Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

scammed by fake ms support popup


  • This topic is locked This topic is locked
14 replies to this topic

#1 casmik

casmik

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:28 PM

Posted 08 December 2016 - 11:32 AM

Had to reset laptop which is an Acer Aspire 5250 and reinstall windows 10, this laptop was bought at a pawn shop with this version of windows that can't be activated but besides an annoying pop up once in a while that's not a big deal.  Since reinstalling windows 10 after the reset, the laptop worked great for a couple hours and then started having various issues with processes not running.  I am unable to connect to the internet at all on it currently.  I am posting the Farbar logs to see if you can help me figure this out.  Thanks in advance for any assistance!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by jecar (administrator) on DESKTOP-03G8JHM (08-12-2016 10:12:45)
Running from F:\
Loaded Profiles: jecar (Available Profiles: defaultuser0 & jecar)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) F:\FRST (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2484424 2016-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527368 2016-04-14] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-22] (Advanced Micro Devices, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-06] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default [2016-12-08]
CHR Extension: (Google Slides) - C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-06]
CHR Extension: (Google Docs) - C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-06]
CHR Extension: (Google Drive) - C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-06]
CHR Extension: (YouTube) - C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-06]
CHR Extension: (Google Sheets) - C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-06]
CHR Extension: (Gmail) - C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\jecar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-06]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [124616 2016-08-06] (ELAN Microelectronics Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\WINDOWS\System32\drivers\athw8.sys [3228672 2016-07-16] (Qualcomm Atheros Communications, Inc.)
R3 ETD; C:\WINDOWS\System32\drivers\ETD.sys [514760 2016-08-06] (ELAN Microelectronics Corp.)
S3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [55104 2016-04-14] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WirelessButtonDriver86; C:\WINDOWS\System32\drivers\WirelessButtonDriver86.sys [29792 2016-04-14] (HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-08 10:12 - 2016-12-08 10:12 - 00000000 ____D C:\FRST
2016-12-07 20:16 - 2016-12-07 20:16 - 00000000 ____D C:\Users\jecar\AppData\Local\PeerDistRepub
2016-12-07 00:03 - 2016-12-07 00:03 - 00504024 _____ C:\Users\jecar\Downloads\MOV_1389.3gp
2016-12-06 20:00 - 2016-12-06 20:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-06 20:00 - 2016-12-06 20:00 - 138444440 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-06 18:28 - 2016-12-06 18:28 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2016-12-06 18:28 - 2016-12-06 18:28 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2016-12-06 18:28 - 2016-12-06 18:28 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2016-12-06 18:28 - 2016-12-06 18:28 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2016-12-06 18:28 - 2016-12-06 18:28 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2016-12-06 18:28 - 2016-12-06 18:28 - 00000000 ____D C:\Users\defaultuser0
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Default\My Documents
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\Default User
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Users\All Users
2016-12-06 18:27 - 2016-12-06 18:27 - 00000000 _SHDL C:\Documents and Settings
2016-12-06 18:17 - 2016-12-06 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-12-06 18:17 - 2016-12-06 18:17 - 00000000 ____D C:\ProgramData\AMD
2016-12-06 18:16 - 2016-12-06 18:17 - 00000000 ____D C:\Program Files\ATI Technologies
2016-12-06 18:16 - 2016-12-06 18:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-06 18:15 - 2016-12-06 18:15 - 00000000 ____D C:\Program Files\AMD
2016-12-06 18:15 - 2016-12-06 18:15 - 00000000 ____D C:\AMD
2016-12-06 18:15 - 2016-12-06 18:15 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-12-06 18:14 - 2016-12-06 18:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-12-06 18:12 - 2016-12-06 18:12 - 00000000 ____D C:\ProgramData\USOShared
2016-12-06 18:10 - 2016-12-08 09:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-06 18:10 - 2016-12-08 09:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-06 18:10 - 2016-12-06 18:10 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-12-06 18:09 - 2016-12-07 18:52 - 00192880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-06 17:39 - 2016-12-06 17:40 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-12-06 17:39 - 2016-12-06 17:39 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-12-06 17:39 - 2016-12-06 16:33 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-06 17:38 - 2016-12-06 17:55 - 00000000 ____D C:\Windows.old
2016-12-06 17:38 - 2016-12-06 17:38 - 00000000 ___HD C:\OneDriveTemp
2016-12-06 17:38 - 2016-07-16 02:25 - 00000001 ___SH C:\BOOTNXT
2016-12-06 17:37 - 2016-12-06 17:37 - 00000000 ____D C:\Program Files\Synaptics
2016-12-06 17:37 - 2016-12-06 17:37 - 00000000 ____D C:\Program Files\HP
2016-12-06 17:36 - 2016-12-06 17:37 - 00000000 ____D C:\Program Files\Elantech
2016-12-06 17:36 - 2016-12-06 17:36 - 00000000 ____D C:\WINDOWS\Setup
2016-12-06 17:32 - 2016-12-06 17:32 - 00000000 ____D C:\WINDOWS\OCR
2016-12-06 17:32 - 2016-12-06 17:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-12-06 17:32 - 2016-12-06 17:32 - 00000000 ____D C:\Program Files\MSBuild
2016-12-06 17:30 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-12-06 17:30 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-12-06 17:30 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-12-06 17:30 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-12-06 17:30 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\system32\0409
2016-12-06 17:30 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-12-06 17:30 - 2016-12-06 17:15 - 00407720 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-12-06 17:24 - 2016-10-28 17:56 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-12-06 17:24 - 2016-10-28 17:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-12-06 17:23 - 2016-12-06 17:23 - 00002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-06 17:23 - 2016-12-06 17:23 - 00002288 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-06 17:22 - 2016-12-06 17:57 - 00000000 ____D C:\Users\jecar\AppData\Local\Google
2016-12-06 17:22 - 2016-12-06 17:34 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-06 17:22 - 2016-12-06 17:34 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-06 17:22 - 2016-12-06 17:23 - 00000000 ____D C:\Program Files\Google
2016-12-06 17:22 - 2016-12-06 17:22 - 01065376 _____ (Google Inc.) C:\Users\jecar\Downloads\ChromeSetup.exe
2016-12-06 17:20 - 2016-12-08 09:54 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-06 17:20 - 2016-12-07 19:03 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-06 17:20 - 2016-12-07 19:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ___RD C:\Program Files\Windows Defender
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\system32\setup
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\Provisioning
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-12-06 17:20 - 2016-12-07 18:49 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-12-06 17:20 - 2016-12-07 18:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-12-06 17:20 - 2016-12-07 18:46 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-12-06 17:20 - 2016-12-06 18:20 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-06 17:20 - 2016-12-06 18:17 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-12-06 17:20 - 2016-12-06 18:17 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-12-06 17:20 - 2016-12-06 18:12 - 00000000 ____D C:\ProgramData\USOPrivate
2016-12-06 17:20 - 2016-12-06 17:39 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-12-06 17:20 - 2016-12-06 17:32 - 00000000 ____D C:\WINDOWS\SystemApps
2016-12-06 17:20 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-12-06 17:20 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-12-06 17:20 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\system32\Com
2016-12-06 17:20 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\IME
2016-12-06 17:20 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\Help
2016-12-06 17:20 - 2016-12-06 17:30 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-06 17:20 - 2016-12-06 17:30 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\Web
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\Vss
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\tracing
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\TAPI
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\SystemResources
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\ras
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\IME
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\ias
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\DDFs
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\System
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\SKB
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\security
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\schemas
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\SchCache
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\Resources
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\RemotePackages
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\Registration
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\PLA
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\Performance
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\Media
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\InputMethod
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\Globalization
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\Cursors
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\Branding
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\addins
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\Users\jecar\AppData\Local\MicrosoftEdge
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\ProgramData\Comms
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\Program Files\Windows NT
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-12-06 17:20 - 2016-12-06 17:20 - 00000000 ____D C:\Program Files\Common Files\Services
2016-12-06 17:20 - 2016-12-06 17:15 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-12-06 17:20 - 2016-12-06 17:15 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-12-06 17:20 - 2016-12-06 17:15 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-12-06 17:20 - 2016-12-06 17:15 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-12-06 17:20 - 2016-12-06 17:15 - 00002577 _____ C:\WINDOWS\system32\config.nt
2016-12-06 17:20 - 2016-12-06 17:15 - 00001688 _____ C:\WINDOWS\system32\autoexec.nt
2016-12-06 17:20 - 2016-12-06 17:15 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-12-06 17:20 - 2016-12-06 17:15 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-12-06 17:20 - 2016-12-06 17:15 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-12-06 17:20 - 2016-12-06 17:15 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-12-06 17:20 - 2016-12-06 17:15 - 00000219 _____ C:\WINDOWS\system.ini
2016-12-06 17:20 - 2016-12-06 17:15 - 00000092 _____ C:\WINDOWS\win.ini
2016-12-06 17:20 - 2016-12-06 16:40 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-12-06 17:20 - 2016-12-06 16:31 - 00000000 ____D C:\WINDOWS\rescache
2016-12-06 17:20 - 2016-12-06 16:30 - 00000000 ____D C:\WINDOWS\system32\spool
2016-12-06 17:20 - 2016-12-06 16:30 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-12-06 17:20 - 2016-12-06 16:29 - 00000000 ____D C:\WINDOWS\CSC
2016-12-06 17:19 - 2016-12-06 17:19 - 00000000 ____D C:\Users\jecar\AppData\Roaming\Skype
2016-12-06 17:18 - 2016-12-07 18:59 - 00000000 ___RD C:\Users\jecar\OneDrive
2016-12-06 17:18 - 2016-12-06 17:20 - 00002373 _____ C:\Users\jecar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-06 17:16 - 2016-12-08 09:57 - 00000000 ____D C:\WINDOWS\INF
2016-12-06 17:14 - 2016-12-06 17:14 - 00000000 ____D C:\Users\jecar\AppData\Local\AMD
2016-12-06 17:13 - 2016-12-06 17:13 - 00000000 ____D C:\Users\jecar\AppData\Roaming\ATI
2016-12-06 17:13 - 2016-12-06 17:13 - 00000000 ____D C:\Users\jecar\AppData\Local\NetworkTiles
2016-12-06 17:13 - 2016-12-06 17:13 - 00000000 ____D C:\Users\jecar\AppData\Local\ATI
2016-12-06 17:13 - 2016-12-06 17:13 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-12-06 17:13 - 2016-12-06 17:13 - 00000000 ____D C:\ProgramData\ATI
2016-12-06 17:12 - 2016-12-06 17:12 - 00000000 ____D C:\Users\jecar\AppData\Local\Comms
2016-12-06 17:11 - 2016-12-07 18:57 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-06 17:11 - 2016-12-06 18:41 - 00000000 ____D C:\Users\jecar\AppData\Local\Packages
2016-12-06 17:11 - 2016-12-06 17:11 - 00000000 ____D C:\Users\jecar\AppData\Roaming\Adobe
2016-12-06 17:11 - 2016-12-06 17:11 - 00000000 ____D C:\Users\jecar\AppData\Local\Publishers
2016-12-06 17:10 - 2016-12-06 17:37 - 00000000 ____D C:\Users\jecar\AppData\Local\ConnectedDevicesPlatform
2016-12-06 17:10 - 2016-12-06 17:10 - 00000000 ____D C:\Users\jecar\AppData\Local\VirtualStore
2016-12-06 17:10 - 2016-12-06 17:10 - 00000000 ____D C:\Users\jecar\AppData\Local\TileDataLayer
2016-12-06 16:57 - 2016-12-06 20:15 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-06 16:42 - 2016-12-08 09:50 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-12-06 16:42 - 2016-12-06 18:12 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-06 16:42 - 2016-12-06 17:30 - 00000000 ____D C:\WINDOWS\servicing
2016-12-06 16:42 - 2016-12-06 17:20 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-12-06 16:42 - 2016-12-06 16:42 - 00000000 ____D C:\$WINDOWS.~BT
2016-12-06 16:41 - 2016-12-06 18:08 - 00000000 ___HD C:\$SysReset
2016-12-06 16:40 - 2016-12-08 09:50 - 00000000 ____D C:\Users\jecar
2016-12-06 16:40 - 2016-12-06 16:40 - 00000020 ___SH C:\Users\jecar\ntuser.ini
2016-12-06 16:40 - 2016-12-06 16:40 - 00000000 _SHDL C:\Users\jecar\My Documents
2016-12-06 16:40 - 2016-12-06 16:40 - 00000000 _SHDL C:\Users\jecar\Documents\My Videos
2016-12-06 16:40 - 2016-12-06 16:40 - 00000000 _SHDL C:\Users\jecar\Documents\My Pictures
2016-12-06 16:40 - 2016-12-06 16:40 - 00000000 _SHDL C:\Users\jecar\Documents\My Music
2016-12-06 16:33 - 2016-12-06 16:35 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2016-12-06 16:33 - 2016-12-06 16:33 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2016-12-06 16:33 - 2016-12-06 16:33 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2016-12-06 16:33 - 2016-12-06 16:33 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2016-12-06 16:32 - 2016-12-08 09:56 - 00997794 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-12 20:31 - 2016-11-02 06:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-12 20:31 - 2016-11-02 05:22 - 06020448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-12 20:31 - 2016-11-02 05:21 - 00570720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-11-12 20:31 - 2016-11-02 05:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-12 20:31 - 2016-11-02 05:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-12 20:31 - 2016-11-02 05:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-12 20:31 - 2016-11-02 05:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-12 20:31 - 2016-11-02 05:05 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-11-12 20:31 - 2016-11-02 05:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-12 20:31 - 2016-11-02 04:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-12 20:31 - 2016-11-02 04:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-12 20:31 - 2016-11-02 04:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-12 20:31 - 2016-11-02 04:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-12 20:31 - 2016-11-02 04:45 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-12 20:31 - 2016-11-02 04:44 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-12 20:31 - 2016-11-02 04:43 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-12 20:31 - 2016-11-02 04:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-12 20:31 - 2016-11-02 04:42 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-12 20:31 - 2016-11-02 04:41 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-12 20:31 - 2016-11-02 04:41 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-12 20:31 - 2016-11-02 04:40 - 01375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-12 20:31 - 2016-11-02 04:39 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-12 20:31 - 2016-11-02 04:38 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-12 20:31 - 2016-11-02 04:37 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-11-12 20:31 - 2016-11-02 04:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-12 20:31 - 2016-11-02 04:32 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-12 20:31 - 2016-11-02 04:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-12 20:31 - 2016-11-02 04:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2016-11-12 20:31 - 2016-11-02 04:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-12 20:31 - 2016-11-02 04:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-12 20:31 - 2016-11-02 04:29 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-12 20:31 - 2016-11-02 04:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-12 20:31 - 2016-11-02 04:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-12 20:31 - 2016-11-02 04:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-12 20:31 - 2016-10-27 21:11 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-12 20:30 - 2016-11-02 06:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-12 20:30 - 2016-11-02 05:24 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-12 20:30 - 2016-11-02 05:24 - 00783552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-12 20:30 - 2016-11-02 05:23 - 00945760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-12 20:30 - 2016-11-02 05:21 - 00276320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-12 20:30 - 2016-11-02 05:09 - 00544088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-12 20:30 - 2016-11-02 05:06 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-12 20:30 - 2016-11-02 05:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-12 20:30 - 2016-11-02 05:01 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-12 20:30 - 2016-11-02 05:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-12 20:30 - 2016-11-02 05:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-12 20:30 - 2016-11-02 04:51 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-12 20:30 - 2016-11-02 04:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-12 20:30 - 2016-11-02 04:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-12 20:30 - 2016-11-02 04:45 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-12 20:30 - 2016-11-02 04:45 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-12 20:30 - 2016-11-02 04:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-12 20:30 - 2016-11-02 04:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-12 20:30 - 2016-11-02 04:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8.dll
2016-11-12 20:30 - 2016-11-02 04:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-12 20:30 - 2016-11-02 04:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-12 20:30 - 2016-11-02 04:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-12 20:30 - 2016-11-02 04:38 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-12 20:30 - 2016-11-02 04:36 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-12 20:30 - 2016-11-02 04:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-12 20:30 - 2016-11-02 04:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-12 20:30 - 2016-11-02 04:33 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-12 20:30 - 2016-11-02 04:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-12 20:30 - 2016-11-02 04:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-12 20:30 - 2016-11-02 04:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-12 20:30 - 2016-11-02 04:28 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-12 20:30 - 2016-11-02 04:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-12 20:30 - 2016-11-02 04:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-12 20:30 - 2016-11-02 04:26 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-12 20:30 - 2016-11-02 04:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-12 20:30 - 2016-11-02 04:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-12 20:30 - 2016-11-02 03:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-12 20:29 - 2016-11-02 05:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-12 20:29 - 2016-11-02 05:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-12 20:29 - 2016-11-02 05:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-12 20:29 - 2016-11-02 05:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-12 20:29 - 2016-11-02 05:00 - 00042336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-12 20:29 - 2016-11-02 04:54 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-12 20:29 - 2016-11-02 04:53 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-12 20:29 - 2016-11-02 04:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-12 20:29 - 2016-11-02 04:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-12 20:29 - 2016-11-02 04:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-12 20:29 - 2016-11-02 04:42 - 00322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-12 20:29 - 2016-11-02 04:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-12 20:29 - 2016-11-02 04:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-12 20:29 - 2016-11-02 04:42 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-12 20:29 - 2016-11-02 04:40 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-12 20:29 - 2016-11-02 04:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-12 20:29 - 2016-11-02 04:39 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-12 20:29 - 2016-11-02 04:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-12 20:29 - 2016-11-02 04:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-12 20:29 - 2016-11-02 04:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-12 20:29 - 2016-11-02 04:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-12 20:29 - 2016-11-02 04:36 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-12 20:29 - 2016-11-02 04:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-12 20:29 - 2016-11-02 04:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-12 20:29 - 2016-11-02 04:27 - 01056768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-12 20:29 - 2016-11-02 04:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-12 20:29 - 2016-11-02 04:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-12 20:29 - 2016-11-02 04:26 - 01235968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-12 20:29 - 2016-11-02 04:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-12 20:28 - 2016-11-02 05:23 - 01073816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-12 20:28 - 2016-11-02 05:22 - 01583112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-12 20:28 - 2016-11-02 05:21 - 01957216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-12 20:28 - 2016-11-02 05:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-12 20:28 - 2016-11-02 05:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-12 20:28 - 2016-11-02 05:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-12 20:28 - 2016-11-02 05:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-12 20:28 - 2016-11-02 05:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2016-11-12 20:28 - 2016-11-02 04:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-12 20:28 - 2016-11-02 04:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-12 20:28 - 2016-11-02 04:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-12 20:28 - 2016-11-02 04:46 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-12 20:28 - 2016-11-02 04:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-12 20:28 - 2016-11-02 04:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-12 20:28 - 2016-11-02 04:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-12 20:28 - 2016-11-02 04:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthExt.dll
2016-11-12 20:28 - 2016-11-02 04:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-12 20:28 - 2016-11-02 04:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-12 20:28 - 2016-11-02 04:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-12 20:28 - 2016-11-02 04:42 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-12 20:28 - 2016-11-02 04:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-11-12 20:28 - 2016-11-02 04:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2016-11-12 20:28 - 2016-11-02 04:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-12 20:28 - 2016-11-02 04:40 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-12 20:28 - 2016-11-02 04:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-12 20:28 - 2016-11-02 04:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-12 20:28 - 2016-11-02 04:32 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-12 20:28 - 2016-11-02 04:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-12 20:28 - 2016-11-02 04:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-12 20:28 - 2016-11-02 04:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-12 20:28 - 2016-11-02 04:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-12 20:28 - 2016-11-02 04:26 - 03595776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-12 20:28 - 2016-11-02 04:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-12 20:28 - 2016-11-02 04:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-12 20:28 - 2016-11-02 04:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-12 20:28 - 2016-11-02 04:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-12 20:28 - 2016-11-02 04:26 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-12 20:28 - 2016-11-02 04:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-12 20:28 - 2016-11-02 04:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-12 20:28 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-06 17:38 - 2016-04-14 21:48 - 00008192 __RSH C:\BOOTSECT.BAK
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-06 18:09
 
==================== End of FRST.txt ============================
 
Attached File  Addition.txt   28.8KB   2 downloads


BC AdBot (Login to Remove)

 


#2 casmik

casmik
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:28 PM

Posted 08 December 2016 - 11:53 AM

just figured out his damn wifi switch was off!  lol....



#3 casmik

casmik
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:28 PM

Posted 09 December 2016 - 08:58 PM

He is still having issues with it though if anyone sees anything suspicious could you let me know please? Thank you!

 

casmik



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:28 PM

Posted 10 December 2016 - 10:49 AM

Greetings casmik and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

If you don't have a valid copy of Windows on your system we will be unable to assist you. Do you have a Windows Product Key number attached to the computer?

Out of consideration for you I would like to at least follow up on some non-system warnings in your logs. Please do this.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you have a Windows Product Key?
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 casmik

casmik
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:28 PM

Posted 12 December 2016 - 06:36 PM

thank you so much for the response, i am getting ready to follow your instructions on his computer now and i won't run anything else as instructed by you.  My name is Michele and yes of course you may call me by that.


Edited by casmik, 12 December 2016 - 06:36 PM.


#6 casmik

casmik
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:28 PM

Posted 12 December 2016 - 07:10 PM

Ok Gary here are the results of the GSmart scan...

 
 
 
smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Device Model:     Hitachi HTS545012B9SA00
Serial Number:    090613PB0A00QMGJAZ3B
LU WWN Device Id: 5 000cca 59cc76f1f
Firmware Version: PB1OC64G
User Capacity:    120,034,123,776 bytes [120 GB]
Sector Size:      512 bytes logical/physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 6
Local Time is:    Mon Dec 12 18:03:07 2016 CST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      ( 113) The previous self-test completed having
the read element of the test failed.
Total time to complete Offline 
data collection: (  645) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: (  44) minutes.
SCT capabilities:       (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   095   095   062    Pre-fail  Always       -       655360
  2 Throughput_Performance  0x0005   100   100   040    Pre-fail  Offline      -       0
  3 Spin_Up_Time            0x0007   202   202   033    Pre-fail  Always       -       1
  4 Start_Stop_Count        0x0012   099   099   000    Old_age   Always       -       2930
  5 Reallocated_Sector_Ct   0x0033   095   095   005    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000b   100   100   067    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0005   100   100   040    Pre-fail  Offline      -       0
  9 Power_On_Hours          0x0012   061   061   000    Old_age   Always       -       17290
 10 Spin_Retry_Count        0x0013   100   100   060    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   099   099   000    Old_age   Always       -       2761
191 G-Sense_Error_Rate      0x000a   100   100   000    Old_age   Always       -       0
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       139
193 Load_Cycle_Count        0x0012   074   074   000    Old_age   Always       -       262508
194 Temperature_Celsius     0x0002   148   148   000    Old_age   Always       -       37 (0 54 255 251 0)
196 Reallocated_Event_Count 0x0032   091   091   000    Old_age   Always       -       858
197 Current_Pending_Sector  0x0022   100   100   000    Old_age   Always       -       28
198 Offline_Uncorrectable   0x0008   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x000a   200   200   000    Old_age   Always       -       0
223 Load_Retry_Count        0x000a   100   100   000    Old_age   Always       -       0
 
SMART Error Log Version: 1
ATA Error Count: 219 (device log contains only the most recent five errors)
CR = Command Register [HEX]
FR = Features Register [HEX]
SC = Sector Count Register [HEX]
SN = Sector Number Register [HEX]
CL = Cylinder Low Register [HEX]
CH = Cylinder High Register [HEX]
DH = Device/Head Register [HEX]
DC = Device Command Register [HEX]
ER = Error register [HEX]
ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.
 
Error 219 occurred at disk power-on lifetime: 17268 hours (719 days + 12 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 37 41 93 55 ed  Error: UNC 55 sectors at LBA = 0x0d559341 = 223712065
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 78 00 93 55 e0 00      00:01:51.500  READ DMA EXT
  25 00 78 88 92 55 e0 00      00:01:51.200  READ DMA EXT
  25 00 78 10 92 55 e0 00      00:01:50.300  READ DMA EXT
  25 00 78 98 91 55 e0 00      00:01:49.100  READ DMA EXT
  25 00 78 20 91 55 e0 00      00:01:45.600  READ DMA EXT
 
Error 218 occurred at disk power-on lifetime: 17268 hours (719 days + 12 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 0d 3b 78 55 ed  Error: UNC 13 sectors at LBA = 0x0d55783b = 223705147
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 78 d0 77 55 e0 00      00:00:55.900  READ DMA EXT
  25 00 78 58 77 55 e0 00      00:00:50.100  READ DMA EXT
  25 00 78 e0 76 55 e0 00      00:00:45.500  READ DMA EXT
  25 00 78 68 76 55 e0 00      00:00:45.000  READ DMA EXT
  25 00 78 f0 75 55 e0 00      00:00:44.900  READ DMA EXT
 
Error 217 occurred at disk power-on lifetime: 17252 hours (718 days + 20 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 71 c7 97 56 ed  Error: UNC 113 sectors at LBA = 0x0d5697c7 = 223778759
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 78 c0 97 56 e0 00      00:05:01.000  READ DMA EXT
  25 00 78 48 97 56 e0 00      00:05:00.700  READ DMA EXT
  25 00 78 d0 96 56 e0 00      00:04:57.900  READ DMA EXT
  25 00 61 e7 96 56 ed 04      00:04:57.900  READ DMA EXT
  25 00 78 d0 96 56 e0 00      00:04:53.700  READ DMA EXT
 
Error 216 occurred at disk power-on lifetime: 17252 hours (718 days + 20 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 61 e7 96 56 ed  Error: UNC 97 sectors at LBA = 0x0d5696e7 = 223778535
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 78 d0 96 56 e0 00      00:04:53.700  READ DMA EXT
  25 00 61 e7 96 56 ed 04      00:04:53.700  READ DMA EXT
  25 00 78 d0 96 56 e0 00      00:04:49.500  READ DMA EXT
  25 00 08 c8 96 56 e0 00      00:04:49.400  READ DMA EXT
  25 00 59 e7 96 56 ed 04      00:04:49.400  READ DMA EXT
 
Error 215 occurred at disk power-on lifetime: 17252 hours (718 days + 20 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 61 e7 96 56 ed  Error: UNC 97 sectors at LBA = 0x0d5696e7 = 223778535
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 78 d0 96 56 e0 00      00:04:49.500  READ DMA EXT
  25 00 08 c8 96 56 e0 00      00:04:49.400  READ DMA EXT
  25 00 59 e7 96 56 ed 04      00:04:49.400  READ DMA EXT
  25 00 78 c8 96 56 e0 00      00:04:45.100  READ DMA EXT
  25 00 59 e7 96 56 ed 04      00:04:45.000  READ DMA EXT
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed: read failure       10%     17290         117189811
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

Edited by Oh My!, 13 December 2016 - 09:26 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:28 PM

Posted 13 December 2016 - 09:36 AM

Hi Michele,

Thank you for the information. I removed the Product Key number so it is not available for others to see.

Your hard drive is in very bad shape. Before we do anything else I would strongly encourage you to back up any data you have like music, pictures, documents, etc. There is a very real possibility you could lose access to your data at any time. Here are the values that raise the concern, especially the last 2: 

1 Raw_Read_Error_Rate 0x000b 095 095 062 Pre-fail Always - 655360
196 Reallocated_Event_Count 0x0032 091 091 000 Old_age Always - 858
197 Current_Pending_Sector 0x0022 100 100 000 Old_age Always - 28


Let me know when you have done that and then we can figure out what to do next.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 casmik

casmik
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:28 PM

Posted 14 December 2016 - 05:31 PM

Ok i put everything he wanted to save onto a flash drive, which luckily wasn't a lot so we can continue on.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:28 PM

Posted 14 December 2016 - 08:48 PM

OK, glad your files are safe.

We may not be able to overcome some of the issues because of the state of your hard drive. Are you planning on purchasing another hard drive soon?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 casmik

casmik
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:28 PM

Posted 17 December 2016 - 05:57 PM

Wasn't really planning on buying a new one but i do have another one i could possible try in it, should we try to save this one at all first?



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:28 PM

Posted 17 December 2016 - 07:07 PM

I don't see us having much success and even if we did it won't be very long before more issues arise, up to and including the inability to access the drive.


Do you have a Windows 10, 32 bit Operating System installation disk?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 casmik

casmik
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:28 PM

Posted 18 December 2016 - 12:55 AM

I do not believe i do, but i am not sure about that, i had done the update to windows 10 on this other laptop he had but the lid was broken on it and the power plug was busted among other things which is why he ended up buying this other one at the pawn shop, i don't guess i can just take that hard drive and put it in the laptop that has the failing hard drive can i? i mean won't i have trouble with the windows 10 installation being valid or activated or something since it will be with all different hardware?  it actually doesn't really matter to him what installation of windows is on there, he isn't really choosy about that, as long as he can check his email and get on the net he is fine that's about all he does....lol.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:28 PM

Posted 18 December 2016 - 09:32 AM

Greetings,

Just inserting another computer hard drive is not a viable option.

Please visit this page. This is where you start if you want to download a copy of Windows 10 32 bit Operating System, provided your product key is determined to be valid. Expand the Using the tool to create installation media (USB flash drive, DVD, or ISO file) to install Windows 10 on a different PC (click to show more or less information) section and read through that before selecting Download tool now. Let me know if you are able to download the Windows installation file. We will just start with that before doing anything else.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:28 PM

Posted 21 December 2016 - 10:22 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,009 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:28 PM

Posted 23 December 2016 - 11:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users