Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farbar System Recovery Tool - in need of fixlist


  • This topic is locked This topic is locked
29 replies to this topic

#1 ArchNemesis

ArchNemesis

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:51 PM

Posted 23 June 2017 - 11:51 PM

First and foremost I'd like to thank in advance for any support I receive on this post being as it is my first. I'm not sure what started causing this issue but my windows fails to boot now and long story short i ended up being referred to use the farbar system recovery tool. I have gone through and done the scan and have been provided with a frst.txt document which I will attach to this post. I will provide any information I can.

 



BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 24 June 2017 - 10:33 AM

Hello ArchNemesis,

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 ArchNemesis

ArchNemesis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:51 PM

Posted 24 June 2017 - 02:50 PM

Hello ArchNemesis,

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS

Hey Ray, thanks for getting to me so soon. I appreciate you taking the time to review my logs. The wait is not an issue, I will be available to reply and provide any information needed, Thanks!



#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 24 June 2017 - 07:15 PM

Hello ArchNemesis, and welcome to Bleeping Computer.

Please call me "Ray".

I will be helping you with your computer problem. If you would permit me to call you by your first name or a short nickname, please tell it to me.
 

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything or run (or re-run) any tools without being advised to do so.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Click More Reply Options and then Preview Post before you post a reply. Be sure your message addresses all the issues I raise.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.


Preliminary Questions


  • How long ago did you notice boot-up problems?
  • How were you able to obtain a scan with Farbar Recovery Scan Tool if you are unable to boot into Windows?
  • When you first turn ON power to your computer, do you see the manufacturer's logo screen?
  • What symptoms do you see when you attempt to boot into Windows? Describe the screens you see and provide verbatim copies of any error messages.
  • Do you have access to a second (clean) computer that you can use for downloading/uploading tools and files, if necessary?
I have gone through and done the scan and have been provided with a frst.txt document which I will attach to this post.
  • Please tell me what procedures you "have gone through". If you followed an online guide, please give me the online address of the guide.
  • FRST.txt was not included with your posts. Please copy and paste the entire contents of FRST.txt into the body of your reply.
  • If the scan produced Addition.txt (find it in the same location as FRST.txt), please copy and paste the entire contents of Addition.txt into the body of your reply.

 

 

Summary:

  1. Did you back up all your important files?
  2. Please answer all the preliminary questions.
  3. Copy and paste the entire contents of FRST.txt into the body of your message.
  4. If it is available, copy and paste the entire contents of Addition.txt into the body of your message.

Before you post your reply, be sure you have addressed all four issues summarized above.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 ArchNemesis

ArchNemesis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:51 PM

Posted 25 June 2017 - 12:05 PM

Hey Ray, I'll try to address all your questions below.


 

Preliminary Questions

 

  • How long ago did you notice boot-up problems?

  • How were you able to obtain a scan with Farbar Recovery Scan Tool if you are unable to boot into Windows?

  • When you first turn ON power to your computer, do you see the manufacturer's logo screen?

  • What symptoms do you see when you attempt to boot into Windows? Describe the screens you see and provide verbatim copies of any error messages.

  • Do you have access to a second (clean) computer that you can use for downloading/uploading tools and files, if necessary?

  • I first noticed the boot up problems about 4 days ago.

  • I can boot into windows, however, it is in recovery mode only, and that is where I performed the scan using the advanced options command prompt.

  • I see my manufacturers logo screen.

  • It boots into windows recovery mode in which i'm given the options to restart or go into advanced repair options.

  • Yes, I am currently on my laptop. .

 

  •  


  • Please tell me what procedures you "have gone through". If you followed an online guide, please give me the online address of the guide.

  • FRST.txt was not included with your posts. Please copy and paste the entire contents of FRST.txt into the body of your reply.

  • If the scan produced Addition.txt (find it in the same location as FRST.txt), please copy and paste the entire contents of Addition.txt into the body of your reply.

 

 

 

 

  • I downloaded farbar recovery scan tool and performed a scan on the infected computer using the command prompt in the advanced options.

  • I will paste the contents below.

  • No addition.txt was produced.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by SYSTEM on MININT-HGJL3KS (23-06-2017 23:12:46)
Running from E:\
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3795880 2016-02-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-05] (Raptr, Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-06-18] (Razer Inc.)
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-05-09] (Plays.tv, LLC)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TRENDnet TEW-726EC] => C:\Program Files (x86)\TRENDnet\TEW-726EC\WlanMon.exe [1187840 2014-03-25] ()
Startup: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-08-08]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-21] (Autodesk Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88024 2016-09-07] (Perfect World Entertainment Inc)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3646888 2016-02-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2016-02-04] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-06-16] ()
S2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-05-26] (Apple Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-18] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-14] (BitRaider, LLC)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [387128 2017-05-23] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [369720 2017-05-23] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [406584 2017-05-23] (BlueStack Systems, Inc.)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\59.0.3071.47\remoting_host.exe [71512 2017-05-08] (Google Inc.)
S2 Dhcp; C:\Windows\system32\dhcpcore.dll [355840 2015-10-29] ()
S2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [394944 2016-04-12] (Scarlet.Crush Productions)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-05-22] (EasyAntiCheat Ltd)
S2 HiPatchService; C:\Hi-Rez Studios\HiPatchService.exe [9728 2017-03-28] (Hi-Rez Studios)
S2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [241664 2012-03-25] (Atheros Communications, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-09] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-06-06] (Overwolf LTD)
S2 PhoneMyPC_Helper; C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [31232 2011-07-15] (SoftwareForMe Inc)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-09] (Plays.tv, LLC)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-06-12] ()
S2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S2 TRENDnet_Wireless; C:\Program Files (x86)\TRENDnet\TEW-726EC\ANIWZCSdS.exe [126976 2010-07-12] (Wireless Service)
S2 TRENDnet_Wireless_WPS; C:\Program Files (x86)\TRENDnet\TEW-726EC\ANIWConnService.exe [49152 2012-12-24] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2970424 2015-06-29] (AVG Technologies)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-12-26] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [174696 2017-06-14] (Zhuhai Kingsoft Office Software Co.,Ltd)
S2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [307928 2013-11-11] ()
S2 GlassWire; "F:\GlassWire\GWCtlSrv.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2010-06-08] ()
S3 athr; C:\Windows\System32\drivers\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [101376 2016-12-07] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-16] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [299440 2016-01-13] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [296368 2015-12-16] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255920 2016-01-22] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 BlueletAudio; C:\Windows\system32\DRIVERS\blueletaudio.sys [41208 2012-12-24] (IVT Corporation)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-07-14] (BitRaider)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-01-13] (BitRaider)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2017-05-23] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2017-05-21] (Bluestack System Inc. )
S3 BT; C:\Windows\System32\drivers\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
S3 BT; C:\Windows\SysWOW64\drivers\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-01] (Disc Soft Ltd)
S1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [1089880 2016-01-15] ()
S3 intelppm; C:\Windows\System32\drivers\intelppm.sys [133632 2015-10-29] ()
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-06-17] (Malwarebytes)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [166240 2015-10-29] ()
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-12-26] (Realtek                                            )
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [585944 2014-12-31] (Realtek Semiconductor Corporation)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3764736 2015-10-29] (Realtek Semiconductor Corporation                           )
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
S3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [42856 2016-03-27] (Nefarius Software Solutions)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11973 2017-05-15] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [41824 2016-11-03] (SteelSeries ApS)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 VComm; C:\Windows\system32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
S3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-09-28] (Wellbia.com Co., Ltd.)
S3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-23 23:05 - 2017-06-23 23:07 - 00000000 ____D C:\FRST
2017-06-22 14:13 - 2017-06-22 14:13 - 00000000 ___HD C:\$Windows.~BT
2017-06-22 14:13 - 2017-06-22 14:13 - 00000000 _____ C:\Recovery.txt
2017-06-22 14:12 - 2017-06-22 14:13 - 00000000 ___HD C:\$SysReset
2017-06-20 21:05 - 2017-06-20 21:05 - 00000000 ____D C:\Users\Vincent\Documents\EVE
2017-06-20 20:52 - 2017-06-20 20:52 - 00000000 ____D C:\Users\Vincent\.QtWebEngineProcess
2017-06-20 20:52 - 2017-06-20 20:52 - 00000000 ____D C:\Users\Vincent\.EVE
2017-06-20 20:51 - 2017-06-20 20:51 - 00000000 ____D C:\Users\Vincent\AppData\Local\CCP
2017-06-20 14:30 - 2017-06-20 14:30 - 00000222 _____ C:\Users\Vincent\Desktop\Serious Sam Classics Revolution.url
2017-06-19 19:54 - 2017-06-19 19:54 - 00000222 _____ C:\Users\Vincent\Desktop\Lambda Wars Beta.url
2017-06-19 18:05 - 2017-06-19 18:06 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-06-19 16:53 - 2017-06-19 16:53 - 00000137 _____ C:\Users\Vincent\Desktop\Age of Conan Unchained.url
2017-06-19 11:13 - 2017-06-19 11:13 - 00000000 ____D C:\Users\Vincent\AppData\LocalLow\Dire Wolf Digital
2017-06-18 16:54 - 2017-06-18 16:54 - 00000000 ____D C:\Users\Vincent\AppData\Local\Saber
2017-06-18 10:28 - 2017-06-18 10:28 - 00000000 ____D C:\Users\Vincent\AppData\Local\id Software
2017-06-16 11:54 - 2017-06-16 11:54 - 00000222 _____ C:\Users\Vincent\Desktop\Tom Clancy's Rainbow Six Siege.url
2017-06-14 13:28 - 2017-06-21 15:54 - 00000000 ____D C:\Program Files\Nightly
2017-06-14 04:52 - 2017-06-14 05:11 - 00003756 _____ C:\Windows\System32\Tasks\WpsUpdateTask_Vincent
2017-06-14 04:52 - 2017-06-14 04:52 - 00004030 _____ C:\Windows\System32\Tasks\WpsExternal_Vincent_20170614085234
2017-06-08 18:42 - 2017-06-08 18:42 - 00000020 _____ C:\Windows\SysWOW64\pub_store.dat
2017-06-08 18:41 - 2017-06-08 18:41 - 00000000 ____D C:\Users\Public\Thunder Network
2017-06-08 18:23 - 2017-06-08 18:23 - 00000000 ____D C:\迅雷游戏
2017-06-08 18:22 - 2017-06-08 18:22 - 00000000 ____D C:\Final Combat
2017-06-08 18:14 - 2017-06-08 18:14 - 00000000 ____D C:\ProgramData\Thunder Network
2017-06-08 11:34 - 2017-06-08 11:44 - 00000000 ____D C:\Program Files\supdt
2017-06-06 11:53 - 2017-06-06 11:53 - 00000000 ____D C:\Users\Vincent\AppData\Local\UNP
2017-06-04 12:28 - 2017-06-04 12:50 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2017-06-04 12:27 - 2017-06-04 12:28 - 339047640 _____ (BlueStack Systems Inc.) C:\Users\Vincent\Downloads\BlueStacks2_native_4bc221f78bf878d65b4904ab64d78bb9.exe
2017-06-01 11:39 - 2017-06-01 11:41 - 00000000 ____D C:\Program Files\UNP
2017-06-01 11:39 - 2017-06-01 11:39 - 00000000 ____D C:\Windows\System32\UNP
2017-05-27 09:45 - 2017-05-30 07:20 - 00000000 ____D C:\Windows\Panther
2017-05-26 14:07 - 2017-05-26 14:07 - 00000000 ____D C:\Program Files (x86)\Blizzard
2017-05-26 14:04 - 2017-05-26 14:04 - 00000000 ____D C:\Users\Vincent\Documents\Starcraft
2017-05-26 13:55 - 2017-05-26 13:58 - 03205616 _____ (Blizzard Entertainment) C:\Users\Vincent\Downloads\StarCraft-Setup (1).exe
2017-05-26 13:55 - 2017-05-26 13:55 - 03205616 _____ (Blizzard Entertainment) C:\Users\Vincent\Downloads\StarCraft-Setup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-22 07:37 - 2014-11-15 16:47 - 00000000 ____D C:\Users\Vincent\AppData\Local\TSVNCache
2017-06-22 07:35 - 2014-07-12 17:21 - 00000000 ____D C:\Users\Vincent\AppData\Local\Battle.net
2017-06-22 07:31 - 2015-06-08 13:21 - 00000000 ____D C:\Users\Vincent\AppData\LocalLow\Mozilla
2017-06-22 07:06 - 2015-10-29 23:11 - 00000000 ____D C:\Windows\CbsTemp
2017-06-22 07:00 - 2017-05-18 17:14 - 00000458 _____ C:\Windows\Tasks\ScpUpdater.job
2017-06-22 05:05 - 2015-11-04 23:54 - 00004162 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C48722C-AF17-4020-9752-12717297017A}
2017-06-21 22:00 - 2014-07-11 22:00 - 00000000 ____D C:\Users\Vincent\AppData\Local\Adobe
2017-06-21 21:33 - 2014-06-27 21:05 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-21 17:47 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\AppReadiness
2017-06-21 15:54 - 2015-09-26 17:10 - 00000000 ____D C:\Users\Vincent\AppData\Local\Ubisoft Game Launcher
2017-06-21 10:53 - 2014-07-12 17:21 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-06-20 21:31 - 2016-09-07 22:06 - 00000000 ____D C:\Users\Vincent\AppData\Local\CrashDumps
2017-06-20 20:52 - 2016-04-01 00:34 - 00000000 ____D C:\users\Vincent
2017-06-20 18:46 - 2016-04-28 17:54 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2017-06-20 11:59 - 2016-04-01 01:03 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-19 18:06 - 2014-06-28 04:45 - 00000000 ____D C:\Users\Vincent\AppData\Local\Funcom
2017-06-19 15:23 - 2015-05-14 05:57 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\DMCache
2017-06-18 13:49 - 2015-01-29 02:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-18 11:57 - 2015-10-29 23:21 - 00000000 ____D C:\Windows\INF
2017-06-18 09:14 - 2016-07-19 08:05 - 00000000 ____D C:\Users\Vincent\AppData\Local\Bethesda.net Launcher
2017-06-18 09:13 - 2016-04-28 17:54 - 00001225 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
2017-06-17 17:34 - 2017-04-26 14:27 - 00003136 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-06-17 17:29 - 2017-04-22 13:14 - 00251832 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-06-17 17:27 - 2016-09-18 12:55 - 00000007 _____ C:\Windows\SysWOW64\ANIWZCSUSERNAME{3E5678D7-0AC4-4FD1-9F41-E15D5ADF98C2}
2017-06-17 17:26 - 2015-08-16 07:37 - 00000083 _____ C:\HaxLogs.txt
2017-06-16 11:55 - 2014-07-18 04:55 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-06-16 08:39 - 2015-09-18 16:33 - 00000000 ____D C:\Program Files\Rockstar Games
2017-06-16 08:39 - 2015-09-18 16:33 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-06-10 21:45 - 2017-05-22 21:11 - 00000000 ____D C:\Users\Vincent\Documents\The Witcher 3
2017-06-09 16:02 - 2015-08-30 12:00 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\Audacity
2017-06-08 18:40 - 2014-07-09 03:49 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\vlc
2017-06-08 11:10 - 2014-07-02 11:10 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-06-06 01:09 - 2014-06-27 20:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-04 12:54 - 2014-08-30 11:58 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-06-04 12:50 - 2016-07-25 20:49 - 00001648 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-06-04 12:50 - 2015-10-29 23:24 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-04 12:47 - 2015-09-18 13:51 - 00000000 ____D C:\Users\Vincent\AppData\Local\Bluestacks
2017-06-02 19:07 - 2015-10-29 23:26 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-02 19:07 - 2015-10-29 23:26 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-31 13:05 - 2016-04-01 00:34 - 01009736 _____ C:\Windows\System32\PerfStringBackup.INI
2017-05-27 16:51 - 2015-07-31 17:44 - 00000000 ____D C:\Users\Vincent\AppData\Local\Packages
2017-05-27 16:50 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-25 19:31 - 2017-05-18 16:32 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\DarkSoulsIII
2017-05-25 19:25 - 2015-05-14 05:57 - 00000000 ____D C:\Users\Vincent\Downloads\Compressed
2017-05-24 14:54 - 2015-01-27 21:03 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\Kodi
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
2016-09-27 20:51 - 2016-09-27 20:51 - 0000512 _____ () C:\Users\Vincent\AppData\Local\Temp\3d51890c7b88e4feeeed777176b46429.dll
2016-05-27 22:15 - 2016-09-17 15:22 - 0073728 _____ () C:\Users\Vincent\AppData\Local\Temp\ANPDApi.dll
2013-01-28 14:20 - 2013-01-28 14:20 - 0248008 _____ (Ask.com) C:\Users\Vincent\AppData\Local\Temp\AskSLib.dll
2016-09-27 20:52 - 2016-09-28 18:24 - 0000041 _____ () C:\Users\Vincent\AppData\Local\Temp\b90d0257ca6ed326fa5bcaf8af38eb0b.dll
2016-09-27 19:34 - 2016-09-15 12:41 - 0037376 _____ (Microsoft) C:\Users\Vincent\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2016-09-27 19:34 - 2016-09-15 12:14 - 0020992 _____ (Microsoft) C:\Users\Vincent\AppData\Local\Temp\HiRezLauncherControls.dll
2016-09-27 11:59 - 2016-09-27 11:59 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1064229083976519961.dll
2016-10-14 12:46 - 2016-10-14 12:46 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1068368348836445834.dll
2016-09-27 13:15 - 2016-09-27 13:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1075089249514255309.dll
2016-09-27 13:27 - 2016-09-27 13:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1079073985803935765.dll
2016-10-08 09:01 - 2016-10-08 09:01 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1130029248099970744.dll
2016-10-14 12:22 - 2016-10-14 12:22 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1320845841627357225.dll
2016-10-14 13:40 - 2016-10-14 13:40 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1351410871522410441.dll
2016-09-30 09:48 - 2016-09-30 09:48 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1358298621534481981.dll
2016-09-29 13:02 - 2016-09-29 13:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1484707040611920541.dll
2016-10-08 09:20 - 2016-10-08 09:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1561279653917294529.dll
2016-10-01 13:31 - 2016-10-01 13:31 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1610491105267806938.dll
2016-10-08 08:48 - 2016-10-08 08:48 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-170862462724460556.dll
2016-10-14 13:47 - 2016-10-14 13:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1944874560720188549.dll
2016-10-01 13:35 - 2016-10-01 13:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-1996833577724300872.dll
2016-09-30 09:26 - 2016-09-30 09:26 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2015173025408541910.dll
2016-09-30 10:00 - 2016-09-30 10:00 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2058517193213661040.dll
2016-10-01 13:32 - 2016-10-01 13:32 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-206683114235934133.dll
2016-09-27 13:00 - 2016-09-27 13:00 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2224757837946816034.dll
2016-09-30 10:18 - 2016-09-30 10:18 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2226430407750277070.dll
2016-09-29 12:53 - 2016-09-29 12:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2256534062838657508.dll
2016-09-27 14:27 - 2016-09-27 14:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2294564127000203353.dll
2016-09-30 10:00 - 2016-09-30 10:00 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2350375648039123461.dll
2016-10-01 12:21 - 2016-10-01 12:21 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-237079372545501610.dll
2016-09-29 08:29 - 2016-09-29 08:29 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2583181340241793559.dll
2016-09-30 10:10 - 2016-09-30 10:10 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2694352387205406692.dll
2016-09-27 13:01 - 2016-09-27 13:01 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2887084199722828111.dll
2016-10-08 09:30 - 2016-10-08 09:30 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2891036078470678983.dll
2016-09-29 12:57 - 2016-09-29 12:57 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2898562308377831516.dll
2016-10-17 11:52 - 2016-10-17 11:52 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-2914851954352637284.dll
2016-09-27 12:43 - 2016-09-27 12:43 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3111925324117109122.dll
2016-10-01 11:10 - 2016-10-01 11:10 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3274098651064136353.dll
2016-10-08 10:46 - 2016-10-08 10:46 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3340481443206148727.dll
2016-09-30 10:22 - 2016-09-30 10:22 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3381440483608169847.dll
2016-09-30 10:25 - 2016-09-30 10:25 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3431302526257813227.dll
2016-09-30 10:24 - 2016-09-30 10:24 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3439258899286110246.dll
2016-10-14 13:15 - 2016-10-14 13:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3450479917505968114.dll
2016-10-08 08:45 - 2016-10-08 08:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-356999309718896722.dll
2016-10-05 11:53 - 2016-10-05 11:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3578740344166053581.dll
2016-10-01 13:35 - 2016-10-01 13:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3579805160716471365.dll
2016-10-14 13:17 - 2016-10-14 13:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3631584222657618262.dll
2016-10-08 09:27 - 2016-10-08 09:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-368541318043460807.dll
2016-09-30 09:44 - 2016-09-30 09:44 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3714397200545741874.dll
2016-09-27 14:32 - 2016-09-27 14:32 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-3733042072268092687.dll
2016-10-08 09:51 - 2016-10-08 09:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-387103995579043641.dll
2016-09-27 13:12 - 2016-09-27 13:12 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4073766203169528059.dll
2016-09-29 13:04 - 2016-09-29 13:04 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4078255346165822211.dll
2016-09-29 08:30 - 2016-09-29 08:30 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4120337252019585561.dll
2016-10-01 13:37 - 2016-10-01 13:37 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4121660765514614753.dll
2016-10-01 12:27 - 2016-10-01 12:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4320075945905365463.dll
2016-10-08 09:40 - 2016-10-08 09:40 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4463684510179721061.dll
2016-09-30 10:26 - 2016-09-30 10:26 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-453732343748753677.dll
2016-09-27 12:44 - 2016-09-27 12:44 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4559037264225739188.dll
2016-09-30 10:05 - 2016-09-30 10:05 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4578278063743955110.dll
2016-10-19 11:30 - 2016-10-19 11:30 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4703113035407153893.dll
2016-11-02 14:08 - 2016-11-02 14:08 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4723285714585634958.dll
2016-09-29 13:03 - 2016-09-29 13:03 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4727167861543809815.dll
2016-10-08 09:19 - 2016-10-08 09:19 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4751035065726349312.dll
2016-11-02 17:05 - 2016-11-02 17:05 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4759015601338839711.dll
2016-10-01 13:42 - 2016-10-01 13:42 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4782225116554378068.dll
2016-10-14 12:47 - 2016-10-14 12:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4783848487152774673.dll
2016-10-01 13:39 - 2016-10-01 13:39 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-4940587826370582894.dll
2016-10-17 10:33 - 2016-10-17 10:33 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5128679011191164611.dll
2017-01-20 15:29 - 2017-01-20 15:29 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5162621595201210014.dll
2016-09-27 13:27 - 2016-09-27 13:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5165691344639968274.dll
2016-09-30 09:53 - 2016-09-30 09:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5184633446500632669.dll
2016-09-30 09:50 - 2016-09-30 09:50 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5187859672279321974.dll
2016-09-30 10:22 - 2016-09-30 10:22 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5213982025169538759.dll
2016-10-19 11:12 - 2016-10-19 11:12 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5224419838415435007.dll
2016-10-01 12:36 - 2016-10-01 12:36 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5233356781302871379.dll
2016-10-01 13:44 - 2016-10-01 13:44 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5251305913233180598.dll
2016-09-27 14:28 - 2016-09-27 14:28 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5267975546529063108.dll
2016-09-30 09:46 - 2016-09-30 09:46 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5318165080585127851.dll
2016-09-27 13:29 - 2016-09-27 13:29 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5332132797578177443.dll
2016-09-28 07:57 - 2016-09-28 07:57 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5343192601953581374.dll
2016-10-08 09:44 - 2016-10-08 09:44 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5491783367049583532.dll
2016-10-08 07:58 - 2016-10-08 07:58 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5526053623482863202.dll
2016-10-08 08:45 - 2016-10-08 08:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5565207774872441004.dll
2016-09-30 14:33 - 2016-09-30 14:33 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5646326151286637953.dll
2016-10-01 13:49 - 2016-10-01 13:49 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5691735480362638671.dll
2016-09-27 14:34 - 2016-09-27 14:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5697102885026736867.dll
2016-10-17 12:13 - 2016-10-17 12:13 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5725110668516187626.dll
2016-10-18 12:42 - 2016-10-18 12:42 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-579788737727765614.dll
2016-09-29 12:55 - 2016-09-29 12:55 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5799143196443175504.dll
2016-09-29 17:59 - 2016-09-29 17:59 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-5967772731132527446.dll
2016-10-17 10:34 - 2016-10-17 10:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6025587204873724127.dll
2016-10-17 12:35 - 2016-10-17 12:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6198093893265202973.dll
2016-10-19 11:14 - 2016-10-19 11:14 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-625905438520057869.dll
2016-10-01 12:16 - 2016-10-01 12:16 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6264683630710640506.dll
2016-09-28 07:58 - 2016-09-28 07:58 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6280084482654759530.dll
2016-10-08 09:37 - 2016-10-08 09:37 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6440509715938233763.dll
2016-11-02 14:02 - 2016-11-02 14:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6463574556996046798.dll
2016-09-27 13:33 - 2016-09-27 13:33 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6497498040604649376.dll
2016-10-14 12:50 - 2016-10-14 12:50 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6659100523322799994.dll
2016-10-05 11:56 - 2016-10-05 11:56 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6707317496599596950.dll
2016-09-27 12:46 - 2016-09-27 12:46 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6718454746227060176.dll
2016-10-01 13:38 - 2016-10-01 13:38 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6858363535193646617.dll
2016-10-01 12:36 - 2016-10-01 12:36 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-689455234445339321.dll
2016-10-01 13:47 - 2016-10-01 13:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6975880410352912037.dll
2016-09-27 12:45 - 2016-09-27 12:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-6979634625322735215.dll
2016-09-30 12:09 - 2016-09-30 12:09 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-7107162254852105877.dll
2016-10-19 10:18 - 2016-10-19 10:18 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-722995155292338531.dll
2016-09-27 13:31 - 2016-09-27 13:31 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-7233177647055329642.dll
2016-10-01 12:23 - 2016-10-01 12:23 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-7254746652879565175.dll
2016-10-14 13:49 - 2016-10-14 13:49 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-7304111824152622898.dll
2016-09-27 11:59 - 2016-09-27 11:59 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-7338950877168189712.dll
2016-10-08 10:02 - 2016-10-08 10:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-7378382957297727795.dll
2016-09-30 09:49 - 2016-09-30 09:49 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-750173507473625832.dll
2016-10-14 12:26 - 2016-10-14 12:26 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-7652608630152998300.dll
2016-09-30 10:19 - 2016-09-30 10:19 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-768334148611369698.dll
2016-10-17 12:00 - 2016-10-17 12:00 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-7699519698356127264.dll
2016-10-08 09:33 - 2016-10-08 09:33 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-7897120358504835159.dll
2016-09-28 08:49 - 2016-09-28 08:49 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8000590334597044444.dll
2016-10-08 09:23 - 2016-10-08 09:23 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8030209373536890460.dll
2016-09-30 10:27 - 2016-09-30 10:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-811296251138975008.dll
2017-01-20 15:27 - 2017-01-20 15:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8209147949218871484.dll
2016-09-30 09:53 - 2016-09-30 09:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8234934720427859344.dll
2016-09-30 10:48 - 2016-09-30 10:48 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8237276792410034756.dll
2016-09-30 09:46 - 2016-09-30 09:46 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8250581587955581295.dll
2016-10-08 09:17 - 2016-10-08 09:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8283166946504399345.dll
2016-09-30 09:58 - 2016-09-30 09:58 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8287908402261749420.dll
2016-09-29 12:57 - 2016-09-29 12:57 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-840109718742166879.dll
2017-01-20 15:32 - 2017-01-20 15:32 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8458146716088445482.dll
2016-10-14 12:48 - 2016-10-14 12:48 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8465274793573695774.dll
2016-09-30 10:27 - 2016-09-30 10:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8500447150872350532.dll
2016-10-19 11:06 - 2016-10-19 11:06 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8540594755409068418.dll
2017-01-20 15:34 - 2017-01-20 15:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8607620725124311983.dll
2016-10-19 11:19 - 2016-10-19 11:19 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8658569409268098753.dll
2016-10-08 10:47 - 2016-10-08 10:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-866780055119001974.dll
2016-10-18 12:27 - 2016-10-18 12:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8682760589887099638.dll
2016-09-27 12:42 - 2016-09-27 12:42 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8787409080830929745.dll
2016-10-08 09:20 - 2016-10-08 09:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-8972018503889932732.dll
2016-09-30 10:21 - 2016-09-30 10:21 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-9002125756557201295.dll
2016-10-08 09:48 - 2016-10-08 09:48 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-9093570573092426161.dll
2016-10-08 07:57 - 2016-10-08 07:57 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-9153171629384196529.dll
2016-10-05 12:15 - 2016-10-05 12:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-9157874679450295242.dll
2016-10-01 13:46 - 2016-10-01 13:46 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Vincent\AppData\Local\Temp\jansi-64-9173118117482508541.dll
2016-09-26 08:18 - 2016-09-26 08:18 - 0017408 _____ () C:\Users\Vincent\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-11-g3fd9db2-b3097jnks.dll
2016-04-19 17:45 - 2016-04-19 17:47 - 6351472 _____ (Black Tree Gaming                                           ) C:\Users\Vincent\AppData\Local\Temp\Nexus Mod Manager-0.61.16.exe
2016-07-19 20:20 - 2016-07-19 20:20 - 6359496 _____ (Black Tree Gaming                                           ) C:\Users\Vincent\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
2017-04-03 10:48 - 2017-04-03 10:48 - 6441176 _____ (Black Tree Gaming                                           ) C:\Users\Vincent\AppData\Local\Temp\Nexus Mod Manager-0.63.13.exe
2017-05-07 10:04 - 2017-05-07 10:04 - 6441096 _____ (Black Tree Gaming                                           ) C:\Users\Vincent\AppData\Local\Temp\Nexus Mod Manager-0.63.14.exe
2016-06-07 16:37 - 2017-03-09 14:05 - 56756184 _____ (Skype Technologies S.A.) C:\Users\Vincent\AppData\Local\Temp\SkypeSetup.exe
2017-06-08 18:09 - 2017-06-08 18:09 - 0430080 _____ (Eclipse Foundation) C:\Users\Vincent\AppData\Local\Temp\swt-win32-3740.dll
2017-03-27 17:39 - 2017-03-27 17:39 - 14456872 _____ (Microsoft Corporation) C:\Users\Vincent\AppData\Local\Temp\vc_redist.x86.exe
2017-04-09 19:44 - 2017-04-09 19:44 - 0040960 _____ () C:\Users\Vincent\AppData\Local\Temp\x2blapi.dll
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8174.11 MB
Available physical RAM: 7293.78 MB
Total Virtual: 8174.11 MB
Available Virtual: 7344.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:589.87 GB) (Free:23.02 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Lexar) (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32
Drive f: () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
Drive g: (TEW-726EC) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (New Volume) (Fixed) (Total:931.51 GB) (Free:55.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8732F92F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 0002B263)
Partition 1: (Active) - (Size=589.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=5.9 GB) - (Type=05)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)
 
LastRegBack: 2017-06-15 13:12
 
==================== End of FRST.txt ============================
  1.  


 

Summary:

  1. Did you back up all your important files?

 

 

  1. I haven't been able to backup any files at this time.

 

I hope that answers all your questions, also Vincent is fine to call me by rather than my screen name, thanks again!

 



#6 RayS

RayS

  • Malware Study Hall Senior
  • 2,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 26 June 2017 - 06:09 PM

Hello Vincent,

Thank you for answering my questions and providing the FRST.txt log. The absence of the Addition.txt file is normal when FRST64.exe is run in the Recovery Environment.

 

 

Overview

 

We will try to enter one of the Safe Mode options. If successful, we will obtain FRST.txt and Addition.txt logs from FRST64.exe using Scan. Then we will run FRST64.exe with a short script using Fix. It will create an archive in a .ZIP file which you will attach to your reply. If none of the Safe Mode options is available, we will use Recovery Environment (RE) to run a different script. You will need a USB thumb drive to transfer files between your sick PC and your laptop. The thumb drive doesn't need much free space for today's operation, but it may need tens of megabytes next time. The Lexar thumb drive you used on Friday is plenty adequate.


Try Safe Mode

 

Please try to enter Safe Mode with networking by following this illustrated guide: How to Start Windows 10 in Safe Mode with Networking. Note: In order to see the Power button as indicated by the red arrow in the first illustration, you may need to click on the icon that looks like a tiny screen in the lower right corner of the window. If Safe Mode with networking doesn't work, describe all symptoms you see and give me verbatim copies of error messages (if any).

 

Next, try the same procedure except press number 4 to enable Safe Mode (without networking). Again, describe symptoms and error messages if this mode fails.

In whichever Safe Mode works first (if any), use FRST64.exe as you did before. Be sure the box for Addition.txt is checkmarked and run Scan again. Copy and paste both logs into your reply. Also launch some other programs (including a browser, if you have networking) and tell me whether they operate normally.

 

 

Fixlist script for use in Safe Mode only

 

  • While in Safe Mode, launch FRST64.exe.
  • Copy the entire contents of the following code box into your clipboard (place your cursor inside the code box and press Ctrl+A then Ctrl+C). Then press Fix.
Start::
zip: C:\Users\Vincent\AppData\Local\CrashDumps
End::

Note: This script will create an archive file on your desktop with Date_Time in its name. Example name: 26.06.2017_14.11.45.zip

  • Copy and paste the contents of Fixlog.txt into your reply.
  • Attach the .ZIP file to your reply.

 

 

Fixlist script for use only if Safe Mode is not available

 

Use your laptop to create fixlist.txt on a USB thumb drive as follows:

  • Launch Notepad and press Enter.
  • Copy and paste the text you see from inside the following code box into a new notepad document.
Folder: C:\Users\Vincent\AppData\Local\CrashDumps
  • Click File, then Save As...
  • On the left pane, navigate to the same location on your USB thumb drive where FRST64.exe is. (It was in E:\ when you ran the scan on Friday.)
  • Under the Save as type dropdown, select All Files.
  • In the File Name box, type fixlist.txt
  • Click Save.

 

Now, enter Command Prompt in Recovery Environment (RE) as you did previously.

  • After the Command Prompt window opens, type notepad and press Enter.
  • From the notepad menu, press File > Open then navigate to your USB drive and choose all files.
  • Right click on FRST64.exe and click run as admin.
  • Click Fix.
  • The result of running the script will appear in a file called Fixlog.txt which will be created on your thumb drive in the same location as FRST64.exe.
  • Copy and paste Fixlog.txt into your reply.

 

 

 

Summary:

  • Were you able to enter one of the Safe Mode options? If not, describe symptoms including error messages (if any).
  • If one of the Safe Modes was possible, copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • If one of the Safe Modes was possible, Copy and paste the contents of Fixlog.txt into the body of your message and attach the .ZIP file to your message.
  • If one of the Safe Modes was possible, which other programs (if any) operated normally?
  • If Safe Mode was not available, Copy and paste the contents of Fixlog.txt into the body of your message.

Before you press Add Reply, please be sure you have addressed all five issues summarized above.

 

A more complete set of logs will help me to compose a more comprehensive Fixlist script for you.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#7 ArchNemesis

ArchNemesis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:51 PM

Posted 26 June 2017 - 08:07 PM

Summary:

  • Were you able to enter one of the Safe Mode options? If not, describe symptoms including error messages (if any).
  • If one of the Safe Modes was possible, copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • If one of the Safe Modes was possible, Copy and paste the contents of Fixlog.txt into the body of your message and attach the .ZIP file to your message.
  • If one of the Safe Modes was possible, which other programs (if any) operated normally?
  • If Safe Mode was not available, Copy and paste the contents of Fixlog.txt into the body of your message.
  • I was not able to boot into Safe Mode using any options. If attempted it would simply just boot into RE again.
  • I will paste the Fixlog.txt below.
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by SYSTEM (26-06-2017 20:11:35) Run:1
Running from D:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
C:\Users\Vincent\AppData\Local\CrashDumps
*****************
 
C:\Users\Vincent\AppData\Local\CrashDumps => moved successfully
 
==== End of Fixlog 20:11:35 ====
 
-Vincent


#8 RayS

RayS

  • Malware Study Hall Senior
  • 2,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 27 June 2017 - 08:23 PM

Hi Vincent,

 

  • Please insert a thumb drive into the sick PC and enter Recovery Environment again.
  • Navigate to C:\FRST\Quarantine\C\Users\Vincent\AppData\Local\CrashDumps and right-click, then select Send to and copy the folder to your thumb drive.
  • Insert your thumb drive into your clean PC and navigate to the CrashDumps folder.
  • Right-click the CrashDumps folder, then select Send to, and then select Compressed (zipped) folder. A new zipped folder named CrashDumps.zip will be created in the same location.
  • Attach CrashDumps.zip to your reply.

Thank you,

 

Ray

 

 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 ArchNemesis

ArchNemesis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:51 PM

Posted 28 June 2017 - 12:10 AM

Hey Ray, I went ahead and got the file and moved it to my flash drive. It should be attached below. Thanks!

 

 

Attached Files



#10 RayS

RayS

  • Malware Study Hall Senior
  • 2,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 28 June 2017 - 06:47 PM

Hi Vincent,

 

Thank you for the crash dumps. I am in the process of evaluating the dump files and they are cumbersome and complex. I appreciate your continued patience. Meanwhile, I would like you to run the following short script.

 

 

Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Use your laptop to create fixlist.txt on a USB thumb drive as follows:

  • Launch Notepad and press Enter.
  • Copy and paste the entire text you see from inside the following code box into a new notepad document.
Start

LastRegBack: 2017-06-15 13:12

End
  • Click File, then Save As...
  • On the left pane, navigate to the same location on your USB thumb drive where FRST64.exe is. (It was in E:\ when you ran the scan on Friday.)
  • Under Save as type, select All Files.
  • In the File Name box, type fixlist.txt and click Save.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

Now, enter Command Prompt in Recovery Environment (RE) as you did previously.

  • After the Command Prompt window opens, type notepad and press Enter.
  • From the notepad menu, press File > Open then navigate to your USB drive and choose all files.
  • Right click on FRST64.exe and click run as admin.
  • Click Fix.
  • The result of running the script will appear in a file called Fixlog.txt which will be created on your thumb drive in the same location as FRST64.exe.

 

Summary

  • Copy and paste the entire contents of Fixlog.txt into the body of your reply.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#11 ArchNemesis

ArchNemesis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:51 PM

Posted 28 June 2017 - 07:24 PM

Summary

  • Copy and paste the entire contents of Fixlog.txt into the body of your reply.

 

Hey Ray, I appreciate your continued support. Side note, I had to use a different flash drive for the past few operations, it's the same size and all as the other one however. I will attach the fixlog created from that script down below, thanks! 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by SYSTEM (28-06-2017 20:09:51) Run:5
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Start
 
LastRegBack: 2017-06-15 13:12
 
End
*****************
 
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up
 
==== End of Fixlog 20:09:56 ====

Edited by ArchNemesis, 28 June 2017 - 07:25 PM.


#12 RayS

RayS

  • Malware Study Hall Senior
  • 2,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 28 June 2017 - 08:48 PM

Hi Vincent,

 

That script ran well. Please try Normal boot. If that doesn't work, try Safe Mode with networking (option 5) then, if that doesn't work, try Safe Mode (without networking) (option 4). If any of these trials is successful try to run a few sample programs including a browser if you have networking.

 

Please let me know if you had any success and, if so, tell me how your PC is running. Give full descriptions of all symptoms and verbatim copies of error messages, if any.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#13 ArchNemesis

ArchNemesis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:51 PM

Posted 28 June 2017 - 09:10 PM

Hey Ray, unfortunately neither normal nor safe mode booting worked.  Still booting into RE, however, this time around it started doing a diagnosis upon booting which I don't believe it did before, it still leads into RE though. 



#14 RayS

RayS

  • Malware Study Hall Senior
  • 2,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 29 June 2017 - 10:35 PM

Hi Vincent,

 

Thank you for trying the various boot options.

 

Even if you have tried before, I would like you to try System Restore again. Please boot into Recovery Environment again and click Troubleshoot > Advanced > System Restore. If any Restore Points are available, choose one as close to but prior to June 20th. Then try Normal boot, Safe Mode with networking, and Safe Mode (without networking) in that order.

 

Are any Restore Points available? Let me know whether you have any success. Describe fully what you see.

 

<<<<<<

 

 

Did you try any system reset or Windows Update activity recently prior to the current problem or after the problem occurred? If so, please describe fully what you attempted and accomplished and when did you perform these activities.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#15 ArchNemesis

ArchNemesis
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:51 PM

Posted 30 June 2017 - 03:33 PM

Hi Vincent,

 

Thank you for trying the various boot options.

 

Even if you have tried before, I would like you to try System Restore again. Please boot into Recovery Environment again and click Troubleshoot > Advanced > System Restore. If any Restore Points are available, choose one as close to but prior to June 20th. Then try Normal boot, Safe Mode with networking, and Safe Mode (without networking) in that order.

 

Are any Restore Points available? Let me know whether you have any success. Describe fully what you see.

 

<<<<<<

 

 

Did you try any system reset or Windows Update activity recently prior to the current problem or after the problem occurred? If so, please describe fully what you attempted and accomplished and when did you perform these activities.

 

Thank you,

 

Ray

 

Hey Ray, again, bad news. When opening the system restore option it informs me that my system drive has no restore points. Also, I did not prompt my computer to do any system reset or Windows Update prior to the problem. What happened was I had accidentally clicked the power button on my computer so Windows began trying to shut down and told me some programs were preventing the shut down so I told it to cancel shutting down as I was not ready to shut my computer down. So I continued using my computer then after I was done for the night I locked it and when I went on it the next morning the text in the lockscreen was all obscured almost smudged looking, and upon unlocking I attempted to start some applications like Google Chrome in which I was prompted with text saying my system didn't have enough resources or just some error code (which unfortunately I did not record). Realizing something was up I restarted my computer and that's when this problem started occurring. So from the time I got off of it and got back on I'm thinking something must have happened. I didn't think about this but I guess my antivirus could have gotten closed when my computer was attempting to shutdown and something could have infected my PC? Besides that I'm really not sure what could have happened. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users