Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

On boot System problem with Admin Profile User


  • Please log in to reply

#1
everythingsm

everythingsm

    Member

  • Member
  • PipPipPip
  • 164 posts

Computer Problem 041018

Win7, 32 Bit

Days ago my computer booted up and my desktop was rearranged. Then I was booted up as Default User. I reboot w/F8 and was back in my Admin Profile. Again today booted into Default Profile. I reboot trying F8 (It will not work as usual) and the system Boots me up as Default User.  I then have to Cntl Alt Delete to go into my normal Admin User/Safe Mode. My DeskTop  is gone and I’m booted in as a New User(Old Windows Look) with no Restore points. All my files look to bein the system just none of my Admin User Profile info.

 

I used  Minimal Safe Mode in the default Safe Mode option. I ran Malwarebytes, Sophos 2.6.1 , Spybot, Adw Cleaner in Safe mode with nothing found, CC Cleaner Will not run in Safe Mode.

  https://helpdeskgeek.com/windows-7/safe-mode-f8-doesnt-work/

 

I ran Malwarebytes, Sophos 2.6.1 , Adw Cleaner,  CC Cleaner in Normal boot with nothing found. Sophos 2.6.1 will not run Error 1606 Could not access network location.

Info below from Event Viewer

- Event Viewer Error 4/11/18 0xc000000d Error

- Unable to load registry

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by Scott (administrator) on SCOTT-PC (11-04-2018 04:43:21)
Running from C:\Windows\System32\config\systemprofile\Desktop
Loaded Profiles: Scott & Administrator (Available Profiles: Scott & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\EZ-DUB\EZ-DUB.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\microsoft office\Office12\WINWORD.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION

 

 

 

Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by Scott (11-04-2018 04:44:42)
Running from C:\Windows\System32\config\systemprofile\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-04-09 18:07:55)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4044866103-2329573634-2605357377-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-4044866103-2329573634-2605357377-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4044866103-2329573634-2605357377-1002 - Limited - Enabled)
Scott (S-1-5-21-4044866103-2329573634-2605357377-1000 - Administrator - Enabled) => C:\Users\TEMP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
. . . (HKLM\...\{679012E8-DFAC-4484-AD14-D08C6FD7FB4B}) (Version: 2.1.28.3 - Intel) Hidden
7-Zip 17.01 beta (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced Scan to PDF Free 3.9.2 (HKLM\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\{C9811F26-3EF6-449A-9736-BB79A125D894}) (Version: 14.0.4007 - AVG Technologies) Hidden
AVG Zen (HKLM\...\{9716EA2F-5DC5-4ECB-AA7B-909457378877}) (Version: 1.0.306 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
e-Sword Module Installer version .4 (HKLM\...\{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1) (Version: .4 - BibleSupport.com)
EZ-DUB (HKLM\...\{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}) (Version: 3.0 - Ulead System)
EZ-DUB Finder (HKLM\...\{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON) Hidden
EZ-DUB Finder (HKLM\...\InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON)
Flvto YouTube Downloader (HKLM\...\Flvto YouTube Downloader) (Version: 1.0.9 - Hotger)
FMW 1 (HKLM\...\{3E322933-FA94-438E-AA1F-2F066B1CC46C}) (Version: 1.0.222 - AVG Technologies) Hidden
Freemake Video Converter version 4.1.9 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Freemake YouTube To MP3 Boom (HKLM\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 21.1 - Intel)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
LiveUpdate (HKLM\...\LiveUpdate) (Version:  - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MOBZync (HKLM\...\{417FF61C-66A9-4A76-8AF7-0E3994AC8C31}) (Version: 0.9.2 - MOBZystems)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0 (x86 en-US) (HKLM\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Potplayer (HKLM\...\PotPlayer) (Version:  - Daum Communications Corp.)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Seagate Manager Installer (HKLM\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
THE NAG HAMMADI LIBRARY.topx version 0 (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: 0 - BibleSupport.com)
Unchecky v1.2 (HKLM\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2017 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A3667A92C7}}_is1) (Version:  - windows-movie-maker.org)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01138799-A432-413E-9233-4142970467DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {14A54D07-0B8E-4E6C-BEFB-DEB6A8F28FA3} - System32\Tasks\{33AB1714-0F1F-41BE-AE4D-4CE707FC8AB9} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {16FEA387-FAD4-443A-B4E6-FF988F0C4AE6} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {1755AAFA-3DA6-4A8A-8AB5-ED14BFBD65AA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {2793D72D-CFC5-444E-9A9B-8F524FA71D11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {3527F7EE-4B8E-422D-8FEE-5083930043EB} - System32\Tasks\{29D5E377-CE4A-4947-BFE7-6DDD9A5B4E48} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {35910534-5F45-451B-86CF-536B12FEDDC1} - System32\Tasks\{8ED34269-D355-4824-81B4-8E0CA709686C} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {3C66B5AA-E80B-4D41-AE1B-A079372C78A8} - System32\Tasks\{8C2A7429-5BBC-4A32-ADA5-FE99F091FC16} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {4AD47043-4D67-4F39-91A9-D2CC29BC3ABA} - System32\Tasks\{E9D04DF9-CB1A-4CD2-812C-5092FD85C825} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {5656C4ED-3456-4135-BC27-E175548C6CE5} - System32\Tasks\{44D3594B-D2F9-4834-9AC4-F0DB2A6AF30F} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {5E143A35-2398-45E0-AA08-747CFD6B4E72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {606E7679-296E-47AD-BEDC-561DB8C5C216} - System32\Tasks\{FEB863AF-49C3-4878-8B79-25D08C06B6B4} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {60B245A9-53E6-4893-A5B9-78C94BC324BD} - System32\Tasks\{DCC16085-21A5-4481-BCD9-1750B143EE35} => C:\Program Files\iTunes\iTunes.exe [2012-09-09] (Apple Inc.)
Task: {71C9B795-5C44-45DD-BD07-19F04583060F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {76892BC5-DD39-4476-A303-245CDC15CFE7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe
Task: {7768604C-8CBC-4A2B-AED0-A4F2024106D8} - System32\Tasks\{3A1EEAA2-E709-4F63-B471-039AB4F070B6} => C:\Program Files\GoPro\GoPro VR Player 2.0\GoProVRPlayer_win32.exe
Task: {82F944B0-DC1B-4832-8854-D074A94AF0F7} - System32\Tasks\{FF244946-B9B9-40C5-963E-7DDF2E841CBD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {8C7185EE-DE6D-4769-9993-D38D6083431A} - System32\Tasks\{4F631F87-16B4-4E00-A335-12B11782D7AD} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {95C85358-9525-40F4-AA85-56630A07C528} - System32\Tasks\{FFF85220-D9CF-419E-B476-7CD90CAF7426} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {9CAD1C03-B916-417B-BE7B-C537DAB00942} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {A1A327C7-552B-4D71-BF2A-39631CCDB3E3} - System32\Tasks\{B9F54951-8F68-4BAD-A9D5-012EB4EAC459} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {B809CE6A-00DF-4AF7-9DC7-606F924952CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {B860E51A-F298-48AF-B95B-4DB83A4F070A} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {BB8E71B2-D43C-4F0F-8962-BAB9883D1A29} - System32\Tasks\{746B6DDB-026D-46DC-BE02-6386A60BB78B} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {D5341DCE-D5E5-4C44-A1AC-0E0F0EBA53EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {D8597A4D-A621-4012-B014-264A1A2A9049} - System32\Tasks\{B68C5D2C-97E0-4176-AE26-74584708E6FD} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
Task: {D86561A4-68E3-4867-B905-F0487E4BF858} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {DD732DE6-D589-4CD6-86D9-CA5BC8B0ADA6} - System32\Tasks\{C1FEB967-16F4-4ECF-AF9B-26F198453BD9} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {E397C2F9-8ADD-4316-A8FB-7B68F3812912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044866103-2329573634-2605357377-1000Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-15] (Google Inc.)
Task: {EB4ED08B-2D3E-4E89-A94A-AC5A1C3C6FAB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {F43C98AE-5690-4997-B5F8-E545FFF6803E} - System32\Tasks\{50D840F2-A880-4AFE-B759-4D2B2B700A7D} => C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-05-14 08:20 - 2013-10-23 14:23 - 000089136 _____ () C:\Windows\System32\cpwmon2k.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-22 04:39 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-22 04:39 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-22 04:39 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-22 04:39 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-22 04:39 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2005-09-13 19:47 - 2005-09-13 19:47 - 000266240 _____ () C:\Program Files\EZ-DUB\EZ-DUB.exe
2016-06-08 19:04 - 2016-06-08 19:04 - 000117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-04-04 08:04 - 2018-03-12 15:09 - 001936672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-04 08:04 - 2018-03-27 13:47 - 001912096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000143296 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 002631616 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000554944 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000041920 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000039872 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000086464 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-13 06:56 - 2015-04-13 06:56 - 000070675 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 002158528 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000114112 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000245184 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000089536 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000055744 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000072128 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000593344 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000771520 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000131520 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000052672 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000023488 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000145856 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 001566656 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000332736 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 001264064 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000024512 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000069568 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000048576 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 000242112 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 012001728 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000046528 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000261056 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000304576 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 001291200 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000754624 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000344512 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000036800 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000052160 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000456128 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000035776 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000024512 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000157632 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 001549248 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000356288 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000031680 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000363456 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 000121792 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 013522368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000772544 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000038848 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000022464 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000030144 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000702400 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 001504704 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000036800 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000125376 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000064448 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000027584 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000024512 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000030656 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000027584 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000029120 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000037312 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2015-04-13 06:58 - 2015-04-13 06:58 - 000024000 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000023488 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2015-04-13 06:59 - 2015-04-13 06:59 - 000022976 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2015-11-11 04:41 - 2015-11-11 04:41 - 000756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2018-04-11 03:37 - 000001306 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AvgUi => "C:\Program Files\AVG\Framework\Common\avguix.exe" /fmw.trayonly
MSCONFIG\startupreg: Google Update => C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D372D014-1A79-4E01-B779-AC098E91E870}] => (Allow) C:\Users\Scott\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2909F608-F53F-4E85-8B60-3CF0C8602B50}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A93F060F-0771-4EB6-86E8-FC7AC755986D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC30EE5E-E2BD-413C-B10C-DF680BEFE90F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{21777E3F-4B64-4367-B448-FFA8EA997095}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{48BF5A3C-9E61-4AE4-88EE-D78D625675F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9B1850DF-4730-478D-9D13-8278359CF2C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{692F9A1F-19C8-4F16-8190-FC7FBE5714FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0ECEB16C-69BA-425A-8C14-7D03024D715F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{41943A4A-5F4C-40AF-B76F-8D636F80DC7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8E528E4E-A129-43AF-9A8E-44541BAA0A5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AAD116BE-DCE6-4CE8-AF33-4206523429DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E154B2C5-F420-4BA0-88B3-37085D5C462C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A1C9EB16-F72A-4D10-8FC0-ADB0A0D83334}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E814BFAD-499F-4DCF-8264-CFB3E927F226}] => (Allow) LPort=2869
FirewallRules: [{D20238AF-FF53-4DD5-A019-3F56D9D68C0F}] => (Allow) LPort=1900
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

10-04-2018 16:25:11 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2018 04:01:02 AM) (Source: MsiInstaller) (EventID: 11606) (User: Scott-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (04/11/2018 04:01:00 AM) (Source: MsiInstaller) (EventID: 11606) (User: Scott-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (04/11/2018 03:37:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/11/2018 03:37:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Scott-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/10/2018 07:27:24 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2018 07:27:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2018 07:27:24 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2018 07:27:24 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (04/11/2018 03:37:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_DEVIM

Error: (04/11/2018 03:37:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/10/2018 07:27:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/10/2018 07:27:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/10/2018 07:27:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_DEVIM

Error: (04/10/2018 07:26:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/10/2018 07:22:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/10/2018 07:22:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 79%
Total physical RAM: 3061.18 MB
Available physical RAM: 631.84 MB
Total Virtual: 6120.7 MB
Available Virtual: 3506.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:175.04 GB) NTFS
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:166.4 GB) NTFS
Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1249.64 GB) NTFS
Drive l: (Seagate Backup Plus Drive) (Fixed) (Total:5588.9 GB) (Free:19.5 GB) NTFS
Drive m: () (Removable) (Total:3.77 GB) (Free:2.26 GB) FAT32

\\?\Volume{f29edfd7-c00e-11e3-a285-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7A055C85)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 5589 GB) (Disk ID: 9A983881)

Partition: GPT.

========================================================
Disk: 6 (Size: 1863 GB) (Disk ID: 8A352DED)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.

========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

I checked for integrity issues by running sfc /scannow. There were no issues found.  Please help.

 

9 light on Dell keyboard stay lit after rebooting.

Attached Thumbnails

  • Capture.JPG

Edited by everythingsm, 12 April 2018 - 08:44 AM.

  • 0

#3
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Cancel the post no one cared to help.


  • 0

#4
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,668 posts

Hi,

 

I need to have fresh logs to work, please execute FRST and wait for the tool to update.

 

Click the Scan button and wait. After the scan two log files will open in Notepad FRST.txt and Addition.txt that are saved on the Desktop please attach both files to you reply.


  • 0

#5
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Will do check me in 10 min. The User Profile I was able to work with for the last week, i'm locked out of again so I'll put the logs up asap.


  • 0

#6
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Here ya go you said attach.

Attached Files


  • 0

#7
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,668 posts

Need to collect more information form the system...

 

 

  • Highlight the contents of the box below, right click on it and select Copy

    Start::
    reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s
    cmd: dir /s /A c:\users\ntuser.dat*
    End::

  • Execute FRST/FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    FRST_Fix.png
  • Press the Fix button just once and Wait
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.

 


  • 0

#8
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Sleepy Im 32 bit ? still want the 64 ?


  • 0

#9
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,668 posts

Sleepy Im 32 bit ? still want the 64 ?

 

Most of my instructions are multi OS, FRST/FRST64 means use the FRST or FRST64, in your case is FRST the 64-bits version doesn't work for you.


  • 0

#10
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Thanks

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by SM (17-04-2018 15:04:39) Run:1
Running from C:\Users\SM\Desktop
Loaded Profiles: SM & Administrator (Available Profiles: Scott & SM & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s
cmd: dir /s /A c:\users\ntuser.dat*

*****************


========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    Flags    REG_DWORD    0xc
    State    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    Sid    REG_BINARY    010100000000000512000000
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1000
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\TEMP
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1000.bak
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Scott
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x8100
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BE8030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x0
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1003
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\SM
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BEB030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-500
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Administrator
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x100
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BF4010000
    Migrated    REG_BINARY    201283A24154CF01
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    RunLogonScriptSync    REG_DWORD    0x0



========= End of Reg: =========


========= dir /s /A c:\users\ntuser.dat* =========

 Volume in drive C has no label.
 Volume Serial Number is 7E4D-7347

 Directory of c:\users\Administrator
 


  • 0

Advertisements


#11
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,668 posts

Sorry but you didn't post the complete log!

 

Open the log fixlist.txt, on Notepad open the menu Edit > Select All

Edit > Copy, Paste the log on the topic


  • 0

#12
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Sorry my bad.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by SM (17-04-2018 15:04:39) Run:1
Running from C:\Users\SM\Desktop
Loaded Profiles: SM & Administrator (Available Profiles: Scott & SM & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s
cmd: dir /s /A c:\users\ntuser.dat*

*****************


========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    Flags    REG_DWORD    0xc
    State    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    Sid    REG_BINARY    010100000000000512000000
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1000
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\TEMP
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1000.bak
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Scott
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x8100
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BE8030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x0
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-1003
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\SM
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BEB030000
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4044866103-2329573634-2605357377-500
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Administrator
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x100
    Sid    REG_BINARY    01050000000000051500000037C217F10279DA8A41994A9BF4010000
    Migrated    REG_BINARY    201283A24154CF01
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    RunLogonScriptSync    REG_DWORD    0x0



========= End of Reg: =========


========= dir /s /A c:\users\ntuser.dat* =========

 Volume in drive C has no label.
 Volume Serial Number is 7E4D-7347

 Directory of c:\users\Administrator

04/17/2018  02:07 PM           786,432 ntuser.dat
04/17/2018  02:07 PM           262,144 ntuser.dat.LOG1
04/09/2014  03:18 PM                 0 ntuser.dat.LOG2
04/02/2018  05:03 PM            65,536 ntuser.dat{01aed084-36cf-11e8-9cf4-0024e80181a9}.TM.blf
04/02/2018  05:03 PM           524,288 ntuser.dat{01aed084-36cf-11e8-9cf4-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
04/02/2018  05:03 PM           524,288 ntuser.dat{01aed084-36cf-11e8-9cf4-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
05/30/2017  03:13 AM            65,536 ntuser.dat{06d0c2c8-4520-11e7-8d35-0024e80181a9}.TM.blf
05/30/2017  03:13 AM           524,288 ntuser.dat{06d0c2c8-4520-11e7-8d35-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
05/30/2017  03:13 AM           524,288 ntuser.dat{06d0c2c8-4520-11e7-8d35-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
02/14/2018  04:30 AM            65,536 ntuser.dat{06e5ab8c-1176-11e8-8da3-0024e80181a9}.TM.blf
02/14/2018  04:30 AM           524,288 ntuser.dat{06e5ab8c-1176-11e8-8da3-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
02/14/2018  04:30 AM           524,288 ntuser.dat{06e5ab8c-1176-11e8-8da3-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
06/17/2017  07:27 PM            65,536 ntuser.dat{1a5ba4bb-53cd-11e7-8d2f-0024e80181a9}.TM.blf
06/17/2017  07:27 PM           524,288 ntuser.dat{1a5ba4bb-53cd-11e7-8d2f-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
06/17/2017  07:27 PM           524,288 ntuser.dat{1a5ba4bb-53cd-11e7-8d2f-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
10/30/2017  02:27 PM            65,536 ntuser.dat{2fc74237-bd6a-11e7-b2e1-0024e80181a9}.TM.blf
10/30/2017  02:27 PM           524,288 ntuser.dat{2fc74237-bd6a-11e7-b2e1-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
10/30/2017  02:27 PM           524,288 ntuser.dat{2fc74237-bd6a-11e7-b2e1-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
04/06/2017  04:59 PM            65,536 ntuser.dat{44803b9d-1aad-11e7-a54b-0024e80181a9}.TM.blf
04/06/2017  04:59 PM           524,288 ntuser.dat{44803b9d-1aad-11e7-a54b-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
04/06/2017  04:59 PM           524,288 ntuser.dat{44803b9d-1aad-11e7-a54b-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
06/03/2017  03:03 AM            65,536 ntuser.dat{6b9f5c3b-4843-11e7-8d21-0024e80181a9}.TM.blf
06/03/2017  03:03 AM           524,288 ntuser.dat{6b9f5c3b-4843-11e7-8d21-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
06/03/2017  03:03 AM           524,288 ntuser.dat{6b9f5c3b-4843-11e7-8d21-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
04/09/2014  03:18 PM            65,536 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
04/09/2014  03:18 PM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
04/09/2014  03:18 PM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
04/10/2018  04:48 PM            65,536 ntuser.dat{aa3980c3-3d19-11e8-9307-0024e80181a9}.TM.blf
04/10/2018  04:48 PM           524,288 ntuser.dat{aa3980c3-3d19-11e8-9307-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
04/10/2018  04:48 PM           524,288 ntuser.dat{aa3980c3-3d19-11e8-9307-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
03/22/2017  03:44 PM            65,536 ntuser.dat{ea76dced-0f50-11e7-a697-0024e80181a9}.TM.blf
03/22/2017  03:44 PM           524,288 ntuser.dat{ea76dced-0f50-11e7-a697-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
03/22/2017  03:44 PM           524,288 ntuser.dat{ea76dced-0f50-11e7-a697-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
04/16/2018  10:49 AM            65,536 ntuser.dat{f73e7025-4185-11e8-916a-0024e80181a9}.TM.blf
04/16/2018  10:49 AM           524,288 ntuser.dat{f73e7025-4185-11e8-916a-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
04/16/2018  10:49 AM           524,288 ntuser.dat{f73e7025-4185-11e8-916a-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
              36 File(s)     13,303,808 bytes

 Directory of c:\users\Default

04/09/2014  11:45 AM           262,144 NTUSER.DAT
04/11/2011  07:28 PM             1,024 NTUSER.DAT.LOG
04/14/2018  04:29 PM           197,632 NTUSER.DAT.LOG1
07/13/2009  07:03 PM                 0 NTUSER.DAT.LOG2
07/13/2009  09:34 PM            65,536 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
07/13/2009  09:34 PM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
07/13/2009  09:34 PM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
               7 File(s)      1,574,912 bytes

 Directory of c:\users\Scott

04/10/2018  07:12 PM        12,320,768 ntuser.dat
04/17/2018  12:02 PM           556,544 ntuser.dat.LOG1
04/09/2014  11:08 AM                 0 ntuser.dat.LOG2
05/21/2016  03:06 AM            65,536 ntuser.dat{14d9b693-1ecb-11e6-b441-0024e80181a9}.TM.blf
05/21/2016  03:06 AM           524,288 ntuser.dat{14d9b693-1ecb-11e6-b441-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
05/21/2016  03:06 AM           524,288 ntuser.dat{14d9b693-1ecb-11e6-b441-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
05/05/2014  08:33 AM            65,536 ntuser.dat{4d7f919d-d457-11e3-9cb3-0024e80181a9}.TM.blf
05/05/2014  08:33 AM           524,288 ntuser.dat{4d7f919d-d457-11e3-9cb3-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
05/05/2014  08:33 AM           524,288 ntuser.dat{4d7f919d-d457-11e3-9cb3-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
08/19/2014  11:32 AM            65,536 ntuser.dat{59098769-27c3-11e4-bc3a-0024e80181a9}.TM.blf
08/19/2014  11:32 AM           524,288 ntuser.dat{59098769-27c3-11e4-bc3a-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
08/19/2014  11:32 AM           524,288 ntuser.dat{59098769-27c3-11e4-bc3a-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
04/09/2014  11:13 AM            65,536 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
04/09/2014  11:13 AM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
04/09/2014  11:13 AM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
03/16/2018  08:05 PM            65,536 ntuser.dat{88e74b63-2986-11e8-a7e6-0024e80181a9}.TM.blf
03/16/2018  08:05 PM           524,288 ntuser.dat{88e74b63-2986-11e8-a7e6-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
03/16/2018  08:05 PM           524,288 ntuser.dat{88e74b63-2986-11e8-a7e6-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
              18 File(s)     18,447,872 bytes

 Directory of c:\users\SM

04/17/2018  03:04 PM           786,432 ntuser.dat
04/17/2018  03:04 PM           262,144 ntuser.dat.LOG1
04/14/2018  02:21 PM                 0 ntuser.dat.LOG2
04/14/2018  02:21 PM            65,536 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
04/14/2018  02:21 PM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
04/14/2018  02:21 PM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
04/16/2018  10:49 AM            65,536 ntuser.dat{f73e7021-4185-11e8-916a-0024e80181a9}.TM.blf
04/16/2018  10:49 AM           524,288 ntuser.dat{f73e7021-4185-11e8-916a-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
04/16/2018  10:49 AM           524,288 ntuser.dat{f73e7021-4185-11e8-916a-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
               9 File(s)      3,276,800 bytes

 Directory of c:\users\TEMP

04/17/2018  12:01 PM         2,097,152 ntuser.dat
04/17/2018  12:02 PM           262,144 ntuser.dat.LOG1
04/10/2018  03:52 PM                 0 ntuser.dat.LOG2
04/10/2018  03:59 PM            65,536 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
04/10/2018  03:59 PM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
04/10/2018  03:59 PM           524,288 NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
04/16/2018  11:34 AM            65,536 ntuser.dat{f73e7019-4185-11e8-916a-0024e80181a9}.TM.blf
04/16/2018  11:34 AM           524,288 ntuser.dat{f73e7019-4185-11e8-916a-0024e80181a9}.TMContainer00000000000000000001.regtrans-ms
04/16/2018  11:34 AM           524,288 ntuser.dat{f73e7019-4185-11e8-916a-0024e80181a9}.TMContainer00000000000000000002.regtrans-ms
               9 File(s)      4,587,520 bytes

     Total Files Listed:
              79 File(s)     41,190,912 bytes
               0 Dir(s)  182,888,894,464 bytes free

========= End of CMD: =========


==== End of Fixlog 15:05:03 ====


  • 0

#13
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,668 posts

For now please disconnect all the external drives, some will need checking after this problem resolved...

 

 

» Check the Disk for Errors

  • open the Command Prompt as Administrator (Tutorial)
  • type the command:
    chkdsk /r /x C:
    Note: When it ask if you want to checked the volume next time the system restarts answer Yes
  • Restart the Computer and let the check run during boot. The scan will take a long time.

Next,

  • download ListChkdskResult
  • execute the file and accept all the windows prompts to authorize the program to run
  • Notepad will open with a report showing the chkdsk result
  • copy & paste the log to your reply

 

 

I will check tomorrow for the results.


  • 0

#14
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Sleepy i restores today from using Tweeking. When I ran Tweeking during the process I requested a disk check. When i booted back up after Restore the disk check completed and sais all was good.  i will run again if you tell me to. Let me know.

 

Is there somwhere in my computer that can get the results of the earleir disk check that was run this morning ?


Edited by everythingsm, 17 April 2018 - 05:02 PM.

  • 0

#15
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

chkdsk was run at 10:49 AM this morning. Ive posted the info.  If you need a new chkdsk plz let me know and I will need to run tomorrow.  But this was run with external plugged in so i will run another scan tomorrow.

 

Thanks for your help.

 

Log Name:      Application

Source:        Microsoft-Windows-Wininit

Date:          4/16/2018 10:49:41 AM

Event ID:      1001

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      Scott-PC

Description:

 

 

Checking file system on C:

The type of the file system is NTFS.

 

A disk check has been scheduled.

Windows will now check the disk.                        

 

CHKDSK is verifying files (stage 1 of 5)...

  218880 file records processed.                                        

File verification completed.

  1993 large file records processed.                                  

  0 bad file records processed.                                    

  2 EA records processed.                                          

  92 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...

  296598 index entries processed.                                       

Index verification completed.

  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 5)...

  218880 file SDs/SIDs processed.                                       

Cleaning up 657 unused index entries from index $SII of file 0x9.

Cleaning up 657 unused index entries from index $SDH of file 0x9.

Cleaning up 657 unused security descriptors.

Security descriptor verification completed.

  38860 data files processed.                                          

CHKDSK is verifying Usn Journal...

  34971872 USN bytes processed.                                           

Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

  218864 files processed.                                               

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

  45042109 free clusters processed.                                       

Free space verification is complete.

CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.

 

 488282111 KB total disk space.

 307660012 KB in 150146 files.

    115416 KB in 38861 indexes.

         0 KB in bad sectors.

    338247 KB in use by the system.

     65536 KB occupied by the log file.

 180168436 KB available on disk.

 

      4096 bytes in each allocation unit.

 122070527 total allocation units on disk.

  45042109 allocation units available on disk.

 

Internal Info:

00 57 03 00 5a e2 02 00 17 59 05 00 00 00 00 00  .W..Z....Y......

a9 6f 00 00 5c 00 00 00 00 00 00 00 00 00 00 00  .o..\...........

30 8f 0a 00 50 01 09 00 80 1c 09 00 00 00 09 00  0...P...........

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

Event Xml:

<Event xmlns="http://schemas.micro.../events/event">

  <System>

    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />

    <EventID Qualifiers="16384">1001</EventID>

    <Version>0</Version>

    <Level>4</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2018-04-16T17:49:41.000000000Z" />

    <EventRecordID>220135</EventRecordID>

    <Correlation />

    <Execution ProcessID="0" ThreadID="0" />

    <Channel>Application</Channel>

    <Computer>Scott-PC</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

 

Checking file system on C:

The type of the file system is NTFS.

 

A disk check has been scheduled.

Windows will now check the disk.                        

 

CHKDSK is verifying files (stage 1 of 5)...

  218880 file records processed.                                        

File verification completed.

  1993 large file records processed.                                   

  0 bad file records processed.                                    

  2 EA records processed.                                          

  92 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 5)...

  296598 index entries processed.                                       

Index verification completed.

  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...

  218880 file SDs/SIDs processed.                                       

Cleaning up 657 unused index entries from index $SII of file 0x9.

Cleaning up 657 unused index entries from index $SDH of file 0x9.

Cleaning up 657 unused security descriptors.

Security descriptor verification completed.

  38860 data files processed.                                          

CHKDSK is verifying Usn Journal...

  34971872 USN bytes processed.                                            

Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

  218864 files processed.                                               

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

  45042109 free clusters processed.                                       

Free space verification is complete.

CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.

 

 488282111 KB total disk space.

 307660012 KB in 150146 files.

    115416 KB in 38861 indexes.

         0 KB in bad sectors.

    338247 KB in use by the system.

     65536 KB occupied by the log file.

 180168436 KB available on disk.

 

      4096 bytes in each allocation unit.

 122070527 total allocation units on disk.

  45042109 allocation units available on disk.

 

Internal Info:

00 57 03 00 5a e2 02 00 17 59 05 00 00 00 00 00  .W..Z....Y......

a9 6f 00 00 5c 00 00 00 00 00 00 00 00 00 00 00  .o..\...........

30 8f 0a 00 50 01 09 00 80 1c 09 00 00 00 09 00  0...P...........

 

Windows has finished checking your disk.

Please wait while your computer restarts.

</Data>

  </EventData>

</Event>


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP