Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Freezes and Program Shutdowns


  • This topic is locked This topic is locked
21 replies to this topic

#1 goldmine848

goldmine848

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 12 March 2017 - 03:54 PM

I have experiencing program freezes and shutdowns and computer reboots.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
Ran by Andrew (administrator) on ANDREW-LAPTOP (12-03-2017 16:45:50)
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMSE.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-10-04] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-10-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [530560 2016-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [239744 2016-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3454199028-3637297230-662541398-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMSE.EXE [298560 2014-03-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3454199028-3637297230-662541398-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
HKU\S-1-5-21-3454199028-3637297230-662541398-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{87988F15-9CCB-4B3C-9C5E-7684BB7DAA1B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B13F6E72-A332-4F1E-ACF8-DBD9016EACA3}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKU\S-1-5-21-3454199028-3637297230-662541398-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://testdesktop.saulewingllp.com/vpn/index.html
SearchScopes: HKU\S-1-5-21-3454199028-3637297230-662541398-1000 -> DefaultScope {FCD8E5BE-588C-4276-885A-D0D59BF6DCF3} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3454199028-3637297230-662541398-1000 -> {FCD8E5BE-588C-4276-885A-D0D59BF6DCF3} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150331191826.dll [2015-03-31] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150331191826.dll [2015-03-31] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: ypvbo88o.default
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ypvbo88o.default [2017-03-12]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (IDS_SS_NAME) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-03-31] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-04-25] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={5D7E7D3B-8E7D-11E2-8BE1-F04DA28675A1}
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Google Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]
CHR Extension: (Chrome Refresh) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifhnlnghddfdaccgbbpbhjfkmncekmn [2015-04-10]
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]
CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2017-02-23]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Norton Safe) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] ()
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2015-03-31] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2015-03-31] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ENWLS; D:\Network\EpsonNetSetup\ENWLS.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2015-03-31] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2015-03-31] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2015-03-31] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2015-03-31] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2015-03-31] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 16:45 - 2017-03-12 16:46 - 00020297 _____ C:\Users\Andrew\Downloads\FRST.txt
2017-03-12 16:45 - 2017-03-12 16:45 - 00000000 ____D C:\FRST
2017-03-12 16:44 - 2017-03-12 16:44 - 02424832 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2017-03-12 16:10 - 2017-03-12 16:10 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-12 16:10 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-03-12 13:43 - 2017-03-12 16:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-12 13:43 - 2017-03-12 16:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-12 13:43 - 2017-03-12 13:43 - 00001436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-12 13:43 - 2017-03-12 13:43 - 00001424 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-03-12 13:43 - 2017-03-12 13:43 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-03-12 13:43 - 2017-03-12 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-12 13:43 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-03-12 13:18 - 2017-03-12 13:18 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Andrew\Downloads\spybot-2.4.exe
2017-03-12 07:05 - 2017-03-12 07:06 - 218394019 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_12.pdf
2017-03-12 06:14 - 2017-03-12 06:14 - 02191880 _____ (Bytelayer AB ) C:\Users\Andrew\Downloads\TrojanHunterSetup.exe
2017-03-12 06:14 - 2017-03-12 06:14 - 02191880 _____ (Bytelayer AB ) C:\Users\Andrew\Downloads\TrojanHunterSetup (1).exe
2017-03-12 06:14 - 2017-03-12 06:14 - 00001100 _____ C:\Users\Andrew\Desktop\TrojanHunter.lnk
2017-03-12 06:14 - 2017-03-12 06:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2017-03-11 09:35 - 2017-03-11 09:35 - 15206192 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_11.pdf
2017-03-11 09:35 - 2017-03-11 09:35 - 09038293 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_12.pdf
2017-03-10 10:24 - 2017-03-10 10:24 - 25548482 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_10.pdf
2017-03-10 10:24 - 2017-03-10 10:24 - 13031896 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_10.pdf
2017-03-09 08:50 - 2017-03-09 08:50 - 20907693 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_09.pdf
2017-03-09 08:50 - 2017-03-09 08:50 - 09371209 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_09.pdf
2017-03-08 08:59 - 2017-03-08 08:59 - 16660232 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_08.pdf
2017-03-08 08:59 - 2017-03-08 08:59 - 08289191 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_08.pdf
2017-03-07 10:22 - 2017-03-07 10:22 - 12695945 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_07.pdf
2017-03-07 10:22 - 2017-03-07 10:22 - 07618286 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_07.pdf
2017-03-06 20:07 - 2017-03-06 20:07 - 00057454 _____ C:\Users\Andrew\Downloads\20170306151624 (1).PDF
2017-03-06 16:19 - 2017-03-06 16:19 - 00057454 _____ C:\Users\Andrew\Downloads\20170306151624.PDF
2017-03-06 08:49 - 2017-03-06 08:49 - 13540607 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_06.pdf
2017-03-06 08:49 - 2017-03-06 08:49 - 09233017 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_06.pdf
2017-03-05 08:13 - 2017-03-05 08:14 - 231644541 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_05.pdf
2017-03-04 09:21 - 2017-03-04 09:21 - 12118397 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_04.pdf
2017-03-04 09:20 - 2017-03-04 09:20 - 08021313 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_05.pdf
2017-03-03 15:15 - 2017-03-03 15:15 - 00072495 _____ C:\Users\Andrew\Downloads\20170303090940.PDF
2017-03-03 09:24 - 2017-03-03 09:24 - 19836889 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_03.pdf
2017-03-03 09:24 - 2017-03-03 09:24 - 11508042 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_03.pdf
2017-03-02 17:18 - 2017-03-02 17:18 - 00488837 _____ C:\Users\Andrew\Downloads\dhs letter 1_20170302131552.pdf
2017-03-02 17:02 - 2017-03-02 17:02 - 00364792 _____ C:\Users\Andrew\Downloads\20170302160658.PDF
2017-03-02 09:04 - 2017-03-02 09:04 - 18796003 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_02.pdf
2017-03-02 09:04 - 2017-03-02 09:04 - 07870959 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_02.pdf
2017-03-01 21:16 - 2017-03-01 21:16 - 00305796 _____ C:\Users\Andrew\Downloads\MV6707_CitiCore_0816.pdf
2017-03-01 21:16 - 2017-03-01 21:16 - 00305796 _____ C:\Users\Andrew\Downloads\MV6707_CitiCore_0816 (1).pdf
2017-03-01 14:39 - 2017-03-03 14:44 - 00000000 ____D C:\Users\Andrew\Desktop\PECO
2017-03-01 09:26 - 2017-03-01 09:27 - 13447756 _____ C:\Users\Andrew\Downloads\PHQP_2017_03_01.pdf
2017-03-01 09:26 - 2017-03-01 09:26 - 08403612 _____ C:\Users\Andrew\Downloads\PHDN_2017_03_01.pdf
2017-02-28 08:48 - 2017-02-28 08:48 - 00287892 _____ C:\Users\Andrew\Downloads\Staples Scan.pdf
2017-02-28 08:37 - 2017-02-28 08:37 - 13027865 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_28.pdf
2017-02-28 08:37 - 2017-02-28 08:37 - 08496369 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_28.pdf
2017-02-27 20:48 - 2017-02-27 20:48 - 01250173 _____ C:\Users\Andrew\Downloads\BP17-08%28Aetna%29.pdf
2017-02-27 14:59 - 2017-02-27 15:00 - 13789664 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_27 (4).pdf
2017-02-27 14:59 - 2017-02-27 14:59 - 13789664 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_27 (3).pdf
2017-02-27 14:40 - 2017-02-27 14:57 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\BatteryBar
2017-02-27 14:40 - 2017-02-27 14:40 - 01318648 _____ C:\Users\Andrew\Downloads\BatteryBarSetup-3.6.6 (1).exe
2017-02-27 14:40 - 2017-02-27 14:40 - 00000000 ____D C:\Program Files\BatteryBar
2017-02-27 14:39 - 2017-02-27 14:40 - 01318648 _____ C:\Users\Andrew\Downloads\BatteryBarSetup-3.6.6.exe
2017-02-27 13:12 - 2017-02-27 13:12 - 13789664 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_27 (2).pdf
2017-02-27 13:04 - 2017-02-27 13:04 - 13789664 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_27 (1).pdf
2017-02-27 13:04 - 2017-02-27 13:04 - 09432972 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_27 (1).pdf
2017-02-27 08:55 - 2017-02-27 08:55 - 13789664 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_27.pdf
2017-02-27 08:55 - 2017-02-27 08:55 - 09432972 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_27.pdf
2017-02-26 22:05 - 2017-02-26 22:05 - 00632235 _____ C:\Users\Andrew\Downloads\02-22-2017 (1).pdf
2017-02-26 16:46 - 2017-02-26 16:46 - 00637590 _____ C:\Users\Andrew\Downloads\12-22-2016.pdf
2017-02-26 16:40 - 2017-02-26 16:40 - 00871537 _____ C:\Users\Andrew\Downloads\02-07-2017.pdf
2017-02-26 16:39 - 2017-02-26 16:39 - 00632211 _____ C:\Users\Andrew\Downloads\01-23-2017.pdf
2017-02-26 16:34 - 2017-02-26 16:34 - 00856664 _____ C:\Users\Andrew\Downloads\01-06-2017 (1).pdf
2017-02-26 16:30 - 2017-02-26 16:30 - 00632236 _____ C:\Users\Andrew\Downloads\02-22-2017.pdf
2017-02-26 07:56 - 2017-02-26 07:57 - 222237032 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_26.pdf
2017-02-25 07:10 - 2017-02-25 07:10 - 10990625 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_25.pdf
2017-02-25 07:10 - 2017-02-25 07:10 - 09172425 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_26.pdf
2017-02-24 19:58 - 2017-02-24 19:59 - 33184834 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_24 (1).pdf
2017-02-24 06:49 - 2017-02-24 06:50 - 33184834 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_24.pdf
2017-02-24 06:49 - 2017-02-24 06:49 - 11075795 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_24 (4).pdf
2017-02-24 06:45 - 2017-02-24 06:46 - 11075795 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_24 (3).pdf
2017-02-24 06:45 - 2017-02-24 06:45 - 11075795 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_24 (2).pdf
2017-02-24 06:44 - 2017-02-24 06:44 - 11075795 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_24 (1).pdf
2017-02-24 06:43 - 2017-02-24 06:43 - 11075795 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_24.pdf
2017-02-23 21:54 - 2017-02-23 21:54 - 00000045 _____ C:\Windows\ET-4550.ini
2017-02-23 21:51 - 2017-03-12 15:51 - 00000911 _____ C:\Windows\Tasks\EPSON ET-4550 Series Update {1285ACBD-7EB2-4DCC-939A-D089C1D43763}.job
2017-02-23 21:51 - 2017-02-23 21:51 - 00003978 _____ C:\Windows\System32\Tasks\EPSON ET-4550 Series Update {1285ACBD-7EB2-4DCC-939A-D089C1D43763}
2017-02-23 21:47 - 2017-02-23 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-02-23 21:47 - 2017-02-23 21:47 - 00000000 ____D C:\Program Files\EPSON
2017-02-23 21:46 - 2017-02-23 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-02-23 21:46 - 2017-02-23 21:46 - 00000975 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-02-23 21:46 - 2017-02-23 21:46 - 00000000 ____D C:\Program Files\EpsonNet
2017-02-23 21:46 - 2014-06-03 01:00 - 00472064 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2017-02-23 21:46 - 2012-05-17 01:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2017-02-23 21:44 - 2014-03-04 15:06 - 00180224 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBMSE.DLL
2017-02-23 21:44 - 2011-03-14 14:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BMSE.DLL
2017-02-23 21:43 - 2017-02-23 21:54 - 00000057 _____ C:\Windows\EpsonCDInstaller.ini
2017-02-23 07:36 - 2017-02-23 07:36 - 20160983 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_23.pdf
2017-02-23 07:36 - 2017-02-23 07:36 - 09111851 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_23.pdf
2017-02-22 15:35 - 2017-02-22 15:36 - 09913809 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_22 (1).pdf
2017-02-22 15:12 - 2017-02-22 15:12 - 00627794 _____ C:\Users\Andrew\Downloads\UFSRW 950AA.PDF
2017-02-22 14:27 - 2017-02-22 14:27 - 18304497 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_22 (2).pdf
2017-02-22 14:27 - 2017-02-22 14:27 - 18304497 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_22 (1).pdf
2017-02-22 08:52 - 2017-02-22 08:52 - 18304497 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_22.pdf
2017-02-22 08:52 - 2017-02-22 08:52 - 09913809 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_22.pdf
2017-02-21 20:26 - 2017-02-21 20:26 - 08544157 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_21 (1).pdf
2017-02-21 20:12 - 2017-02-21 20:13 - 15222000 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_21 (1).pdf
2017-02-21 09:11 - 2017-02-21 09:11 - 15222000 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_21.pdf
2017-02-21 09:11 - 2017-02-21 09:11 - 08544157 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_21.pdf
2017-02-20 09:20 - 2017-02-20 09:20 - 13786367 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_20.pdf
2017-02-20 09:20 - 2017-02-20 09:20 - 09543397 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_20.pdf
2017-02-19 09:51 - 2017-02-19 09:51 - 51632643 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_19.pdf
2017-02-18 09:27 - 2017-02-18 09:27 - 14170324 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_18.pdf
2017-02-18 09:27 - 2017-02-18 09:27 - 09768843 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_19.pdf
2017-02-17 21:58 - 2017-02-17 21:58 - 00002189 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-17 21:58 - 2017-02-17 21:58 - 00000000 ____D C:\Users\Andrew\AppData\LocalLow\Google
2017-02-17 21:58 - 2017-02-17 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-17 21:57 - 2017-02-17 21:57 - 01129376 _____ (Google Inc.) C:\Users\Andrew\Downloads\GoogleEarthSetup.exe
2017-02-17 20:40 - 2017-02-17 20:40 - 12001381 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_17 (2).pdf
2017-02-17 20:36 - 2017-02-17 20:36 - 20421801 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_17 (3).pdf
2017-02-17 20:08 - 2017-02-17 20:08 - 00075480 _____ C:\Users\Andrew\Downloads\20170217145729.PDF
2017-02-17 08:46 - 2017-02-17 08:46 - 12001381 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_17 (1).pdf
2017-02-17 08:45 - 2017-02-17 08:45 - 20421801 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_17 (2).pdf
2017-02-17 08:45 - 2017-02-17 08:45 - 20421801 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_17 (1).pdf
2017-02-17 08:44 - 2017-02-17 08:45 - 20421801 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_17.pdf
2017-02-17 08:44 - 2017-02-17 08:44 - 12001381 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_17.pdf
2017-02-16 19:19 - 2017-02-16 19:19 - 21083818 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_16 (1).pdf
2017-02-16 19:19 - 2017-02-16 19:19 - 09203879 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_16 (1).pdf
2017-02-16 08:50 - 2017-02-16 08:50 - 21083818 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_16.pdf
2017-02-16 08:50 - 2017-02-16 08:50 - 09203879 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_16.pdf
2017-02-15 13:48 - 2017-02-15 13:48 - 00283930 _____ C:\Users\Andrew\Downloads\FCA41A7E-D89E-4AFD-A88B-33AAA3430A41.WAV
2017-02-15 09:21 - 2017-02-15 09:21 - 14116396 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_15.pdf
2017-02-15 09:21 - 2017-02-15 09:21 - 08149500 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_15.pdf
2017-02-14 16:49 - 2017-02-14 16:49 - 00000000 ____D C:\Users\Andrew\AppData\Local\MetaGeek,_LLC
2017-02-14 16:48 - 2017-02-14 16:48 - 00002489 _____ C:\Users\Public\Desktop\inSSIDer Home.lnk
2017-02-14 16:48 - 2017-02-14 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
2017-02-14 16:48 - 2017-02-14 16:48 - 00000000 ____D C:\Program Files (x86)\MetaGeek
2017-02-14 16:47 - 2017-02-14 16:47 - 04767744 _____ C:\Users\Andrew\Downloads\inSSIDer-installer.msi
2017-02-14 10:20 - 2017-02-14 10:20 - 00228352 _____ C:\Users\Andrew\Downloads\20170210152326.PDF
2017-02-14 09:02 - 2017-02-14 09:03 - 09323587 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_14.pdf
2017-02-14 09:02 - 2017-02-14 09:02 - 13571255 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_14.pdf
2017-02-13 09:05 - 2017-02-13 09:05 - 13483499 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_13.pdf
2017-02-13 09:05 - 2017-02-13 09:05 - 09266112 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_13.pdf
2017-02-12 07:49 - 2017-02-12 07:49 - 46208658 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_12.pdf
2017-02-11 07:22 - 2017-02-11 07:22 - 11650819 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_11.pdf
2017-02-11 07:22 - 2017-02-11 07:22 - 08215937 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_12.pdf
2017-02-10 15:29 - 2017-02-10 15:29 - 01672090 _____ C:\Users\Andrew\Downloads\#197 Taking area.pdf
2017-02-10 15:29 - 2017-02-10 15:29 - 01222399 _____ C:\Users\Andrew\Downloads\P13040101ConceptA-0.pdf
2017-02-10 10:42 - 2017-02-10 10:42 - 22369623 _____ C:\Users\Andrew\Downloads\PHQP_2017_02_10.pdf
2017-02-10 10:42 - 2017-02-10 10:42 - 13181338 _____ C:\Users\Andrew\Downloads\PHDN_2017_02_10.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 16:16 - 2009-07-14 00:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-12 16:16 - 2009-07-14 00:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-12 16:15 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-12 16:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-12 16:07 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-12 15:51 - 2014-03-14 12:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-12 06:14 - 2016-09-01 19:27 - 00000000 ____D C:\Program Files (x86)\TrojanHunter
2017-03-12 06:08 - 2015-11-02 17:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-11 22:42 - 2015-05-06 09:56 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\ICAClient
2017-03-11 22:42 - 2015-03-31 20:18 - 00000000 __RHD C:\MSOCache
2017-03-11 22:42 - 2015-03-31 20:16 - 00000000 ____D C:\Users\Andrew
2017-03-11 22:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-03-02 09:28 - 2016-04-10 07:29 - 00000000 ____D C:\Users\Andrew\Desktop\Healthchoices
2017-03-01 15:37 - 2015-05-06 09:56 - 00000000 ____D C:\Users\Andrew\AppData\Local\Citrix
2017-03-01 15:10 - 2016-03-03 15:52 - 00000000 ____D C:\Users\Andrew\Documents\Outlook Files
2017-02-23 22:36 - 2014-03-13 13:19 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 22:33 - 2014-03-13 13:19 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 21:51 - 2015-10-28 10:01 - 00000000 ____D C:\ProgramData\EPSON
2017-02-23 21:49 - 2015-10-28 10:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-23 21:49 - 2015-10-28 10:02 - 00000000 ____D C:\Program Files (x86)\epson
2017-02-23 21:48 - 2015-10-28 10:02 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2017-02-23 21:47 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-02-23 07:23 - 2015-11-21 15:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 16:54 - 2017-01-21 12:07 - 00000000 ____D C:\Users\Andrew\Desktop\2016 Taxes
2017-02-17 21:58 - 2015-03-31 19:39 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-15 22:22 - 2017-01-31 16:48 - 00000000 ____D C:\Users\Andrew\Desktop\Ronnie and Ken
2017-02-14 22:20 - 2015-03-31 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-14 22:18 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2017-02-14 21:51 - 2014-03-14 12:20 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 21:51 - 2014-03-14 12:20 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 21:51 - 2014-03-14 12:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 21:51 - 2014-03-14 12:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 21:51 - 2014-03-14 12:20 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 09:05 - 2016-07-12 15:29 - 00008442 _____ C:\Users\Andrew\Desktop\Loan.xlsx
2017-02-10 17:31 - 2017-02-06 15:43 - 00000000 ____D C:\Users\Andrew\Desktop\Wawa

==================== Files in the root of some directories =======

2016-08-30 19:09 - 2016-08-30 19:09 - 0000093 _____ () C:\Users\Andrew\AppData\Roaming\ARCompanion.log
2015-10-13 12:00 - 2015-10-13 12:01 - 0000115 _____ () C:\Users\Andrew\AppData\Roaming\LogFile.txt
2016-07-30 14:00 - 2016-07-30 14:00 - 0007605 _____ () C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg
2016-01-05 16:26 - 2017-01-21 11:03 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
2006-05-24 13:10 - 2006-05-24 13:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Andrew\AppData\Local\Temp\_is1A72.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 08:19

==================== End of FRST.txt ============================

Attached Files


Edited by Oh My!, 12 March 2017 - 07:53 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 AM

Posted 12 March 2017 - 07:38 PM

Greetings goldmine848 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

There should be an Addition.txt document in your Downloads folder. Please copy and paste that report in your reply. In addition, please do these things.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Addition.txt
  • Attached System Summary report
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 goldmine848

goldmine848
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 12 March 2017 - 08:04 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Andrew (12-03-2017 16:46:45)
Running from C:\Users\Andrew\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-04-01 00:16:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3454199028-3637297230-662541398-500 - Administrator - Disabled)
Andrew (S-1-5-21-3454199028-3637297230-662541398-1000 - Administrator - Enabled) => C:\Users\Andrew
Guest (S-1-5-21-3454199028-3637297230-662541398-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3454199028-3637297230-662541398-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.1000.16 - Citrix Systems, Inc.)
Combined Community Codec Pack 2014-03-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.03.09.0 - CCCP Project)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.107 - Dell)
Dell System Detect (HKU\S-1-5-21-3454199028-3637297230-662541398-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.118 - ALPS ELECTRIC CO., LTD.)
EaseUS Data Recovery Wizard 9.5 (HKLM\...\EaseUS Data Recovery Wizard 9.5_is1) (Version: - EaseUS)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
EPSON ET-4550 Series Printer Uninstall (HKLM\...\EPSON ET-4550 Series) (Version: - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.00.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoPro (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Studio (x32 Version: 5.9.2733 - GoPro, Inc.) Hidden
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Agent (HKLM-x32\...\{DE91C193-2611-4BD3-A9F9-DF589C572565}) (Version: 4.6.0.2292 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Online Plug-in (x32 Version: 14.4.1000.16 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Self-service Plug-in (x32 Version: 4.4.1000.13058 - Citrix Systems, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrojanHunter 6.2 (HKLM-x32\...\TrojanHunter_is1) (Version: 6.2 - Bytelayer AB)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3161988) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{245EB15F-A90C-422B-9D3F-3AEEDF028CCC}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3161988) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{245EB15F-A90C-422B-9D3F-3AEEDF028CCC}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3161988) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{245EB15F-A90C-422B-9D3F-3AEEDF028CCC}) (Version: - Microsoft)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C04316-6AC9-4C66-8278-DC6BE145385F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {0661F935-170D-41DC-8DF3-6C4E70AC24FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {0DEBB742-9C8D-46A7-A71E-7EC24FA93489} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {2CB52DDA-F507-4149-8973-935ADA120D16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {39DCA9AC-32B3-4C31-A9B9-383F0F77FE3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {8141AE99-AC77-4665-AAB6-0EA243CE2B76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {857F8D38-4F62-4877-B773-6EF47860AC47} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {A988E2DD-DB30-49AC-AABC-670759103E34} - System32\Tasks\EPSON ET-4550 Series Update {1285ACBD-7EB2-4DCC-939A-D089C1D43763} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMSE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {CB797FCF-DAAD-4BAA-9332-A2F4D8DC243B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {D2AC7762-D129-43A4-B120-9D2CC6AE1DAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {E13E0813-FE6A-47FE-B15F-335BC32FEECA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {E734F0D7-1CED-4BE1-9FDC-3961170B2E3E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {EF839B9F-954E-445F-B9B0-16B8FB14EE87} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-07-12] (PC-Doctor, Inc.)
Task: {FF248819-B029-41E9-8D3F-3A5C9D138775} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON ET-4550 Series Update {1285ACBD-7EB2-4DCC-939A-D089C1D43763}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMSE.EXE :/EXE:{1285ACBD-7EB2-4DCC-939A-D089C1D43763} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-25 16:15 - 2011-10-04 00:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-05-12 00:39 - 2016-05-12 00:39 - 00037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-08-14 20:08 - 2012-08-14 20:08 - 00150328 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2017-03-12 13:43 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-03-12 13:43 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-03-12 13:43 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-03-12 13:43 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-03-12 13:43 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2017-02-06 19:12 - 2017-02-01 05:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 19:12 - 2017-02-01 05:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-17 15:34 - 2017-02-17 15:34 - 22958672 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-12-23 14:10 - 2016-12-23 14:10 - 00323152 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-09-30 19:36 - 2016-09-30 19:36 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2017-03-12 13:43 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30 [138]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3454199028-3637297230-662541398-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3454199028-3637297230-662541398-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: GoPro Tray App => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2E977F3C-0AEB-4073-9270-82A14414A92C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{D7002B63-60F0-4ABB-9CB4-CDA9258433BC}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{2475FAFE-8861-446F-87AB-5A556BDEC7E7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{1ED580B2-39C2-4000-B4F4-67AA19AA9CA5}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{DDDAE6A8-57FD-4431-A6C3-05C2319F2112}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7B421254-B558-40B6-A286-F1E1287F64EC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{46F9E84D-8420-455B-AAB4-9D227855C0CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D6714A19-AC42-4FE3-9740-20E92A79C672}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{67748BCA-B8DC-4CD8-B340-498D0D0C75DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EEDAB8F2-EC2D-42DB-B3D0-559F302B948A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AE503A05-4901-4E17-A8CC-2185B2C8706A}C:\users\andrew\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\andrew\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{5B1839F8-3D57-40A4-82B7-11D772C96192}C:\users\andrew\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\andrew\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{E7EA231C-11D6-44E7-8F7E-181232A67142}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{0ED66D92-182C-4776-A435-F23E46537295}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{8F15CEF3-D3AF-44C1-A25D-7843D3C914C8}] => (Allow) C:\Users\Andrew\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{629CC074-0A6A-4279-937B-037CE70E3D88}] => (Allow) C:\Users\Andrew\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{7623894D-F023-4EC6-9C81-D9FDC62AC67A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{61B3F409-7BD1-4792-A7EF-710E3A755E0F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7B43F044-A298-4A96-BA69-14CEE5118DA9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{7B324C8E-0E1C-4C35-96D4-2342D4372DBA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{4BF14C4D-BB5A-4E2F-B8F1-D0675ED14CE0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D880B8BB-3665-4961-8D19-F6386B5707D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CA41F1E0-5EF7-4643-A0B4-CC1A341D230B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{4D6C43D1-FBC6-4229-A199-5966384BC645}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{220509E4-57ED-44B6-93D9-F5DF8E5333E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A4C3657A-BB74-457E-AA2D-45AB0269AE5A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe
FirewallRules: [{566C189D-C749-4195-9D9F-3B6CEC7A8B60}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{3D5DBF12-E606-46FF-9AA6-DE378E84320B}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{3195DF31-DCD1-488E-9076-0C87C8A91B6C}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{12379F9A-BF5A-4A77-A7FF-9EB5227C3AD3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4B00A3BA-8BD9-4DE2-B1D1-F6918F109AC0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{2E6CCBC7-A9AF-4DA5-ACAC-6BA53CC87A39}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{03DD3ED9-5735-4712-9F87-EFB8344DC0E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D5131DA9-D6D0-4DF3-8169-79980E828404}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{935ACC27-B063-4ECA-8071-6EF0F9716F61}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4CD1ABBC-FCDE-42DC-B516-A21587E801D2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{01863481-2795-4C88-B496-194AB5F63518}] => (Allow) D:\Network\EpsonNetSetup\ENEASYAPP.EXE
FirewallRules: [{B8292BE4-302D-4ABD-B132-E65809F0CC91}] => (Allow) D:\Network\EpsonNetSetup\ENEASYAPP.EXE
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

23-02-2017 17:39:08 Removed Epson Software Updater
23-02-2017 17:41:58 Removed EpsonNet Print
23-02-2017 21:47:24 Installed FAX Utility
23-02-2017 21:48:57 Installed EPSON Scan PDF Extensions
23-02-2017 22:33:31 Windows Update
28-02-2017 22:01:48 Windows Update
03-03-2017 22:44:57 Windows Update
07-03-2017 22:00:47 Windows Update
10-03-2017 22:23:26 Windows Update
11-03-2017 22:38:26 Restore Operation
11-03-2017 22:48:23 post issue

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2017 04:43:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.6.44.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8c8

Start Time: 01d29b6cf04aae65

Termination Time: 3

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Report Id: 8d28093f-0764-11e7-b55d-c01885d69278

Error: (03/12/2017 04:08:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/12/2017 03:43:32 PM) (Source: McLogEvent) (EventID: 259) (User: NT AUTHORITY)
Description: The scan found detections. Scan engine version 5800.7501 DAT version 8464.

Error: (03/12/2017 01:15:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TrojanHunter.exe version 6.2.0.1062 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d90

Start Time: 01d29b197ffb65c4

Termination Time: 117

Application Path: C:\Program Files (x86)\TrojanHunter\TrojanHunter.exe

Report Id: 73cd06b9-0747-11e7-8618-c01885d69278

Error: (03/12/2017 06:38:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.4.131 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d20

Start Time: 01d29b1a006dfc2f

Termination Time: 66

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: 1465a231-0710-11e7-8618-c01885d69278

Error: (03/12/2017 06:38:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (03/12/2017 06:06:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2017 10:48:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2017 10:45:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2017 10:37:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/12/2017 04:06:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/12/2017 06:12:49 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/12/2017 06:12:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/12/2017 06:06:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
Overlapped I/O operation is in progress.

Error: (03/12/2017 06:06:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
Overlapped I/O operation is in progress.

Error: (03/12/2017 06:06:09 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x800703e5.

Error: (03/11/2017 10:35:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:10:46 PM on ‎3/‎11/‎2017 was unexpected.

Error: (03/11/2017 01:21:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:18:32 PM on ‎3/‎11/‎2017 was unexpected.

Error: (03/11/2017 09:25:28 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/11/2017 09:25:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EpsonCustomerResearchParticipation service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8088.93 MB
Available physical RAM: 5034.99 MB
Total Virtual: 16176.05 MB
Available Virtual: 12737.46 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:290.32 GB) (Free:132.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B2381AB0)
Partition 1: (Active) - (Size=7.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=290.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Smart Control Log:
 
smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Toshiba 2.5" HDD MK..61GSYN
Device Model:     TOSHIBA MK3261GSYN
Serial Number:    323ST97LT
LU WWN Device Id: 5 000039 3e1d81135
Firmware Version: MH000D
User Capacity:    320,072,933,376 bytes [320 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Sun Mar 12 21:00:09 2017 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (  120) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: (  73) minutes.
SCT capabilities:       (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 128
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   100   100   050    Pre-fail  Always       -       0
  3 Spin_Up_Time            0x0027   100   100   001    Pre-fail  Always       -       1225
  5 Reallocated_Sector_Ct   0x0033   100   100   050    Pre-fail  Always       -       0
  9 Power_On_Hours          0x0032   069   069   000    Old_age   Always       -       766574
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       1662
191 G-Sense_Error_Rate      0x0032   100   100   000    Old_age   Always       -       172
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       230
193 Load_Cycle_Count        0x0032   099   099   000    Old_age   Always       -       16191
194 Temperature_Celsius     0x0022   100   100   000    Old_age   Always       -       43 (0 64 0 0 0)
199 UDMA_CRC_Error_Count    0x0032   100   100   000    Old_age   Always       -       124488493
200 Multi_Zone_Error_Rate   0x0032   100   100   000    Old_age   Always       -       367693939
240 Head_Flying_Hours       0x0032   073   073   000    Old_age   Always       -       661918
241 Total_LBAs_Written      0x0032   100   100   000    Old_age   Always       -       27445127852
242 Total_LBAs_Read         0x0032   100   100   000    Old_age   Always       -       36164391376
254 Free_Fall_Sensor        0x0032   100   100   000    Old_age   Always       -       212
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%     12776         -
# 2  Short offline       Completed without error       00%      9842         -
# 3  Extended offline    Completed without error       00%         2         -
# 4  Short offline       Completed without error       00%         1         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.Attached File  System.zip   60.64KB   1 downloadsAttached File  Addition.txt   32.49KB   2 downloads

Edited by Oh My!, 12 March 2017 - 08:08 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 AM

Posted 12 March 2017 - 08:17 PM

Greetings,

Though I am still evaluating the information you provided I would recommend you immediately back up all data you want to save onto an external drive. I have enough of a concern about the potential failure of your hard drive that I would be remiss in not instructing you to take the opportunity to do so while we have time.

I will be posting more but please let me know when you have been able to back up your data. I would rather not do anything further until we know your data is safe.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 goldmine848

goldmine848
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 13 March 2017 - 08:25 AM

Backup completed.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 AM

Posted 13 March 2017 - 01:55 PM

Thank you, that makes me feel better. :)

This is not a malware related issue. I may end up referring you to one of our other forums where their expertise may prove to be more valuable.

Does your computer appear to overheat or is the fan constantly running? Overheating can cause these symptoms but the temperature being reported in the GSmart report is normal.

Please boot into Safe Mode with Networking and see if the symptoms persist.

Let's continue running some evaluation tools to try to get to the bottom of this. Please do these things.

===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

Data Lifeguard Diagnostic for Windows

-------------------

Note: This process may take several hours to complete.
  • Download Data Lifeguard Diagnostic for Windows and save it to your desktop
  • Unzip the file onto your desktop
  • Right click on setup and select Run as Administrator
  • Click Next three
  • Click Install
  • Click Finish to launch the program
  • Close all screens except for the Western Digital Diagnostics screen
  • Place a check mark in I accept this License Agreement then click Next
  • Left click on your Western Digital (or other brand main) hard drive
  • Just above that link click on the small icon where it says Click to run tests
  • Select EXTENDED TEST then click Start
  • Once completed you will be notified whether the hard drive passed or failed
  • Please copy and paste that information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Overheating?
  • Safe Mode?
  • BSOD report
  • ChkDskGUI report
  • Hard drive test results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 goldmine848

goldmine848
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 13 March 2017 - 04:20 PM

I did not boot into safe mode because the computer has not been exhibiting the symptoms over the past 24 hours.

The fan does run quite a bit but it has always done that. When I have run temperature sensor software it reads high but not unusually so.

 

The bluescreenview software does run. The box pops up but it is blank.

 

Checkdisk of C: (Read only mode) started !
 
Started on : 2017/03/13 17:16:27
 
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Windows.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
  516608 file records processed. 
File verification completed.
  3010 large file records processed. 
  0 bad file records processed. 
  2 EA records processed. 
  47 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
Index entry 000000000000CF35 in index $I30 of file 30 is incorrect.
Index entry CHKDSK.EXE-496676BC.pf in index $I30 of file 4266 is incorrect.
Index entry CHKDSK~1.PF in index $I30 of file 4266 is incorrect.
  591904 index entries processed. 
Index verification completed.
Errors found. CHKDSK cannot continue in read-only mode.
 
Checkdisk of C: (Read only mode) completed !
 
Ended on : 2017/03/13 17:17:51
 
Time elapsed : 84 seconds
 

 

 

 

 

Test Option: EXTENDED TEST Model Number: TOSHIBA MK3261GSYN Unit Serial Number: 323ST97LT Firmware Number: MH000D Capacity: 320.07 GB SMART Status: PASS Test Result: PASS Test Time: 17:10:33, March 13, 2017

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 AM

Posted 13 March 2017 - 07:50 PM

Thank you. Please do this.

===================================================

CheckDiskGUI Fix and Recover

--------------------
  • Launch CheckDiskGUI
  • Place a check mark in the C: drive box
  • Click Fix and Recover
  • Check Yes to schedule the volume to be checked on the next system restart and allow the computer to reboot. The process may take a long time to complete
  • Once completed your computer will automatically restart
  • A message should briefly appear during boot up indicating whether or not the disk is clean
  • Report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 goldmine848

goldmine848
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 14 March 2017 - 05:16 AM

Ran chkdsk. I did not catch the report before rebooting but below is log report:

 

 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  516608 file records processed.                                          File verification completed.
  3011 large file records processed.                                      0 bad file records processed.                                        2 EA records processed.                                              47 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  591908 index entries processed.                                         Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  516608 file SDs/SIDs processed.                                         Cleaning up 92 unused index entries from index $SII of file 0x9.
Cleaning up 92 unused index entries from index $SDH of file 0x9.
Cleaning up 92 unused security descriptors.
Security descriptor verification completed.
  37651 data files processed.                                            CHKDSK is verifying Usn Journal...
  35303232 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  516592 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  35123370 free clusters processed.                                         Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.
 
 304425983 KB total disk space.
 163058648 KB in 443819 files.
    244508 KB in 37652 indexes.
         0 KB in bad sectors.
    629347 KB in use by the system.
     65536 KB occupied by the log file.
 140493480 KB available on disk.
 
      4096 bytes in each allocation unit.
  76106495 total allocation units on disk.
  35123370 allocation units available on disk.
 
Internal Info:
00 e2 07 00 c9 58 07 00 74 02 0e 00 00 00 00 00  .....X..t.......
41 05 00 00 2f 00 00 00 00 00 00 00 00 00 00 00  A.../...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
 
 
 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 AM

Posted 14 March 2017 - 10:17 AM

Good, thanks.
 
Please rerun ChkDskGUI and post the results.

Update me on your computer behavior.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 goldmine848

goldmine848
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 14 March 2017 - 11:43 AM

I ran it in read only mode:

 

Checkdisk of C: (Read only mode) started !
 
Started on : 2017/03/14 12:39:40
 
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Windows.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
  516608 file records processed. 
File verification completed.
  3013 large file records processed. 
  0 bad file records processed. 
  2 EA records processed. 
  47 reparse records processed. 
CHKDSK is verifying indexes (stage 2 of 3)...
  591934 index entries processed. 
Index verification completed.
  0 unindexed files scanned. 
  0 unindexed files recovered. 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  516608 file SDs/SIDs processed. 
Security descriptor verification completed.
  37664 data files processed. 
CHKDSK is verifying Usn Journal...
  35082816 USN bytes processed. 
Usn Journal verification completed.
 
CheckDisk (Read only mode) terminated with errors on : 2017/03/14 12:41:12
 
Time elapsed : 92 seconds
 
 
When it was finished running I got a message that there were errors that should be fixed.


#12 goldmine848

goldmine848
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 14 March 2017 - 11:49 AM

I forgot to add that the computer appears to be behaving propoerly.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 AM

Posted 14 March 2017 - 02:38 PM

Sometimes chkdsk needs to be run several times to fully repair the drive. Could you please run ChkDiskGUI Fix and Recover an additional 3 times then run the normal ChkDiskGUI to see if it comes back clean.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 goldmine848

goldmine848
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 14 March 2017 - 05:39 PM

The message at he end of the full chkdsk said it was clean. Here is the log:

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          3/14/2017 6:24:53 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Andrew-Laptop
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  516608 file records processed.                                         
 
File verification completed.
  3009 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  47 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  591940 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  516608 file SDs/SIDs processed.                                        
 
Cleaning up 19 unused index entries from index $SII of file 0x9.
Cleaning up 19 unused index entries from index $SDH of file 0x9.
Cleaning up 19 unused security descriptors.
Security descriptor verification completed.
  37667 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  34077032 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  516592 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  34878447 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
 304425983 KB total disk space.
 164039336 KB in 444468 files.
    244792 KB in 37668 indexes.
         0 KB in bad sectors.
    628067 KB in use by the system.
     65536 KB occupied by the log file.
 139513788 KB available on disk.
 
      4096 bytes in each allocation unit.
  76106495 total allocation units on disk.
  34878447 allocation units available on disk.
 
Internal Info:
00 e2 07 00 62 5b 07 00 97 05 0e 00 00 00 00 00  ....b[..........
4b 05 00 00 2f 00 00 00 00 00 00 00 00 00 00 00  K.../...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-03-14T22:24:53.000000000Z" />
    <EventRecordID>81686</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Andrew-Laptop</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  516608 file records processed.                                         
 
File verification completed.
  3009 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  47 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  591940 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  516608 file SDs/SIDs processed.                                        
 
Cleaning up 19 unused index entries from index $SII of file 0x9.
Cleaning up 19 unused index entries from index $SDH of file 0x9.
Cleaning up 19 unused security descriptors.
Security descriptor verification completed.
  37667 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  34077032 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  516592 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  34878447 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
 304425983 KB total disk space.
 164039336 KB in 444468 files.
    244792 KB in 37668 indexes.
         0 KB in bad sectors.
    628067 KB in use by the system.
     65536 KB occupied by the log file.
 139513788 KB available on disk.
 
      4096 bytes in each allocation unit.
  76106495 total allocation units on disk.
  34878447 allocation units available on disk.
 
Internal Info:
00 e2 07 00 62 5b 07 00 97 05 0e 00 00 00 00 00  ....b[..........
4b 05 00 00 2f 00 00 00 00 00 00 00 00 00 00 00  K.../...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 AM

Posted 14 March 2017 - 07:40 PM

Excellent.

Touch base tomorrow and provide an update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users