Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After Windows Update, PC began to act all weird as if malware was present


  • Please log in to reply
9 replies to this topic

#1 harristhrow

harristhrow

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 25 March 2016 - 03:01 AM

After an important Windows Update yesterday, I turned on the PC and opened the Chrome browser, and after that I was presented with a BSOD with the error message "bad_pool_header".

 

After that crash, I had restarted my PC several times to install multiple updates for programs, and then today after turning it back on, 3 hours later BitDefender Total Security 2016 said I was running out of available C space. I found that odd because I always had 17 gigs left, and when I checked, the C drive stated "NTFS" with 0 bytes left. If it helps, I had installed anti-exploit the same day this happened.

 

I have had the following security programs on my PC 

 

BitDefender - current

HitmanPro - current

Kaspersky

Malwarebytes - current

Malwarebytes Anti-Exploit

 

running Windows 8.1 x64

 

to note, the scans have detected nothing, all are up to date


Edited by harristhrow, 25 March 2016 - 03:01 AM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:11 PM

Posted 25 March 2016 - 05:33 AM

harristhrow:

:welcome: to the Bleeping Computer Am I Infected? What Do I Do? Forum. My name is Phil and if you would permit, I would like to address you by your first name, if that is alright with you, since we will be working together.

We need to find out what is taking up space on your primary operating system partition. Windows generally requires 10 to 15 percent of the OS hard drive partition to be free in order to function properly. The lack of space may well be what is causing your issues.

Malwarebytes Anti-Exploit should not be causing that problem. I use it myself as do many other computer users. It is an excellent product and not very large.

Would you be so kind as to run the MiniToolBox application for me? I would like to have a look at your computer configuration.
 

 

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 

 

 

Please paste the MiniToolBox log into your next post. I will examine it and get back to you.

If I have not replied in 48 hours, please send me a personal message.

Have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 harristhrow

harristhrow
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 25 March 2016 - 12:10 PM

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Harrison (administrator) on 25-03-2016 at 10:08:22
Running from "C:\Users\Harrison\Downloads"
Microsoft Windows 8.1  (X64)
Model: H97-D3H Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Ethernet Connection I217-V = Ethernet (Connected)
LogMeIn Hamachi Virtual Ethernet Adapter = Hamachi (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Hamachi" forwarding=enabled advertise=enabled metric=9000 nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Harrison
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Ethernet Connection I217-V
   Physical Address. . . . . . . . . : FC-AA-14-31-0C-61
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b44d:a6dd:73c7:4081%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.107(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : March 23, 2016 10:54:19 PM
   Lease Expires . . . . . . . . . . : March 26, 2016 10:05:35 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 66890260
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-03-FA-00-FC-AA-14-31-0C-61
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : LogMeIn Hamachi Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 7A-79-19-0A-68-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::190a:681f(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::4dc8:ed4f:e5f4:e2d2%8(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.10.104.31(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : March 25, 2016 10:05:37 AM
   Lease Expires . . . . . . . . . . : March 25, 2017 10:05:37 AM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 134369522
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-03-FA-00-FC-AA-14-31-0C-61
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{239FB6BD-FC24-4CE7-8DC9-9C642A89A450}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A83A3ADF-9B91-4AC7-A1EA-AFF5D4CD4D7A}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  router.asus.com
Address:  192.168.2.1
 
Name:    google.com
Addresses:  2607:f8b0:400a:806::200e
 216.58.193.78
 
 
Pinging google.com [216.58.193.78] with 32 bytes of data:
Reply from 216.58.193.78: bytes=32 time=16ms TTL=57
Reply from 216.58.193.78: bytes=32 time=16ms TTL=57
 
Ping statistics for 216.58.193.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server:  router.asus.com
Address:  192.168.2.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=21ms TTL=53
Reply from 206.190.36.45: bytes=32 time=21ms TTL=53
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 21ms, Average = 21ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...fc aa 14 31 0c 61 ......Intel® Ethernet Connection I217-V
  8...7a 79 19 0a 68 1f ......LogMeIn Hamachi Virtual Ethernet Adapter
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.107     10
          0.0.0.0          0.0.0.0         25.0.0.1     25.10.104.31   9256
         25.0.0.0        255.0.0.0         On-link      25.10.104.31   9256
     25.10.104.31  255.255.255.255         On-link      25.10.104.31   9256
   25.255.255.255  255.255.255.255         On-link      25.10.104.31   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.107    266
    192.168.2.107  255.255.255.255         On-link     192.168.2.107    266
    192.168.2.255  255.255.255.255         On-link     192.168.2.107    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.107    266
        224.0.0.0        240.0.0.0         On-link      25.10.104.31   9256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.107    266
  255.255.255.255  255.255.255.255         On-link      25.10.104.31   9256
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8   9005 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
  8    261 2620:9b::/64             On-link
  8    261 2620:9b::/96             On-link
  8    261 2620:9b::190a:681f/128   On-link
  3    266 fe80::/64                On-link
  8    261 fe80::/64                On-link
  8    261 fe80::4dc8:ed4f:e5f4:e2d2/128
                                    On-link
  3    266 fe80::b44d:a6dd:73c7:4081/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
  8    261 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/23/2016 11:10:29 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume System was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (03/22/2016 03:33:38 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume System was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (03/22/2016 02:57:35 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume System was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (03/18/2016 12:08:43 AM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (03/16/2016 04:24:36 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume System was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (03/15/2016 03:00:53 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume System was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (03/14/2016 04:17:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: JustCause2.exe, version: 1.0.0.2, time stamp: 0x4c1b5791
Faulting module name: JustCause2.exe, version: 1.0.0.2, time stamp: 0x4c1b5791
Exception code: 0xc0000005
Fault offset: 0x000ec582
Faulting process id: 0x23b4
Faulting application start time: 0xJustCause2.exe0
Faulting application path: JustCause2.exe1
Faulting module path: JustCause2.exe2
Report Id: JustCause2.exe3
Faulting package full name: JustCause2.exe4
Faulting package-relative application ID: JustCause2.exe5
 
Error: (03/13/2016 05:14:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: GWX_control_panel.exe, version: 1.7.2.0, time stamp: 0x56a50511
Faulting module name: GWX_control_panel.exe, version: 1.7.2.0, time stamp: 0x56a50511
Exception code: 0xc0000005
Fault offset: 0x00147991
Faulting process id: 0x16a0
Faulting application start time: 0xGWX_control_panel.exe0
Faulting application path: GWX_control_panel.exe1
Faulting module path: GWX_control_panel.exe2
Report Id: GWX_control_panel.exe3
Faulting package full name: GWX_control_panel.exe4
Faulting package-relative application ID: GWX_control_panel.exe5
 
Error: (03/09/2016 08:44:46 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume System was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (03/08/2016 04:32:12 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume System was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
 
System errors:
=============
Error: (03/24/2016 10:29:43 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer OWNER-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{239FB6BD-FC24-4CE7-8DC9-9C642A89A450}.
The master browser is stopping or an election is being forced.
 
Error: (03/23/2016 10:55:21 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service hung on starting.
 
Error: (03/23/2016 10:54:20 PM) (Source: Service Control Manager) (User: )
Description: The MakerBot Conveyor Service service failed to start due to the following error: 
%%2
 
Error: (03/23/2016 10:54:13 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (03/23/2016 10:54:19 PM) (Source: BugCheck) (User: )
Description: 0x00000019 (0x0000000000000020, 0xffffe001a2cb4598, 0xffffe001a2cb5248, 0x00000000a4cb46d8)C:\windows\MEMORY.DMP032316-16437-01
 
Error: (03/23/2016 10:54:19 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:44:31 PM on ‎2016-‎03-‎23 was unexpected.
 
Error: (03/23/2016 10:45:01 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/23/2016 10:44:32 PM) (Source: Service Control Manager) (User: )
Description: The MakerBot Conveyor Service service failed to start due to the following error: 
%%2
 
Error: (03/22/2016 10:17:21 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.2.107.
The computer with the IP address 192.168.2.163 did not allow the name to be claimed by
this computer.
 
Error: (03/21/2016 10:25:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/23/2016 11:10:29 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: SystemThe parameter is incorrect. (0x80070057)
 
Error: (03/22/2016 03:33:38 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: SystemThe parameter is incorrect. (0x80070057)
 
Error: (03/22/2016 02:57:35 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: SystemThe parameter is incorrect. (0x80070057)
 
Error: (03/18/2016 12:08:43 AM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883
 
Error: (03/16/2016 04:24:36 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: SystemThe parameter is incorrect. (0x80070057)
 
Error: (03/15/2016 03:00:53 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: SystemThe parameter is incorrect. (0x80070057)
 
Error: (03/14/2016 04:17:15 PM) (Source: Application Error)(User: )
Description: JustCause2.exe1.0.0.24c1b5791JustCause2.exe1.0.0.24c1b5791c0000005000ec58223b401d17e47685559a7D:\SteamLibrary\steamapps\common\Just Cause 2\JustCause2.exeD:\SteamLibrary\steamapps\common\Just Cause 2\JustCause2.exee3567578-ea3a-11e5-8296-fcaa14310c61
 
Error: (03/13/2016 05:14:36 PM) (Source: Application Error)(User: )
Description: GWX_control_panel.exe1.7.2.056a50511GWX_control_panel.exe1.7.2.056a50511c00000050014799116a001d17d866465ace9C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exeC:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exebbce199f-e979-11e5-8295-fcaa14310c61
 
Error: (03/09/2016 08:44:46 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: SystemThe parameter is incorrect. (0x80070057)
 
Error: (03/08/2016 04:32:12 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: SystemThe parameter is incorrect. (0x80070057)
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-02-20 15:39:01.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-20 15:39:00.848
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-20 14:08:23.308
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-20 14:08:23.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-18 20:42:20.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-18 20:42:20.838
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-18 20:42:13.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-18 20:42:12.943
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-14 10:25:29.432
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-14 10:25:29.277
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2015 (HKLM-x32\...\{31390329-FFF0-11E4-85AD-AF2C4143F080}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
AdventureQuest 3D (HKLM-x32\...\Steam App 429790) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoHotkey 1.1.22.02 (HKLM\...\AutoHotkey) (Version: 1.1.22.02 - Lexikos)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.25.1378 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.25.1378 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dxtory version 2.0.128 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.128 - ExKode Co. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.49 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
how do you Do It? (HKLM-x32\...\Steam App 353360) (Version:  - Nina Freeman)
iBackupBot 5.3.5 (HKLM-x32\...\iBackupBot) (Version: 5.3.5 - VOWSoft, Ltd.)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iCopyBot for Windows 7.9.8 (HKLM-x32\...\iCopyBot for Windows) (Version: 7.9.8 - VOWSoft, Ltd.)
IdleMaster (HKCU\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 6.0.1 - JPEXS)
Just Cause 2 (HKLM\...\Steam App 8190) (Version:  - Avalanche Studios)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\{380ED03E-FBF6-4927-9F0D-82F34C949E93}) (Version: 2.2.0.420 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.420 - LogMeIn, Inc.)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.1 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Sakura Clicker (HKLM-x32\...\Steam App 383080) (Version:  - Winged Cloud)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
TwitchAlerts (HKCU\...\fb3f6ca9b67f53a3) (Version: 1.0.0.8 - TwitchAlerts)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSDC Free Video Editor version 3.1.0.354 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.1.0.354 - Flash-Integro LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/27/2014 100.1.0.0) (HKLM\...\1D8A20A244A54F5B2205DA2E74E00AB42CE9C3C3) (Version: 10/27/2014 100.1.0.0 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/27/2014 100.1.0.0) (HKLM\...\6EFF38D5C9DAEBC02D00EDAC1B0EBFE09DF3CF76) (Version: 10/27/2014 100.1.0.0 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/27/2014 100.1.0.0) (HKLM\...\703C503DB153791AFD1609E2315BDA63FB883721) (Version: 10/27/2014 100.1.0.0 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/27/2014 100.1.0.0) (HKLM\...\FB798FEEF8815896BACE053F2CACE979AC7FA12D) (Version: 10/27/2014 100.1.0.0 - MakerBot Industries, LLC)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.15-1 - Bitnami)
X-Mouse Button Control 2.9.2 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.9.2 - Highresolution Enterprises)
 
========================= Devices: ================================
 
Name: ASUS DRW-24F1ST   b
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: SCSI\CDROM&VEN_ASUS&PROD_DRW-24F1ST___B\4&2FA9684C&0&030000
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 15%
Total physical RAM: 24440.97 MB
Available physical RAM: 20711.82 MB
Total Virtual: 42112.66 MB
Available Virtual: 37728.46 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:111.3 GB) (Free:3.28 GB) NTFS
2 Drive d: (My Passport) (Fixed) (Total:931.48 GB) (Free:875.56 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HARRISON
 
Administrator            Guest                    Harrison                 
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
 
**** End of log ****


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:11 PM

Posted 25 March 2016 - 01:05 PM

harristhrow:

Thank you for your MiniToolBox scan log.
 

1 Drive c: (Windows) (Fixed) (Total:111.3 GB) (Free:3.28 GB) NTFS


There is no question that the biggest problem for your computer that I see is a lack of free space on the C:\ drive. On that size of drive, Windows would want at least 11 GB free and would be much more content with 15 to 20 GB free.

Do you know what is consuming the hard disk space? If there are a lot of photos, videos, music, and such, can you move those files off of the C:\ drive to your other internal drive, which has lots of free space. I am guessing that your C:\ drive is an SSD.

The MiniToolBox log states that your primary hard drive is only 111 GB. That is pretty tight space for Windows 7, 8.1, and 10. Add some restore points to the operating system (OS) files, and you don't have a lot of space left to play with. The most obvious solution is to purchase and install a bigger drive, preferably 250 GB or more.

But first let's see what we can do to improve your free space:


:step1: Let's download and install the free version of CCleaner by Piriform to see how much space is being consumed by temporary files. Download it here.

Click on "Run Cleaner"

Please note how many MB or GB it reports as having been cleaned and post that number in your next reply.

Note: If your computer is not a high performance rig and there are a lot of temporary files, it could take some time for the cleaning to complete. Please be patient.

Do NOT use the Registry Cleaner module. The use of registry cleaners is NOT recommended by Bleeping Computer and by Microsoft (among others).


:step2: Let's download and install Windirstat. It is free and can be downloaded here.

It could take several minutes for it to generate its statistics and images. This program will show you how much space is being consumed by what types of files.

We want to free up at least 15 to 20 GB to keep Windows happy, and more free space would be better.

The MiniToolBox log error entries show that there are issues being caused by the lack of free space (Volume Shadow Service, defragmentation).


The MiniToolBox log is also showing a problem with your optical drive.
 

Name: ASUS DRW-24F1ST b
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: SCSI\CDROM&VEN_ASUS&PROD_DRW-24F1ST___B\4&2FA9684C&0&030000
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


I think that we should first deal with the free space issue, and once that is resolved, see what can be done about your optical drive.

If you could use the Windows Snipping Tool to make an image of the Windirstat screen, that would be very helpful. Unfortunately, uploads here are limited to 250 KB, so you would probably have to upload the image to Dropbox, Sendspace, or one of the other free cloud storage sites and send me a link so I could have a look at it. If you need instructions on using the Snipping Tool, please ask.

Have a great day.

Regards,
-Phil

Edited by garioch7, 25 March 2016 - 01:07 PM.

Member of the Unified Network of Instructors and Trusted Eliminators


#5 harristhrow

harristhrow
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 25 March 2016 - 01:31 PM

I had actually posted a while ago about the space issue, which can be seen here http://www.bleepingcomputer.com/forums/t/604737/my-hdd-has-disappeared-or-is-unrecognizable/, but I didn't really expect any answers because of how obscure this issue was. If I am correct, there should be images in that post regarding the drive issues that I am encountering, but not about WinDirStat.

 

1,917 MB cleaned, 9 seconds

 

WinDir screen http://i.imgur.com/xsISGz2.png



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:11 PM

Posted 25 March 2016 - 02:45 PM

harristhrow:
 
Thank you for your post and for the Windirstat image.  You seem pretty good with computers.  We have all sorts of folks here, some who only know where the power button is! :)

Well you only had just shy of 2 GB in temporary files. Not enough.
 
My mistake, though, I wanted just the C:\ drive Windirstat map, not the Windirstat map for both drives.  I should have thought to tell you that.
 
Here is what my C:\ drive Windirstat map looks like: https://www.sendspace.com/file/0fm4bb.

You have just over 50 GB in BUNDLE, .vpk, and .bsp files showing in your map. Are those all on your C:\ drive? From what little I understand (I am not an Apple fan), BUNDLE files are related to a MAC OS. Is this a dual boot computer?

And again, from what little I understand, .vpk and .bsp files are related to games.

Your Windirstat map shows 9.4 GB allocated to "Local Disk". If you check my my Windirstat map, I only have 1.4 GB so allocated on my C:\ drive.

Would you be kind enough to run another Windirstat for just Drive C:\ and post the link to that?

Thanks, and have a great day.

Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#7 harristhrow

harristhrow
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 25 March 2016 - 02:57 PM

This is not a dual boot computer; I do not know what the .BUNDLE extensions are for and where they came from. 

 

Here is the C:\ WinDir image- http://i.imgur.com/EDNxT1Z.jpg

 

Would also like to note that after the Windows Update my PC is really slow and choppy, with audio cracking from time to time and programs take 5 seconds more to run. Of course, AVs do not detect anything, and all are up to date.


Edited by harristhrow, 25 March 2016 - 09:24 PM.


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:11 PM

Posted 26 March 2016 - 11:09 AM

harristhrow:

The .BUNDLE files do not appear on your C: drive Windirstat map, so they must be on your other internal drive.

 

You do have almost 14 GB in .vsk and .bsp files and another 2.7 GB in .unity3d files.

Do you need those files on your C: drive? Moving them to your other drive would free up enough space to make Windows much happier.

The computer symptoms that you are reporting are entirely consistent with Windows lacking adequate free space to function properly.  To have a good computer experience, you will need to free up some additional space on the C: drive; or, invest in a new, and larger, drive.

 

Based on the fact that you report scanning your drives with good anti-virus and anti-malware software, I see no reason to believe that your computer is infected.  I also see that you scanned with AdwCleaner.

 

I am not sure that I can be of further assistance to you with the free space issue.  The bottom line is that your C: drive currently has too little free space to permit Windows to function normally.

 

Have you gotten your CD-ROM drive functioning?  The MiniToolBox scan reported that it was not functioning and provided some "repair" steps that you could try.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 harristhrow

harristhrow
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 28 March 2016 - 10:49 PM

Sorry for the late reply,

 

I am fairly certain that the CD drive can be reconfigured once I reset the registry key for it. As I don't have much of a use for a disk drive, I feel as if that would be the least of my concerns. Right now I am working on the whole disk space issue, and thank you for your help :)

 

The reason why I haven't suspected that it might be the disk space is because I have been doing what I usually would do when the disk space available was a mere 4-8 GB, and what I would usually do is to watch videos while simultaneously browsing sites. Plus, it certainly does not explain how the disk drive became suddenly full, from a 17 GB drive to a 0 GB one, which an additional "NTFS" indicator that wasn't even there before. Even before the Windows Update, a day before, I was experiencing stuttering when a video was playing and when I was loading a page. It just seems to have gotten worse a few days later. 

 

I can note that-

 

It is not an issue with my internet connection; all videos actually load quite fast. However, midway, if I were to load something on another tab, the video would then stutter and "crack".

This began after I installed Malwarebytes Anti-Exploit, but even when I disable exploit protection, this issue still occurs, so it might not be with the Anti-Exploit.

This might be just an issue with Google Chrome itself. I have considered wiping my user profile to generate a new one, but since it happens when anything resource intensive happens, I feel like it would have to deal with something else.

No suspicious services or processes are running in memory. I have not used Process Explorer to examine each process one by one, but I can say that all the processes being run are legitimate. No processes have excessive CPU usage or memory usage, except Chrome on some occasions, which is expected.

 

If it helps, some things I have found suspicious is that-

 

I haven't noticed Google Chrome update in a long time. If I check for updates, it says it is currently up to date. My version is Version 50.0.2661.49 beta-m (64-bit).

Google Chrome will occasionally unfocus if left alone for a few minutes. If I were to open a new tab and leave it there, the browser will unfocus and would appear to "unload", making the entire tab white except a few parts. Hovering over those missing spots will reload that area.

My mouse cursor will hang on rare occasions. It's not a big deal, but it's certainly strange as I was not experiencing this before.

If I switch tabs at a very consistent speed, I can recreate the stuttering and cracking I am experiencing. This also did not happen before.

The disk will randomly increase and decrease in size. Say I have 8.06 GB as of right now, and now it is down to 7.94 GB in less than 20 minutes. No files have been downloaded.

 

Of course, I do weekly scans with my antivirus products, including second-opinion scanners, all are up to date.



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:11 PM

Posted 29 March 2016 - 05:17 AM

harristhrow:

 

Thank you for your post.  I don't think that your computer issues are related to malware.

 

Your primary issue is a lack of free space.  Windows requires a minimum of 10 to 15 percent of the primary OS drive to be free space.  Windows is constantly creating temporary files, caching, and doing all sorts of "behind the scenes" work; consequently, your free space will vary, and sometimes significantly, if you are doing resource-intensive work like editing videos and photos.  That type of computer activity requires the creation of large temporary files.

 

Personally I would avoid using beta versions of products in a "production" environment, unless you are prepared to deal with unexpected, and possibly catastrophic issues.  The current "official" version of Chrome, as of today, is 49.0.2623.110m.

 

The bottom line is that you need to free up at least 12 to 15 GB on your C: drive.  Your Windows installation is just plain and simply running out of space.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users