required.
             
               704867485 KB total disk space.
               200447992 KB in 653038 files.
                  380288 KB in 98013 indexes.
                      12 KB in bad sectors.
                  928773 KB in use by the system.
                   65536 KB occupied by the log file.
               503110420 KB available on disk.
             
                    4096 bytes in each allocation unit.
               176216871 total allocation units on disk.
               125777605 allocation units available on disk.
             
              Internal Info:
              00 bb 0c 00 fd 74 0b 00 13 ad 14 00 00 00 00 00  .....t..........
              b6 12 00 00 96 02 00 00 00 00 00 00 00 00 00 00  ................
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             

  • 0

#72
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

okey dokey   here is the chkdsk from today  thank you for the link from the Dude...

 

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
------< Log generate on 12/1/2017 10:21:22 PM >------
Category: 0
Computer Name: AprilKay
Event Code: 26226
Record Number: 52724
Source Name: Chkdsk
Time Written: 11-29-2017 @ 01:47:37
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Stage 1: Examining basic file system structure ...
    Found corrupt basic file structure for "\Users\April\AppData\Local\llssoft\winvmx\data659\Local Storage\https_content.shoprunner.com_0.localstorage-journal <0x9,0xbc0e5>"
        ... repaired online.
                                                                                      
  868352 file records processed.                                                       
File verification completed.
                                                                                      
  18401 large file records processed.                                  
                                                                                      
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
                                                                                      
  1074936 index entries processed.                                                      
Index verification completed.
    Found corrupt basic file structure for "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi\1.5.6.18_0\_metadata\VERIFI~1.JSO <0x9e,0x101da>"
        ... repaired online.
                                                                                      
    Found lost file "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Bookmarks <0x62,0x135d5>"; requesting reconnection to index "$I30" of directory "\Users\April\AppData\Local\Google\Chrome\User Data\Default <0x7,0x260dc>"
        ... repaired online.
    Found lost file "\Windows\WinSxS\Temp\InFlight\f24e699c925ed301eb0800003c123819\amd64_netfx4-clr_dll_b03f5f7f11d50a3a_4.0.14917.141_none_52ff0b27b0608d82\clr.dll <0x15,0x8a724>"; requesting reconnection to index "$I30" of directory "\Windows\Microsoft.NET\Framework64\v4.0.30319 <0xf,0x9a383>"
        ... repaired online.
    Found lost file "\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.15063.0_none_5f465bd4c3d3daff\fhuxadapter.dll <0x7,0xa864c>"; requesting reconnection to index "$I30" of directory "\Windows\System32 <0xf,0x9a433>"
        ... repaired online.
    Found 3 missing entries (\Windows\WinSxS\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_10.0.15063.0_none_b09c3ac9b109c7c5\USBCAMD2.sys <0x1,0xb330d>, ...) in index "$I30" of directory "\Windows\System32\drivers <0xf,0x9a47a>"
        ... repaired online.
    Found a file "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi\1.5.6.18_0\_metadata\verified_contents.json <0x9e,0x101da>" with bad links
        ... repaired online.
                                                                                      

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                      
  103294 data files processed.                                          
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has found problems and some were fixed online;
the remaining problems must be fixed offline.
Please run "chkdsk /f" to fix the issues.
 704867485 KB total disk space.
 220598544 KB in 656613 files.
    402348 KB in 103294 indexes.
    964629 KB in use by the system.
     65536 KB occupied by the log file.
 482901908 KB available on disk.
      4096 bytes in each allocation unit.
 176216871 total allocation units on disk.
 120725477 allocation units available on disk.
----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
The attribute of type 0x80 and instance tag 0x4 in file 0xbc0e5
has allocated length of 0x95000000000000 instead of 0x0.
Deleting corrupt attribute record (0x80, "")
from file record segment 0xBC0E5.
Stage 2: Examining file name linkage ...
CHKDSK is scanning unindexed files for reconnect to their original directory.
There is no NTFS file name attribute in file 0x101da.
Correcting minor file name errors in file 101DA.
Recovering orphaned file Bookmarks (135D5) into directory file 260DC.
Recovering orphaned file Bookmarks (135D5) into directory file 260DC.
Recovering orphaned file clr.dll (8A724) into directory file 9A383.
Recovering orphaned file clr.dll (8A724) into directory file 9A383.
Recovering orphaned file fhuxadapter.dll (A864C) into directory file 9A433.
Recovering orphaned file fhuxadapter.dll (A864C) into directory file 9A433.
Recovering orphaned file USBCAMD2.sys (B330D) into directory file 9A47A.
Recovering orphaned file USBCAMD2.sys (B330D) into directory file 9A47A.
Recovering orphaned file usbcir.sys (B330E) into directory file 9A47A.
Recovering orphaned file usbcir.sys (B330E) into directory file 9A47A.
Skipping further messages about recovering orphans.
  7 unindexed files recovered to original directory.
Stage 3: Examining security descriptors ...
Inserting data attribute into file BC0E5.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 52619
Source Name: Chkdsk
Time Written: 11-29-2017 @ 00:44:43
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolumeShadowCopy15
The specified object was not found.
A snapshot error occured while scanning this drive. Run an offline scan and fix.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 52618
Source Name: Chkdsk
Time Written: 11-29-2017 @ 00:44:43
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi\1.5.6.18_0\_metadata\verified_contents.json <0x9e,0x101da>" ... no corruption found.
1 corruption record processed in 0.4 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 52445
Source Name: Chkdsk
Time Written: 11-28-2017 @ 21:37:15
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "\Windows\WinSxS\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_10.0.15063.0_none_b09c3ac9b109c7c5\USBCAMD2.sys <0x1,0xb330d>" ... no corruption found.
1 corruption record processed in 0.2 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 52372
Source Name: Chkdsk
Time Written: 11-28-2017 @ 20:53:41
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 11 corruption records ...
Record 1 of 11: Bad index "$I30" in directory "\Users\April\AppData\Local\Google\Chrome\User Data\PepperFlash <0x7,0x26124>" ... no corruption found.
Record 2 of 11: Corrupt File "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Bookmarks <0x62,0x135d5>" ... no corruption found.
Record 3 of 11: Bad index "$I30" in directory "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB <0x3d,0x4c7ef>" ... no corruption found.
Record 4 of 11: Corrupt File "\Windows\WinSxS\Temp\InFlight\f24e699c925ed301eb0800003c123819\amd64_netfx4-clr_dll_b03f5f7f11d50a3a_4.0.14917.141_none_52ff0b27b0608d82\clr.dll <0x15,0x8a724>" ... no corruption found.
Record 5 of 11: Unneeded index entry in index "$I30" of directory "\Windows\System32 <0xf,0x9a433>" ... no corruption found.
Record 6 of 11: Corrupt File "\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.15063.0_none_5f465bd4c3d3daff\fhuxadapter.dll <0x7,0xa864c>" ... no corruption found.
Record 7 of 11: Bad index "$I30" in directory "\Users\April\AppData\Local\Microsoft\Windows Media\data693\IndexedDB\https_fw.adsafeprotected.com_0.indexeddb.leveldb <0x10,0xbdeaa>" ... no corruption found.
Record 8 of 11: Corrupt File "\Windows\WinSxS\amd64_usbcir.inf_31bf3856ad364e35_10.0.15063.0_none_af5b70793550c701\usbcir.sys <0x1,0xb330e>" ... no corruption found.
Record 9 of 11: Corrupt File "\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 <0x14,0x91ecc>" ... no corruption found.
Record 10 of 11: Unneeded index entry in index "$I30" of directory "\Windows\System32\WDI\LogFiles <0xe,0x9abe1>" ... no corruption found.
Record 11 of 11: Corrupt File "\Windows\WinSxS\amd64_usbprint.inf_31bf3856ad364e35_10.0.15063.0_none_440d9ba3fa38b486\usbprint.sys <0x1,0xb330f>" ... no corruption found.
11 corruption records processed in 2.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26226
Record Number: 51929
Source Name: Chkdsk
Time Written: 11-27-2017 @ 21:56:17
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Stage 1: Examining basic file system structure ...
                                                                                      
  868352 file records processed.                                                       
File verification completed.
                                                                                      
  16967 large file records processed.                                  
                                                                                      
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
    Found corruption in index "$I30" of directory "\Users\April\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{61b17624-9abc-49ce-b0d4-9ceeeeefa6e5} <0xae,0x387d>"
        ... queued for offline repair.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ÿÿÿÿÿÿÿÿ........
    Found a mis-ordered index "$I30" from directory "\Users\April\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{61b17624-9abc-49ce-b0d4-9ceeeeefa6e5} <0xae,0x387d>"
        ... queued for offline repair.
                                                                                      
  1074880 index entries processed.                                                      
Index verification completed.
                                                                                      
    Found 5 missing entries (\Users\April\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{61b17624-9abc-49ce-b0d4-9ceeeeefa6e5}\0.0.filtertrie.intermediate.txt <0x1f4,0x277e>, ...) in index "$I30" of directory "\Users\April\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{61b17624-9abc-49ce-b0d4-9ceeeeefa6e5} <0xae,0x387d>"
        ... queued for offline repair.
                                                                                      

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                      
  103265 data files processed.                                          
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has found problems that must be fixed offline.
Please run "chkdsk /spotfix" to fix the issues.
 704867485 KB total disk space.
 217995316 KB in 652467 files.
    401228 KB in 103266 indexes.
    964521 KB in use by the system.
     65536 KB occupied by the log file.
 485506364 KB available on disk.
      4096 bytes in each allocation unit.
 176216871 total allocation units on disk.
 121376591 allocation units available on disk.
----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
Stage 2: Examining file name linkage ...
The multi-sector header signature for VCN 0x0 of index $I30
in file 0x387d is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ÿÿÿÿÿÿÿÿ........
Correcting error in index $I30 for file 387D.
The index bitmap $I30 in file 0x387d is incorrect.
CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 387D.
Sorting index $I30 in file 387D.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file 00FILT~1.TXT (277E) into directory file 387D.
Recovering orphaned file 0.0.filtertrie.intermediate.txt (277E) into directory file 387D.
Recovering orphaned file 00FILT~1.TXT (277E) into directory file 387D.
Recovering orphaned file 0.0.filtertrie.intermediate.txt (277E) into directory file 387D.
Recovering orphaned file 01FILT~1.TXT (34E2) into directory file 387D.
Recovering orphaned file 0.1.filtertrie.intermediate.txt (34E2) into directory file 387D.
Recovering orphaned file 01FILT~1.TXT (34E2) into directory file 387D.
Recovering orphaned file 0.1.filtertrie.intermediate.txt (34E2) into directory file 387D.
Recovering orphaned file 02FILT~1.TXT (34F1) into directory file 387D.
Recovering orphaned file 0.2.filtertrie.intermediate.txt (34F1) into directory file 387D.
Skipping further messages about recovering orphans.
  5 unindexed files recovered to original directory.
Stage 3: Examining security descriptors ...
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 51833
Source Name: Chkdsk
Time Written: 11-27-2017 @ 08:45:09
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Bad index "$I30" in directory "\Users\April\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{61b17624-9abc-49ce-b0d4-9ceeeeefa6e5} <0xae,0x387d>" ... The multi-sector header signature for VCN 0x0 of index $I30
in file 0x387d is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ÿÿÿÿÿÿÿÿ........
corruption found.
1 corruption record processed in 0.3 seconds.
Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 51367
Source Name: Chkdsk
Time Written: 11-27-2017 @ 01:41:47
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Bad index "$I30" in directory "\Users\April\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{61b17624-9abc-49ce-b0d4-9ceeeeefa6e5} <0xae,0x387d>" ... The multi-sector header signature for VCN 0x0 of index $I30
in file 0x387d is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ÿÿÿÿÿÿÿÿ........
corruption found.
1 corruption record processed in 0.3 seconds.
Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 51232
Source Name: Chkdsk
Time Written: 11-26-2017 @ 23:43:02
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Bad index "$I30" in directory "\Users\April\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{61b17624-9abc-49ce-b0d4-9ceeeeefa6e5} <0xae,0x387d>" ... The multi-sector header signature for VCN 0x0 of index $I30
in file 0x387d is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ÿÿÿÿÿÿÿÿ........
corruption found.
1 corruption record processed in 0.2 seconds.
Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 1001
Record Number: 50923
Source Name: Microsoft-Windows-Wininit
Time Written: 11-26-2017 @ 21:59:23
Event Type: Information
User:
Message:
Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        
Stage 1: Examining basic file system structure ...
  868352 file records processed.                                                       
File verification completed.
  16677 large file records processed.                                  
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
Deleted invalid filename amd64_1a1b76a1097fb59d943d335c9135c937_31bf3856ad364e35_10.0.15063.608_non_c4268982c4eadc8d.manifest (C86EB) in directory 199.
The NTFS file name attribute in file 0xc86eb is incorrect.
61 00 6d 00 64 00 36 00 34 00 5f 00 31 00 61 00  a.m.d.6.4._.1.a.
31 00 62 00 37 00 36 00 61 00 31 00 30 00 39 00  1.b.7.6.a.1.0.9.
37 00 66 00 62 00 35 00 39 00 64 00 39 00 34 00  7.f.b.5.9.d.9.4.
33 00 64 00 33 00 33 00 35 00 63 00 39 00 31 00  3.d.3.3.5.c.9.1.
33 00 35 00 63 00 39 00 33 00 37 00 5f 00 33 00  3.5.c.9.3.7._.3.
31 00 62 00 66 00 33 00 38 00 35 00 36 00 61 00  1.b.f.3.8.5.6.a.
64 00 33 00 36 00 34 00 65 00 33 00 35 00 5f 00  d.3.6.4.e.3.5._.
31 00 30 00 2e 00 30 00 2e 00 31 00 35 00 30 00  1.0...0...1.5.0.
36 00 33 00 2e 00 36 00 30 00 38 00 5f 00 6e 00  6.3...6.0.8._.n.
6f 00 6e 00 05 00 5f 00 63 00 34 00 32 00 36 00  o.n..._.c.4.2.6.
38 00 39 00 38 00 32 00 63 00 34 00 65 00 61 00  8.9.8.2.c.4.e.a.
64 00 63 00 38 00 64 00 2e 00 6d 00 61 00 6e 00  d.c.8.d...m.a.n.
69 00 66 00 65 00 73 00 74 00 ?? ?? ?? ?? ?? ??  i.f.e.s.t.......
There is no NTFS file name attribute in file 0xc86eb.
Correcting minor file name errors in file C86EB.
Unable to locate the file name attribute of index entry AM7034~1.MAN
of index $I30 with parent 0x199 in file 0xc86eb.
Deleting index entry AM7034~1.MAN in index $I30 of file 199.
Unable to locate the file name attribute of index entry amd64_1a1b76a1097fb59d943d335c9135c937_31bf3856ad364e35_10.0.15063.608_none_c4268982c4eadc8d.manifest
of index $I30 with parent 0x199 in file 0xc86eb.
Deleting index entry amd64_1a1b76a1097fb59d943d335c9135c937_31bf3856ad364e35_10.0.15063.608_none_c4268982c4eadc8d.manifest in index $I30 of file 199.
  1074766 index entries processed.                                                      
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file srchadmin.dll (A94D6) into directory file 9A433.
  2 unindexed files scanned.                                       
Recovering orphaned file AM7034~1.MAN (C86EB) into directory file 199.
  2 unindexed files recovered to original directory.
  0 unindexed files recovered to lost and found.                   

Stage 3: Examining security descriptors ...
Cleaning up 309 unused index entries from index $SII of file 0x9.
Cleaning up 309 unused index entries from index $SDH of file 0x9.
Cleaning up 309 unused security descriptors.
Security descriptor verification completed.
  103208 data files processed.                                          
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
No further action is required.
 704867485 KB total disk space.
 203746112 KB in 650749 files.
    414188 KB in 103209 indexes.
        52 KB in bad sectors.
    964477 KB in use by the system.
     65536 KB occupied by the log file.
 499742656 KB available on disk.
      4096 bytes in each allocation unit.
 176216871 total allocation units on disk.
 124935664 allocation units available on disk.
Internal Info:
00 40 0d 00 52 80 0b 00 e7 90 14 00 00 00 00 00  [email protected]
c8 12 00 00 95 02 00 00 00 00 00 00 00 00 00 00  ................
Windows has finished checking your disk.
Please wait while your computer restarts.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 50232
Source Name: Chkdsk
Time Written: 11-24-2017 @ 23:09:18
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume6
Volume label is RECOVERY.
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "\EFI\Microsoft <0x1,0x72>" ... no corruption found.
1 corruption record processed in 0.2 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 49346
Source Name: Chkdsk
Time Written: 11-18-2017 @ 06:44:39
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 4 corruption records ...
Record 1 of 4: Corrupt File "\Users\April\AppData\Roaming\uTorrent <0x33,0x533d>" ... no corruption found.
Record 2 of 4: Unneeded index entry in index "$I30" of directory "\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy <0x10,0x9ad0d>" ... no corruption found.
Record 3 of 4: Unneeded index entry in index "$I30" of directory "\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_2 <0x8c,0x6c50>" ... no corruption found.
Record 4 of 4: Unneeded index entry in index "$I30" of directory "\Users\April\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData <0x7,0x1616b>" ... no corruption found.
4 corruption records processed in 5.5 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 48798
Source Name: Chkdsk
Time Written: 11-16-2017 @ 02:16:33
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 5 corruption records ...
Record 1 of 5: Corrupt File "\Users\April\AppData\Local\Packages\Microsoft.XboxOneSmartGlass_8wekyb3d8bbwe\RoamingState <0x4,0xb6fcc>" ... no corruption found.
Record 2 of 5: Corrupt File "\Windows\WinSxS\amd64_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.15063.0_none_82d05362560756a9\srchadmin.dll <0x9,0xa94d6>" ... no corruption found.
Record 3 of 5: Unneeded index entry in index "$I30" of directory "\Users\April\AppData\Local\Microsoft\Windows\INetCookies\Low <0x7,0x164ca>" ... no corruption found.
Record 4 of 5: Unneeded index entry in index "$I30" of directory "\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_neutral_split.scale-100_kzf8qxf38zg5c <0x5b,0x6d56c>" ... no corruption found.
Record 5 of 5: Unneeded index entry in index "$I30" of directory "\Users\April\AppData\Local\Google\Chrome\User Data\Default <0x7,0x260dc>" ... no corruption found.
5 corruption records processed in 5.5 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26226
Record Number: 47362
Source Name: Chkdsk
Time Written: 11-05-2017 @ 22:16:55
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Stage 1: Examining basic file system structure ...
                                                                                      
  834304 file records processed.                                                       
File verification completed.
                                                                                      
  16072 large file records processed.                                  
                                                                                      
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
                                                                                      
  1038008 index entries processed.                                                      
Index verification completed.
                                                                                      
    Found lost file "\Users\April\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.toysrus.com_0 <0x5c,0x95dc7>"; requesting reconnection to index "$I30" of directory "\Users\April\AppData\Local\Google\Chrome\User Data\Default\databases <0x4,0x9b7>"
        ... repaired online.
    Found lost file "\Users\April\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D237426009EE0F53ADECD7FCEBA7288C_A2C81D5E8BBD99E53F1B09A1B2789522 <0x1c4,0x928fb>"; requesting reconnection to index "$I30" of directory "\Users\April\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData <0x7,0x1616b>"
        ... repaired online.
    Found lost file "\Users\April\AppData\Local\Google\Chrome\User Data\Default\File System\114 <0x33,0x5cef6>"; requesting reconnection to index "$I30" of directory "\Users\April\AppData\Local\Google\Chrome\User Data\Default\File System <0x12,0x9ad>"
        ... repaired online.
    Found lost file "\Users\April\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.rei.com_0\83 <0x40,0x95dc4>"; requesting reconnection to index "$I30" of directory "\Users\April\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.rei.com_0 <0x58,0x95dc2>"
        ... repaired online.
                                                                                      

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                      
  101853 data files processed.                                          
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has found problems and some were fixed online;
the remaining problems must be fixed offline.
Please run "chkdsk /f" to fix the issues.
 704867485 KB total disk space.
 202434232 KB in 663422 files.
    402080 KB in 101854 indexes.
    929189 KB in use by the system.
     65536 KB occupied by the log file.
 501101936 KB available on disk.
      4096 bytes in each allocation unit.
 176216871 total allocation units on disk.
 125275484 allocation units available on disk.
----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
Stage 2: Examining file name linkage ...
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file 114 (5CEF6) into directory file 9AD.
Recovering orphaned file 114 (5CEF6) into directory file 9AD.
Recovering orphaned file D237426009EE0F53ADECD7FCEBA7288C_A2C81D5E8BBD99E53F1B09A1B2789522 (928FB) into directory file 1616B.
Recovering orphaned file D237426009EE0F53ADECD7FCEBA7288C_A2C81D5E8BBD99E53F1B09A1B2789522 (928FB) into directory file 1616B.
Recovering orphaned file 83 (95DC4) into directory file 95DC2.
Recovering orphaned file 83 (95DC4) into directory file 95DC2.
Recovering orphaned file https_www.toysrus.com_0 (95DC7) into directory file 9B7.
Recovering orphaned file https_www.toysrus.com_0 (95DC7) into directory file 9B7.
  4 unindexed files recovered to original directory.
Stage 3: Examining security descriptors ...
-----------------------------------------------------------------------
Category: 0
Computer Name: APRILKAY
Event Code: 1001
Record Number: 47077
Source Name: Microsoft-Windows-Wininit
Time Written: 11-05-2017 @ 09:39:24
Event Type: Information
User:
Message:
Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        
Stage 1: Examining basic file system structure ...
  834304 file records processed.                                                       
File verification completed.
  16075 large file records processed.                                  
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
The multi-sector header signature for VCN 0x0 of index $I30
in file 0x4e281 is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
Correcting error in index $I30 for file 4E281.
The index bitmap $I30 in file 0x4e281 is incorrect.
CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 4E281.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
Sorting index $I30 in file 4E281.
The multi-sector header signature for VCN 0x0 of index $I30
in file 0x93a33 is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
Correcting error in index $I30 for file 93A33.
The index bitmap $I30 in file 0x93a33 is incorrect.
CHKDSK discovered free space marked as allocated in the bitmap for index $I30 for file 93A33.
The down pointer of current index entry with length 0x18 is invalid.
00 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00  ................
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ................
Sorting index $I30 in file 93A33.
  1038046 index entries processed.                                                      
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file LOG (4E283) into directory file 4E281.
Recovering orphaned file LOCK (4E29A) into directory file 4E281.
Recovering orphaned file MANIFE~1 (4E2CB) into directory file 4E281.
Recovering orphaned file MANIFEST-000001 (4E2CB) into directory file 4E281.
Recovering orphaned file CURRENT (4E335) into directory file 4E281.
Recovering orphaned file 000003.log (4EC25) into directory file 4E281.
Recovering orphaned file LOG.old (790F1) into directory file 4E281.
Recovering orphaned file lost (92B0F) into directory file 4E281.
Recovering orphaned file Apps.index (93EB8) into directory file 93A33.
Recovering orphaned file APPS~1.IND (93EB8) into directory file 93A33.
Skipping further messages about recovering orphans.
  12 unindexed files scanned.                                       
  12 unindexed files recovered to original directory.
  0 unindexed files recovered to lost and found.                   

Stage 3: Examining security descriptors ...
Cleaning up 95 unused index entries from index $SII of file 0x9.
Cleaning up 95 unused index entries from index $SDH of file 0x9.
Cleaning up 95 unused security descriptors.
Security descriptor verification completed.
  101872 data files processed.                                          
CHKDSK is verifying Usn Journal...
Read failure with status 0xc000009c at offset 0x250275d000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2502761000 for 0x1000 bytes.
Usn Journal verification completed.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
No further action is required.
 704867485 KB total disk space.
 195906420 KB in 665751 files.
    404236 KB in 101873 indexes.
        48 KB in bad sectors.
    929177 KB in use by the system.
     65536 KB occupied by the log file.
 507627604 KB available on disk.
      4096 bytes in each allocation unit.
 176216871 total allocation units on disk.
 126906901 allocation units available on disk.
Internal Info:
00 bb 0c 00 b5 b5 0b 00 9f da 14 00 00 00 00 00  ................
da 12 00 00 96 02 00 00 00 00 00 00 00 00 00 00  ................
Windows has finished checking your disk.
Please wait while your computer restarts.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 47056
Source Name: Chkdsk
Time Written: 11-05-2017 @ 03:42:17
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Bad index "$I30" in directory "\Users\April\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b4f012b7-a6f5-4c23-b91b-f33dace0a0bb} <0x50,0x93a33>" ... The multi-sector header signature for VCN 0x0 of index $I30
in file 0x93a33 is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ÿÿÿÿÿÿÿÿ........
corruption found.
1 corruption record processed in 0.4 seconds.
Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 46881
Source Name: Chkdsk
Time Written: 11-02-2017 @ 16:09:32
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Bad index "$I30" in directory "\Users\April\AppData\Local\Microsoft\Windows Media\data2234\File System\Origins <0xb5,0x4e281>" ... The multi-sector header signature for VCN 0x0 of index $I30
in file 0x4e281 is incorrect.
ff ff ff ff ff ff ff ff ?? ?? ?? ?? ?? ?? ?? ??  ÿÿÿÿÿÿÿÿ........
corruption found.
1 corruption record processed in 0.6 seconds.
Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26226
Record Number: 45228
Source Name: Chkdsk
Time Written: 10-23-2017 @ 11:24:30
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Stage 1: Examining basic file system structure ...
                                                                                      
  834304 file records processed.                                                       
File verification completed.
                                                                                      
  17445 large file records processed.                                  
                                                                                      
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
                                                                                      
  1030182 index entries processed.                                                      
Index verification completed.
                                                                                      
                                                                                      
    Found 2 lost files (...\f_000143 <0xe2,0x14b4e>, \Users\April\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log <0x10,0x8de47>); requesting reconnection to index "$I30" of directory "\Device\HarddiskVolume4\found.004"
        ... repaired online.
    Found lost file "\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.6.0.5_neutral__6e5tt8cgb93ep\InkHelp\html\Portuguese (Brazil)\images\140xxlbk.gif <0x7,0x88134>"; requesting reconnection to index "$I30" of directory "\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.6.0.5_neutral__6e5tt8cgb93ep\InkHelp\html\Portuguese (Brazil)\images <0x5,0x8812b>"
        ... repaired online.
    Found lost file "\Users\April\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ed23e79780a73a5c\120712-0049\UserTiles\5a197e7dc07786 <0xb,0x43b5>"; requesting reconnection to index "$I30" of directory "\Users\April\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ed23e79780a73a5c\120712-0049\UserTiles <0xc,0x24b8b>"
        ... repaired online.
    Found lost file "\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.15063.608_none_0fa08b50d7561cb0\WerFault.exe <0x12,0x9eebe>"; requesting reconnection to index "$I30" of directory "\Windows\SysWOW64 <0x10,0x9ae25>"
        ... repaired online.
    Found lost file "\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1981_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat <0x41,0x8de44>"; requesting reconnection to index "$I30" of directory "\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} <0x12,0x9a445>"
        ... repaired online.
    Found lost file "\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver.resources_31bf3856ad364e35_10.0.15063.0_en-us_9a17e38dfb1cbeea\tcpip.sys.mui <0xb,0xa3462>"; requesting reconnection to index "$I30" of directory "\Windows\System32\drivers\en-US <0x17,0x9a47b>"
        ... repaired online.
    Found lost file "\Users\April\AppData\Local\Packages\Facebook.Facebook_8xx8rvfyw5nnt\LocalState\Documents\_sessionlessStore\feedback_reaction_settings_pkvs.enen_US.v405aa42378474c4a4ec44a02737f870fc853c4f5\manifest_v1.sqlite-wal <0x39,0x91b1a>"; requesting reconnection to index "$I30" of directory "\Users\April\AppData\Local\Packages\Facebook.Facebook_8xx8rvfyw5nnt\LocalState\Documents\_sessionlessStore\feedback_reaction_settings_pkvs.enen_US.v405aa42378474c4a4ec44a02737f870fc853c4f5 <0x6d,0x91dc1>"
        ... repaired online.
    Found lost file "\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.100.600.0_x86__kgqvnymyfvs32\res_output\shared\castle\levels\koc52_4.json <0x67,0x2841d>"; requesting reconnection to index "$I30" of directory "\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.100.600.0_x86__kgqvnymyfvs32\res_output\shared\castle\levels <0x6f,0x8a515>"
        ... repaired online.
    Found lost file "\Program Files\WindowsApps\Facebook.Facebook_140.1118.22941.0_x86__8xx8rvfyw5nnt\WinUAPEntry.resources\assets\RKJSModules\Apps\AdsManager\ui\images\[email protected] <0x19,0x6ce8d>"; requesting reconnection to index "$I30" of directory "\Program Files\WindowsApps\Facebook.Facebook_140.1118.22941.0_x86__8xx8rvfyw5nnt\WinUAPEntry.resources\assets\RKJSModules\Apps\AdsManager\ui\images <0x115,0x616a>"
        ... repaired online.
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                      
  97940 data files processed.                                          
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has found problems and some were fixed online;
the remaining problems must be fixed offline.
Please run "chkdsk /f" to fix the issues.
 704867485 KB total disk space.
 213449352 KB in 649359 files.
    378280 KB in 97942 indexes.
    928785 KB in use by the system.
     65536 KB occupied by the log file.
 490111056 KB available on disk.
      4096 bytes in each allocation unit.
 176216871 total allocation units on disk.
 122527764 allocation units available on disk.
----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
Stage 2: Examining file name linkage ...
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file 5a197e7dc07786 (43B5) into directory file 24B8B.
Recovering orphaned file 5a197e7dc07786 (43B5) into directory file 24B8B.
Recovering orphaned file koc40_4.json (2841D) into directory file 8A515.
Recovering orphaned file koc40_4.json (2841D) into directory file 8A515.
Recovering orphaned file [email protected] (6CE8D) into directory file 616A.
Recovering orphaned file [email protected] (6CE8D) into directory file 616A.
Recovering orphaned file 140xxlbk.gif (88134) into directory file 8812B.
Recovering orphaned file 140xxlbk.gif (88134) into directory file 8812B.
Recovering orphaned file Package_1981_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat (8DE44) into directory file 9A445.
Recovering orphaned file Package_1981_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat (8DE44) into directory file 9A445.
Skipping further messages about recovering orphans.
  8 unindexed files recovered to original directory.
CHKDSK is recovering remaining unindexed files.
    Lost and found is located at \found.004

Stage 3: Examining security descriptors ...
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26226
Record Number: 45068
Source Name: Chkdsk
Time Written: 10-23-2017 @ 09:22:10
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Stage 1: Examining basic file system structure ...
Unable to initialize an extent list for attribute type 0x80 with
instance tag 0x3.
    Found corrupt basic file structure for "\Windows\WinSxS\wow64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.15063.0_none_ca5918b733df3b74\fwcfg.dll <0x9,0xa8693>"
        ... repaired online.
    Found corrupt basic file structure for "\Windows\servicing\Packages\Package_2245_for_KB4041676~31bf3856ad364e35~amd64~~10.0.1.8.cat <0x2b,0xc07f0>"
        ... queued for offline repair.
                                                                                      
  834304 file records processed.                                                       
File verification completed.
                                                                                      
  17446 large file records processed.                                  
                                                                                      
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
Deleting corrupt attribute record (0x80, "")
from file record segment 0xA8693.
The record length 0x20048 is too large for attribute of type 0x80
and instance tag 0x2 in file 0xc2bd3.  The maximum value is 0x1f8.
Truncating badly linked attribute records
from file record segment C2BD3.
Deleted corrupt attribute list entry
with type code 80 in file C07F0.
Unable to locate attribute of type 0x80, lowest vcn 0x0,
instance tag 0x2 in file 0xc2bd3.
Stage 2: Examining file name linkage ...
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 44992
Source Name: Chkdsk
Time Written: 10-23-2017 @ 08:46:54
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "\Windows\servicing\Packages\Package_2245_for_KB4041676~31bf3856ad364e35~amd64~~10.0.1.8.cat <0x2b,0xc07f0>" ... The record length 0x20048 is too large for attribute of type 0x80
and instance tag 0x2 in file 0xc2bd3.  The maximum value is 0x1f8.
Truncating badly linked attribute records
from file record segment C2BD3.
Attribute list entry with type code 80 in file C07F0 is corrupt.
Unable to locate attribute of type 0x80, lowest vcn 0x0,
instance tag 0x2 in file 0xc2bd3.
corruption found.
1 corruption record processed in 0.6 seconds.
Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 44813
Source Name: Chkdsk
Time Written: 10-23-2017 @ 00:43:22
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "\Users\April\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ed23e79780a73a5c\120712-0049\UserTiles\5a197e7dc07786 <0xb,0x43b5>" ... no corruption found.
1 corruption record processed in 0.3 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 44797
Source Name: Chkdsk
Time Written: 10-23-2017 @ 00:39:52
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 6 corruption records ...
Record 1 of 6: Corrupt File "\Users\April\AppData\Local\Packages\Facebook.Facebook_8xx8rvfyw5nnt\LocalState\Documents\proxy_video_watching_time_tracker <0x132,0x43b7>" ... no corruption found.
Record 2 of 6: Unneeded index entry in index "$I30" of directory "\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.100.600.0_x86__kgqvnymyfvs32\res_output\shared\castle\levels <0x6f,0x8a515>" ... no corruption found.
Record 3 of 6: Bad index "$I30" in directory "\Users\April\Desktop\Tor Browser\Browser\browser\VisualElements <0x7e,0x4d912>" ... no corruption found.
Record 4 of 6: Bad subtree in index "$I30" of directory "\ProgramData\Microsoft\Windows\WER\Temp <0x45a,0x296a>" ... no corruption found.
Record 5 of 6: Corrupt File "\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.100.600.0_x86__kgqvnymyfvs32\res_output\shared\castle\levels\koc52_4.json <0x67,0x2841d>" ... no corruption found.
Record 6 of 6: Corrupt File "\Users\April\AppData\Local\Packages\Facebook.Facebook_8xx8rvfyw5nnt\LocalState\Documents\_sessionlessStore\feedback_reaction_settings_pkvs.enen_US.v405aa42378474c4a4ec44a02737f870fc853c4f5\manifest_v1.sqlite-wal <0x39,0x91b1a>" ... no corruption found.
6 corruption records processed in 2.4 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 44558
Source Name: Chkdsk
Time Written: 10-22-2017 @ 23:06:30
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1981_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat <0x41,0x8de44>" ... no corruption found.
1 corruption record processed in 4.5 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 44545
Source Name: Chkdsk
Time Written: 10-22-2017 @ 23:02:34
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.
A snapshot error occured while scanning this drive. You can try again, but if this problem persists, run an offline scan and fix.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 44511
Source Name: Chkdsk
Time Written: 10-22-2017 @ 22:48:56
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "\Users\April\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb <0x184,0x144e>" ... no corruption found.
1 corruption record processed in 0.4 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 44494
Source Name: Chkdsk
Time Written: 10-22-2017 @ 22:43:19
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 3 corruption records ...
Record 1 of 3: Bad index "$I30" in directory "\Program Files\WindowsApps\4DF9E0F8.Netflix_6.38.197.0_x64__mcm4njqhnhss8 <0xf2,0x5a08b>" ... no corruption found.
Record 2 of 3: Corrupt File "\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.6.0.5_neutral__6e5tt8cgb93ep\InkHelp\html\Portuguese (Brazil)\images\140xxlbk.gif <0x7,0x88134>" ... no corruption found.
Record 3 of 3: Corrupt File "\Program Files\WindowsApps\Facebook.Facebook_140.1118.22941.0_x86__8xx8rvfyw5nnt\WinUAPEntry.resources\assets\RKJSModules\Apps\AdsManager\ui\images\[email protected] <0x19,0x6ce8d>" ... no corruption found.
3 corruption records processed in 1.0 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 44487
Source Name: Chkdsk
Time Written: 10-22-2017 @ 22:40:48
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
Examining 6 corruption records ...
Record 1 of 6: Corrupt File "\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\DBE38CAD5A50CC4E65FF5CDC1B423448D683B843 <0x3,0xc2bd2>" ... no corruption found.
Record 2 of 6: Unneeded index entry in index "$I30" of directory "\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates <0x12,0xb42b4>" ... no corruption found.
Record 3 of 6: Unneeded index entry in index "$I30" of directory "\Windows\System32 <0xf,0x9a433>" ... no corruption found.
Record 4 of 6: Corrupt File "\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.15063.608_none_0fa08b50d7561cb0\WerFault.exe <0x12,0x9eebe>" ... no corruption found.
Record 5 of 6: Corrupt File "\Users\April\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log <0x10,0x8de47>" ... no corruption found.
Record 6 of 6: Unneeded index entry in index "$I30" of directory "\Windows\System32 <0xf,0x9a433>" ... no corruption found.
6 corruption records processed in 1.8 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 44417
Source Name: Chkdsk
Time Written: 10-22-2017 @ 22:25:41
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolume4
The service did not respond to the start or control request in a timely fashion.
A snapshot error occured while scanning this drive. Run an offline scan and fix.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 1001
Record Number: 43892
Source Name: Microsoft-Windows-Wininit
Time Written: 10-21-2017 @ 10:30:46
Event Type: Information
User:
Message:
Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        
Stage 1: Examining basic file system structure ...
  834304 file records processed.                                                       
File verification completed.
  17448 large file records processed.                                  
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
The file reference 0xba000000030137 of index entry Local State of index $I30
with parent 0x260d5 is not the same as 0xbb000000030137.
Deleting index entry Local State in index $I30 of file 260D5.
The file reference 0xba000000030137 of index entry LOCALS~1 of index $I30
with parent 0x260d5 is not the same as 0xbb000000030137.
Deleting index entry LOCALS~1 in index $I30 of file 260D5.
Unable to locate the file name attribute of index entry FO05B3~1.DAT
of index $I30 with parent 0xb4305 in file 0x42b7.
Deleting index entry FO05B3~1.DAT in index $I30 of file B4305.
Unable to locate the file name attribute of index entry FontCache-S-1-5-18.dat
of index $I30 with parent 0xb4305 in file 0x42b7.
Deleting index entry FontCache-S-1-5-18.dat in index $I30 of file B4305.
The file reference 0xcd00000003b66a of index entry UPPS.bin of index $I30
with parent 0xb8787 is not the same as 0xce00000003b66a.
Deleting index entry UPPS.bin in index $I30 of file B8787.
  1030322 index entries processed.                                                      
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file ~FONTC~4.DAT (42B7) into directory file B4305.
Recovering orphaned file ~FontCache-S-1-5-18.dat (42B7) into directory file B4305.
Recovering orphaned file UPPS.bin (30137) into directory file B8787.
  3 unindexed files scanned.                                       
Recovering orphaned file SC5716~1.ETL (3B66A) into directory file B43A8.
Recovering orphaned file ScreenOnPowerStudyTraceSession-2017-10-21-02-53-36.etl (3B66A) into directory file B43A8.
  3 unindexed files recovered to original directory.
  0 unindexed files recovered to lost and found.                   

Stage 3: Examining security descriptors ...
Cleaning up 230 unused index entries from index $SII of file 0x9.
Cleaning up 230 unused index entries from index $SDH of file 0x9.
Cleaning up 230 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
  98010 data files processed.                                          
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
No further action is required.
 704867485 KB total disk space.
 200447992 KB in 653038 files.
    380288 KB in 98013 indexes.
        12 KB in bad sectors.
    928773 KB in use by the system.
     65536 KB occupied by the log file.
 503110420 KB available on disk.
      4096 bytes in each allocation unit.
 176216871 total allocation units on disk.
 125777605 allocation units available on disk.
Internal Info:
00 bb 0c 00 fd 74 0b 00 13 ad 14 00 00 00 00 00  .....t..........
b6 12 00 00 96 02 00 00 00 00 00 00 00 00 00 00  ................
Windows has finished checking your disk.
Please wait while your computer restarts.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 32926
Source Name: Chkdsk
Time Written: 09-13-2017 @ 05:15:58
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolumeShadowCopy18
The specified object was not found.
A snapshot error occured while scanning this drive. Run an offline scan and fix.
-----------------------------------------------------------------------
Category: 0
Computer Name: AprilKay
Event Code: 26228
Record Number: 31297
Source Name: Chkdsk
Time Written: 09-08-2017 @ 21:10:16
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 
Checking file system on \Device\HarddiskVolumeShadowCopy14
The specified object was not found.
A snapshot error occured while scanning this drive. Run an offline scan and fix.
-----------------------------------------------------------------------

hmmmmm maybe not.. I will run chkdsk again and see what happens


  • 0

#73
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Bummer... ok so I need to get a new hard drive for this computer.. how do I go about reinstalling a new drive? with all the operating system etc.?  since this computer was upgraded to 10 by Microsoft I do not have a product key and I am unsure of how to reinstall all the drivers etc for my HP... this is going to be fun fun fun

OH dirty bad word


Edited by aKay47, 02 December 2017 - 02:03 AM.

  • 0

#74
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,166 posts
Hi aKay47,

I do apologize for the delay. I have requested advice from my associates to get their opinions. There are few more tests/scans we can run to get more information in regards to your hard drive situation. The following will provide a much needed snapshot. Please do as follows:

Scan with Speccy:

Please following the step below.
  • Go >>here<< and in the box under Speccy - Installer click on the green download button and save the file to your desktop
  • Close your browser.
  • Right click on the spsetup131 file and choose Run as administrator.
  • Click Yes to confirm the action.
  • Under the purple Install button look for the little blue Customize button and click on it.
  • Next, click on the purple Install button. Wait a couple seconds.
  • On the next screen, uncheck the little box that says View release notes
  • Then click on the purple Run Speccy button.
  • You'll be able to see Speccy analyize your system and a spinny thing in the power left of the window. It will be complete when all analyzing stops as well as the spinny thing in the lower left.
To publish a Speccy profile to the Web:
  • In Speccy, click File, and then click Publish Snapshot.
  • In the Publish Snapshot dialog box, click Yes to enable Speccy to proceed.
  • Speccy publishes the profile and displays a second Publish Snapshot. You can click on Open on Browser and copy the URL then paste into your next post or you can click on the Copy to Clipboard button and paste into your next reply. Either or is just fine as long as we get that link so we can review the report.
Please post the resulting URL in your next reply.
  • 0

#75
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

okey dokey  following  your instructions I have been looking for hard drives and figuring out which one will work best in this computer.. and where the best deal is  :D  because  I HATE BEATING A DEAD HORSE..  or even a dying one..  it gets you no where really fast  I downloaded Windows 10 with media  creation tool and saved the file to my  new usb drive in anticipation of a new hard drive and a new install.  I have this cd/dvd hard drive shuttle ( it is a second hard drive mounting shuttle and it goes where the dvd was. (dvd stopped working a long time ago anyway} I thought it would help with the transfer/backup of necessary files.. drivers etc when it comes time to change the drive and reinstall all the drivers that came with the HP?  I could be completely wrong here just thought I would run it past you .. 

 

ok let me run the speccy file and get back to you .. 

]\


  • 0






Similar Topics


Also tagged with one or more of these keywords: antivirus disabled, virus, cannot access files, can not delete virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP