Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something very crappy


  • This topic is locked This topic is locked
53 replies to this topic

#1 dennis369

dennis369

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 13 October 2017 - 07:15 PM

Running Windows 10.

I suddenly get notifications that Windows Defender and ZoneAlarm have bern disabled. I immediately go to check my control panel and cannot access.

I've had experiences with Malware before so I immediately attempt to run ZoneAlarm. It it blocked from scanning and cannot access the internet(?). This is shocking. So I immediately attempt to download Malwarebytes. Neither browser will go there (I use Firefox and chrome). I actually cannot access any anti-spyware sites on the laptop. My best guess is something has been messed up. I download Malwarebytes to my phone and transfer the file to a flash drive. The software scans and finds no threats but it still cannot access the updates on the internet.

I take this as a severe caution. I attempt to go to on the internet and visit upport site like this one. Now internet access to the laptop at all!

I use my past malware experience and my phone's internet access to download several pieces of anti spyware software. This works fine until the files try to run on the laptop. They are all blocked from the internet!

I'm using my phone now to do anything on the web. Please help me to get rid of this crappy invasion! It's cutting into my work and that's a serious problem. Log files will follow this post.

Any assistance is appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 dennis369

dennis369
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 13 October 2017 - 08:32 PM

Woah that log took a long time to run. Please find the attached. Are text files ok for future attachments? Thanks.Attached File  frst.pdf   123.61KB   2 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
Ran by willied3 (administrator) on WILLIE (13-10-2017 21:17:49)
Running from E:\
Loaded Profiles: willied3 (Available Profiles: willied3 & Administrator)
Platform: Windows 10 Home Version 1703 170317-1834 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files\PreSonus\AudioBox\AudioBox.exe
(PageBites, Inc.) C:\Users\willied3\AppData\Roaming\Imo Messenger\ImoDesktopApp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40445.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40445.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\Public\Downloads\Norton\{NIS2250215-SHPD-FSD51083}\FSDUI_Custom.exe /m /SHOWONECLICK /WIN10_UPGRADE "C:\Users\willied3\AppData\Local\Temp\{DA1CD077-8D72-4481-98F5-E61F3049D7FB}\Upgrade.exe" <==== ATTENTION
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7591424 2012-05-24] ()
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\Run: [Imo Messenger] => C:\Users\willied3\AppData\Roaming\Imo Messenger\ImoDesktopApp.exe [5693840 2017-10-10] (PageBites, Inc.)
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-17] (SUPERAntiSpyware)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{eee3dc9e-6aa2-4b6f-9678-75bc295b96bd}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-3943819030-1241084623-1333657090-1001 -> DefaultScope {0120DECF-FED0-4C11-8937-E61584C45B0A} URL = 
SearchScopes: HKU\S-1-5-21-3943819030-1241084623-1333657090-1001 -> {0120DECF-FED0-4C11-8937-E61584C45B0A} URL = 
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-05-14] (DVDVideoSoft Ltd.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-05-14] (DVDVideoSoft Ltd.)
 
FireFox:
========
FF DefaultProfile: m3lgyzaq.default
FF ProfilePath: C:\Users\willied3\AppData\Roaming\Mozilla\Firefox\Profiles\m3lgyzaq.default [2017-10-12]
FF user.js: detected! => C:\Users\willied3\AppData\Roaming\Mozilla\Firefox\Profiles\m3lgyzaq.default\user.js [2015-08-02]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\m3lgyzaq.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\m3lgyzaq.default -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\m3lgyzaq.default -> type", 4
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\willied3\AppData\Roaming\Mozilla\Firefox\Profiles\m3lgyzaq.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2017-09-19]
FF SearchPlugin: C:\Users\willied3\AppData\Roaming\Mozilla\Firefox\Profiles\m3lgyzaq.default\searchplugins\zonealarm.xml [2015-08-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3943819030-1241084623-1333657090-1001: @citrixonline.com/appdetectorplugin -> C:\Users\willied3\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-13] (Citrix Online)
 
Chrome: 
=======
CHR Profile: C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default [2017-10-12]
CHR Extension: (Google Slides) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-05]
CHR Extension: (Google Docs) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-05]
CHR Extension: (Google Drive) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-05]
CHR Extension: (YouTube) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-05]
CHR Extension: (One-click Downloader) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjodfcplkcccafghgnbnpgedgakohog [2016-12-23]
CHR Extension: (Google Play Music) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-09-28]
CHR Extension: (Google Sheets) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-05]
CHR Extension: (Google Docs Offline) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-05]
CHR Extension: (Skype) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-03]
CHR Extension: (Flat - Music scores and guitar tabs editor) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgfkpiieempkmppimblkblmlcmbdkbcg [2017-09-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Transcribe: transcribe audio/interviews fast!) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm [2017-09-20]
CHR Extension: (Gmail) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\willied3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-10-11] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-10-11] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2017-03-22] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29216 2017-03-22] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [189672 2017-03-22] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [435032 2017-03-22] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1007848 2017-03-22] (AO Kaspersky Lab)
R0 klupd_KLIF_arkmon; C:\WINDOWS\System32\Drivers\klupd_KLIF_arkmon.sys [229288 2017-05-18] (AO Kaspersky Lab)
S3 klupd_KLIF_kimul; C:\WINDOWS\System32\Drivers\klupd_KLIF_kimul.sys [87584 2017-05-18] (AO Kaspersky Lab)
S3 klupd_KLIF_klark; C:\WINDOWS\System32\Drivers\klupd_KLIF_klark.sys [251656 2017-05-18] (AO Kaspersky Lab)
R0 klupd_KLIF_klbg; C:\WINDOWS\System32\Drivers\klupd_KLIF_klbg.sys [112912 2017-05-18] (AO Kaspersky Lab)
S3 klupd_KLIF_mark; C:\WINDOWS\System32\Drivers\klupd_KLIF_mark.sys [173144 2017-05-18] (AO Kaspersky Lab)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-12] (Malwarebytes)
R3 MP4RecorderVAD; C:\WINDOWS\system32\DRIVERS\mp4recordervad64.sys [27984 2016-07-04] (OnStream Media Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 paeusbaudio; C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] ()
S3 paeusbaudiodsp; C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] ()
S3 paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] ()
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [433912 2016-07-13] (Realsil Semiconductor Corporation)
S3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2017-03-16] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-10-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-10-11] (Zemana Ltd.)
U3 iswSvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-13 18:50 - 2017-10-13 21:17 - 000000000 ____D C:\FRST
2017-10-12 21:03 - 2017-10-12 21:03 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-12 01:17 - 2017-10-12 01:17 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-10-12 01:16 - 2017-10-12 21:18 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-10-12 01:16 - 2017-10-12 01:57 - 000000530 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 85108678-9447-4f3a-9dba-4efe57171fc4.job
2017-10-12 01:16 - 2017-10-12 01:57 - 000000530 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1b6ba0b2-abdf-492b-9511-1d50ca742f52.job
2017-10-12 01:16 - 2017-10-12 01:16 - 000003758 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 1b6ba0b2-abdf-492b-9511-1d50ca742f52
2017-10-12 01:16 - 2017-10-12 01:16 - 000003676 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 85108678-9447-4f3a-9dba-4efe57171fc4
2017-10-12 01:16 - 2017-10-12 01:16 - 000001860 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-10-12 01:16 - 2017-10-12 01:16 - 000000000 ____D C:\Users\willied3\AppData\Roaming\SUPERAntiSpyware.com
2017-10-12 01:16 - 2017-10-12 01:16 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-10-12 01:16 - 2017-10-12 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-10-12 01:15 - 2017-10-12 01:15 - 000048441 _____ C:\ProgramData\agent.1507785341.bdinstall.bin
2017-10-12 01:15 - 2017-10-12 01:15 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-10-12 01:15 - 2017-10-12 01:15 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-10-12 00:34 - 2017-10-12 00:35 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 22:40 - 2017-10-11 22:40 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-10-11 22:14 - 2017-10-11 22:23 - 000286072 _____ C:\TDSSKiller.3.1.0.15_11.10.2017_22.14.20_log.txt
2017-10-11 21:11 - 2017-10-11 21:11 - 000000000 _____ C:\Users\willied3\AppData\Local\{E87047DA-112F-4B22-B90B-89DB5B7C88AB}
2017-10-11 20:50 - 2017-10-11 20:50 - 000000956 _____ C:\Users\willied3\Desktop\Forensics_171011-204953.txt
2017-10-11 20:47 - 2017-10-11 20:47 - 000002506 _____ C:\Users\willied3\Desktop\scan_171011-203955.txt
2017-10-11 20:37 - 2017-10-11 20:50 - 000000000 ____D C:\EEK
2017-10-11 20:34 - 2017-10-11 21:22 - 000000000 ____D C:\Program Files\HitmanPro
2017-10-11 20:34 - 2017-10-11 20:34 - 000001977 _____ C:\Users\Public\Desktop\Simple Simon.lnk
2017-10-11 20:34 - 2017-10-11 20:34 - 000000000 ____D C:\Users\willied3\AppData\Local\ElevatedDiagnostics
2017-10-11 20:34 - 2017-10-11 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-10-11 18:36 - 2017-10-11 18:39 - 000281632 _____ C:\TDSSKiller.3.1.0.15_11.10.2017_18.36.31_log.txt
2017-10-11 18:30 - 2017-10-13 21:19 - 000089446 _____ C:\WINDOWS\ZAM.krnl.trace
2017-10-11 18:30 - 2017-10-13 21:19 - 000061321 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-10-11 18:30 - 2017-10-11 18:30 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-10-11 18:30 - 2017-10-11 18:30 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-10-11 18:30 - 2017-10-11 18:30 - 000001232 _____ C:\Users\Public\Desktop\Zeus.lnk
2017-10-11 18:30 - 2017-10-11 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-10-11 18:30 - 2017-10-11 18:30 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-10-11 18:24 - 2017-10-11 18:24 - 000000000 ____D C:\Users\willied3\AppData\Local\Zemana
2017-10-11 18:21 - 2017-10-11 18:23 - 000555336 _____ C:\TDSSKiller.3.1.0.15_11.10.2017_18.21.22_log.txt
2017-10-11 18:20 - 2017-10-11 18:20 - 000000000 ____D C:\ProgramData\HitmanPro
2017-10-11 17:52 - 2017-10-11 20:02 - 000002194 _____ C:\Users\willied3\Desktop\Rkill.txt
2017-10-11 17:50 - 2017-10-11 19:58 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-10-10 21:20 - 2017-10-10 21:20 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-10 21:20 - 2017-10-10 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-10 21:20 - 2017-10-10 21:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-10 21:20 - 2017-10-10 21:20 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-10 21:20 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-09 23:53 - 2017-10-09 23:54 - 041136925 _____ C:\Users\willied3\Desktop\Amazon-Music-Download_2017-10-09_20-53.zip
2017-10-03 13:00 - 2017-09-18 19:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-03 13:00 - 2017-09-18 19:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-03 13:00 - 2017-09-18 19:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-03 13:00 - 2017-09-18 19:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-03 13:00 - 2017-09-18 19:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-03 13:00 - 2017-09-18 19:17 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-03 13:00 - 2017-09-18 19:17 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-03 13:00 - 2017-09-18 19:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-03 13:00 - 2017-09-18 19:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-03 13:00 - 2017-09-18 19:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-03 13:00 - 2017-09-18 18:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-03 13:00 - 2017-09-18 18:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-03 13:00 - 2017-09-18 18:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-03 13:00 - 2017-09-18 18:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-03 13:00 - 2017-09-18 18:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-03 13:00 - 2017-09-18 18:18 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-03 13:00 - 2017-09-18 18:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-09-28 15:15 - 2017-09-28 15:15 - 000104740 _____ C:\Users\willied3\Downloads\document.pdf
2017-09-28 00:00 - 2017-09-28 00:00 - 000290118 _____ C:\Users\willied3\Downloads\Voice00135.amr
2017-09-28 00:00 - 2017-09-28 00:00 - 000266182 _____ C:\Users\willied3\Downloads\Voice00132.amr
2017-09-28 00:00 - 2017-09-28 00:00 - 000199462 _____ C:\Users\willied3\Downloads\Voice00131.amr
2017-09-28 00:00 - 2017-09-28 00:00 - 000130854 _____ C:\Users\willied3\Downloads\Voice00133.amr
2017-09-28 00:00 - 2017-09-28 00:00 - 000099174 _____ C:\Users\willied3\Downloads\Voice00128.amr
2017-09-28 00:00 - 2017-09-28 00:00 - 000049254 _____ C:\Users\willied3\Downloads\Voice00134.amr
2017-09-27 23:52 - 2017-09-27 23:52 - 000174342 _____ C:\Users\willied3\Downloads\Voice00119.amr
2017-09-27 23:52 - 2017-09-27 23:52 - 000171302 _____ C:\Users\willied3\Downloads\Voice00117.amr
2017-09-27 23:51 - 2017-09-27 23:51 - 000405478 _____ C:\Users\willied3\Downloads\Voice00112.amr
2017-09-27 23:51 - 2017-09-27 23:51 - 000405478 _____ C:\Users\willied3\Downloads\Voice00112 (1).amr
2017-09-27 23:51 - 2017-09-27 23:51 - 000197798 _____ C:\Users\willied3\Downloads\Voice00115.amr
2017-09-27 23:51 - 2017-09-27 23:51 - 000154310 _____ C:\Users\willied3\Downloads\Voice00118.amr
2017-09-27 23:51 - 2017-09-27 23:51 - 000065510 _____ C:\Users\willied3\Downloads\Voice00113.amr
2017-09-21 22:28 - 2017-09-21 22:28 - 000960838 _____ C:\Users\willied3\Downloads\Voice00120 (1).amr
2017-09-20 23:35 - 2017-09-20 23:35 - 000960838 _____ C:\Users\willied3\Downloads\Voice00120.amr
2017-09-17 16:26 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-17 16:26 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-17 16:26 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-17 16:26 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-17 16:26 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-17 16:26 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-17 16:26 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-17 16:26 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-17 16:26 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-17 16:26 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-17 16:26 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-17 16:26 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-17 16:26 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-17 16:26 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-17 16:26 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-17 16:26 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-17 16:26 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-17 16:26 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-17 16:26 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-17 16:26 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-17 16:26 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-17 16:26 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-17 16:26 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-17 16:26 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-17 16:26 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-17 16:26 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-17 16:26 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-17 16:26 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-17 16:26 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-17 16:26 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-17 16:26 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-17 16:26 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-17 16:26 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-17 16:26 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-17 16:26 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-17 16:26 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-17 16:26 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-17 16:26 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-17 16:26 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-17 16:26 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-17 16:26 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-17 16:26 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-17 16:26 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-17 16:26 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-17 16:26 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-17 16:26 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-17 16:26 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-17 16:26 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-17 16:26 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-17 16:26 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-17 16:26 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-17 16:26 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-17 16:26 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-17 16:26 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-17 16:26 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-17 16:26 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-17 16:26 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-17 16:26 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-17 16:26 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-17 16:26 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-17 16:26 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-17 16:26 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-17 16:26 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-17 16:26 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-17 16:26 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-17 16:26 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-17 16:26 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-17 16:26 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-17 16:26 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-17 16:26 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-17 16:26 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-17 16:26 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-17 16:26 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-17 16:26 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-17 16:26 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-17 16:26 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-17 16:26 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-17 16:26 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-17 16:26 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-17 16:26 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-17 16:26 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-17 16:26 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-17 16:26 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-17 16:25 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-17 16:25 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-17 16:25 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-17 16:25 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-17 16:25 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-17 16:25 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-17 16:25 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-17 16:25 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-17 16:25 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-17 16:25 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-17 16:25 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-17 16:25 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-17 16:25 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-17 16:25 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-17 16:25 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-17 16:25 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-17 16:25 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-17 16:25 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-17 16:25 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-17 16:25 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-17 16:25 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-17 16:25 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-17 16:25 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-17 16:25 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-17 16:25 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-17 16:25 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-17 16:25 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-17 16:25 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-17 16:25 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-17 16:25 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-17 16:25 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-17 16:25 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-17 16:25 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-17 16:25 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-17 16:25 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-17 16:25 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-17 16:25 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-17 16:25 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-17 16:25 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-17 16:25 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-17 16:25 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-17 16:25 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-17 16:25 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-17 16:25 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-17 16:25 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-17 16:25 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-17 16:25 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-17 16:25 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-17 16:25 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-17 16:25 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-17 16:25 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-17 16:25 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-17 16:25 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-17 16:25 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-17 16:25 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-17 16:24 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-17 16:24 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-17 16:24 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-17 16:24 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-17 16:24 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-17 16:24 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-17 16:24 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-17 16:24 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-17 16:24 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-17 16:24 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-17 16:24 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-17 16:24 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-17 16:24 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-17 16:24 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-17 16:24 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-17 16:24 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-17 16:24 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-17 16:24 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-17 16:24 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-17 16:24 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-17 16:24 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-17 16:24 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-17 16:24 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-17 16:24 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-17 16:24 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-17 16:24 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-17 16:24 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-17 16:24 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-17 16:24 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-17 16:24 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-17 16:24 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-17 16:24 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-17 16:24 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-17 16:24 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-17 16:24 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-17 16:24 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-17 16:24 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-17 16:24 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-17 16:24 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-17 16:24 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-17 16:24 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-17 16:24 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-17 16:24 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-17 16:24 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-17 16:24 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-17 16:24 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-17 16:24 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-17 16:24 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-17 16:24 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-17 16:24 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-17 16:24 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-17 16:24 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-17 16:24 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-17 16:24 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-17 16:24 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-17 16:24 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-17 16:24 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-17 16:24 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-17 16:24 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-17 16:24 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-17 16:24 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-17 16:24 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-17 16:24 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-17 16:24 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-17 16:24 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-17 16:24 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-17 16:24 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-17 16:24 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-17 16:24 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-17 16:24 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-17 16:24 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-17 16:24 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-17 16:24 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-17 16:24 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-17 16:24 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-17 16:24 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-17 16:24 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-17 16:24 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-17 16:24 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-17 16:24 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-17 16:24 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-17 16:24 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-17 16:24 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-17 16:24 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-17 16:24 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-17 16:24 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-17 16:24 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-17 16:24 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-17 16:24 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-17 16:24 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-17 16:24 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-17 16:24 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-17 16:24 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-17 16:24 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-17 16:24 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-17 16:24 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-17 16:24 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-17 16:24 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-17 16:24 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-17 16:24 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-17 16:24 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-17 16:24 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-17 16:24 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-17 16:24 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-17 16:24 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-17 16:24 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-17 16:24 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-17 16:24 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-17 16:23 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-17 16:23 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-17 16:23 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-17 16:23 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-17 16:23 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-17 16:23 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-17 16:23 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-17 16:23 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-17 16:23 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-17 16:23 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-17 16:23 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-17 16:23 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-17 16:23 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-17 16:23 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-17 16:23 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-17 16:23 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-17 16:23 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-17 16:23 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-17 16:23 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-17 16:23 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-17 16:23 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-17 16:23 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-17 16:23 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-17 16:23 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-17 16:23 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-17 16:23 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-17 16:23 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-17 16:23 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-17 16:23 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-17 16:23 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-17 16:23 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-17 16:23 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-17 16:23 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-17 16:23 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-17 16:23 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-17 16:23 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-17 16:23 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-17 16:23 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-17 16:23 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-17 16:23 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-17 16:23 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-17 16:23 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-17 16:23 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-17 16:23 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-17 16:23 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-17 16:23 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-17 16:23 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-17 16:23 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-17 16:23 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-17 16:23 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-17 16:23 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-17 16:23 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-13 20:57 - 2016-07-29 00:08 - 000000000 __SHD C:\Users\willied3\IntelGraphicsProfiles
2017-10-13 20:51 - 2017-07-26 23:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-13 20:25 - 2017-07-27 00:06 - 000000000 ____D C:\Users\willied3
2017-10-13 20:19 - 2017-07-27 00:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-13 18:45 - 2017-03-18 07:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-10-12 09:57 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-12 00:42 - 2016-12-06 11:00 - 000000000 ____D C:\Users\willied3\AppData\LocalLow\Mozilla
2017-10-12 00:34 - 2016-08-02 15:13 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-11 23:15 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-11 18:57 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-11 17:43 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-10 22:45 - 2017-07-27 00:25 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{99A7E80C-EE1F-4F3B-B860-CC0F9C483F30}
2017-10-10 21:38 - 2016-05-14 23:00 - 000000000 ____D C:\Program Files (x86)\Free Audio Editor Import from video feature
2017-10-10 21:38 - 2015-05-17 23:59 - 000000000 ____D C:\Program Files (x86)\DVDVideoSoft
2017-10-10 19:35 - 2017-03-18 07:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-10-10 12:19 - 2017-06-07 19:17 - 000000000 ____D C:\Users\willied3\AppData\Roaming\Imo Messenger
2017-10-09 21:53 - 2015-08-15 00:33 - 000000000 ____D C:\Users\willied3\Documents\Studio One
2017-10-09 17:11 - 2017-07-10 02:20 - 000000000 ____D C:\Users\willied3\AppData\Local\GoToMeeting
2017-10-06 18:30 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-06 17:21 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-10-06 17:21 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-10-04 13:15 - 2015-12-13 23:19 - 000000662 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3943819030-1241084623-1333657090-1001.job
2017-10-04 13:15 - 2015-12-13 23:19 - 000000566 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3943819030-1241084623-1333657090-1001.job
2017-10-04 00:06 - 2017-07-27 00:25 - 000003820 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3943819030-1241084623-1333657090-1001
2017-10-04 00:06 - 2017-07-27 00:25 - 000003724 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3943819030-1241084623-1333657090-1001
2017-10-03 23:36 - 2015-08-17 23:48 - 000000000 ____D C:\Users\willied3\AppData\Roaming\Celemony Software GmbH
2017-09-29 11:33 - 2017-09-08 17:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-29 11:33 - 2015-05-16 22:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-28 15:44 - 2017-08-25 20:12 - 000000000 ____D C:\Users\willied3\AppData\Roaming\Kodi
2017-09-28 00:14 - 2016-08-05 20:48 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-28 00:14 - 2016-08-05 20:48 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-21 21:08 - 2017-07-27 00:25 - 001336088 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-20 23:25 - 2017-07-27 00:25 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3943819030-1241084623-1333657090-1001
2017-09-20 23:25 - 2016-07-28 23:50 - 000002424 _____ C:\Users\willied3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-20 23:25 - 2016-07-28 23:50 - 000000000 ___RD C:\Users\willied3\OneDrive
2017-09-18 12:31 - 2016-04-27 02:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-18 12:27 - 2017-07-26 23:59 - 000247840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-18 12:23 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-18 12:23 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-18 12:22 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-18 12:22 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-18 12:22 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-18 12:22 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-18 12:21 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-18 12:21 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-17 16:49 - 2016-08-02 15:13 - 000000000 ____D C:\WINDOWS\system32\MRT
 
==================== Files in the root of some directories =======
 
2016-10-15 22:18 - 2016-10-15 22:18 - 000003584 _____ () C:\Users\willied3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-11 21:11 - 2017-10-11 21:11 - 000000000 _____ () C:\Users\willied3\AppData\Local\{E87047DA-112F-4B22-B90B-89DB5B7C88AB}
2017-10-12 01:15 - 2017-10-12 01:15 - 000048441 _____ () C:\ProgramData\agent.1507785341.bdinstall.bin
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys
[2017-03-18 16:57] - [2017-03-18 16:57] - 000397216 _____ (Microsoft Corporation) E3429DBBEA3965BB96E24B16EF4A2551
 
 
LastRegBack: 2017-10-13 20:30
 
==================== End of FRST.txt ============================

Edited by dennis369, 13 October 2017 - 09:25 PM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:24 PM

Posted 17 October 2017 - 06:00 PM

Greetings dennis369 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please copy and paste the Addition.txt file in your reply. It should be located on your E: drive.

Boot into Safe Mode with Networking and see how your computer performs.
 

Are text files ok for future attachments?

Copy and paste all information into your reply unless requested otherwise.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 dennis369

dennis369
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 17 October 2017 - 08:21 PM

Hi Gary,

 

Sure you can call me by my first name

 

I really appreciate the help. This issue has popped up to my great surprise and is taking time I never expected to face with this machine. But since we're here we must deal. I will try the safe mode with networking but have already encountered an issue as the machine refuses to address the firewall issue. I felt forced to stop the wi-fi because the entire process on this issue kept cycling over and over again. I will post my next reply asap.

 

Please find the ADDITION log below

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by willied3 (13-10-2017 21:20:38)
Running from E:\
Windows 10 Home Version 1703 170317-1834 (X64) (2017-07-27 04:37:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3943819030-1241084623-1333657090-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3943819030-1241084623-1333657090-503 - Limited - Disabled)
Guest (S-1-5-21-3943819030-1241084623-1333657090-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3943819030-1241084623-1333657090-1005 - Limited - Enabled)
willied3 (S-1-5-21-3943819030-1241084623-1333657090-1001 - Administrator - Enabled) => C:\Users\willied3
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Antivirus (Disabled - Out of date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1-Click YouTube Downloader 15.0 (HKLM-x32\...\1-Click YouTube Downloader_is1) (Version:  - )
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Bullzip PDF Printer 10.8.0.2282 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.8.0.2282 - Bullzip)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)
DVDVideoSoftFS version 6.5.1.514 (HKLM-x32\...\DVDVideoSoftFS_is1) (Version: 6.5.1.514 - DVDVideoSoft Ltd.)
Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.98.721 - Digital Wave Ltd)
Free Audio Editor 2015 9.2.7 (HKLM-x32\...\Free Audio Editor 2015_is1) (Version:  - FAE Distribution, Inc.)
Free Audio Editor 2016 v9.3.4 (HKLM-x32\...\Free Audio Editor 2016_is1) (Version:  - Copyright© 2005-2016 FAEMedia, Inc.)
Free Audio Editor Import from video feature 9.0.1 (HKLM-x32\...\Free Audio Editor Import from video feature_is1) (Version:  - FAE Distribution, Inc.)
Free PDF to BMP Converter (HKLM-x32\...\{753FC6AD-F940-4540-B954-EAB7B3144211}) (Version: 1.0.0 - Free PDF Solutions)
Free Studio version 6.5.3.713 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.3.713 - DVDVideoSoft Ltd.)
Free Video Editor (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.53.831 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.14.0.7716 (HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\GoToMeeting) (Version: 8.14.0.7716 - LogMeIn, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Imo Messenger (HKLM-x32\...\{C24BA4A6-1B25-45A1-9613-8B4E992826B5}) (Version: 1.0.6 - PageBites, Inc)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Kodi (HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MediaPlayerLite 0.5.4.0 (HKLM-x32\...\MediaPlayerLite) (Version: 0.5.4.0 - MediaPlayerLite)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Melodyne singletrack (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 2.01.0202 - Celemony Software GmbH)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.0.2770 - Native Instruments)
Native Instruments Guitar Rig Factory Selection for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Factory Selection for Maschine) (Version:  - Native Instruments)
Native Instruments Guitar Rig Mobile IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Mobile IO Driver) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Session IO Driver) (Version:  - Native Instruments)
Native Instruments Komplete 8 Players (HKLM-x32\...\Native Instruments Komplete 8 Players) (Version:  - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.3.1344 - Native Instruments)
Native Instruments Reaktor Factory Selection (HKLM-x32\...\Native Instruments Reaktor Factory Selection) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
OnStream Webinars Screen Sharing (HKLM-x32\...\{b7104c0f-b774-4ff0-9c5f-ddad61ca2186}) (Version: 5.0.0.16819 - OnStream Media Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PreSonus Studio One 2 (HKLM-x32\...\PreSonus Studio One 2) (Version: 2.6.5.30360 - PreSonus Audio Electronics)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
SONAR 7 Producer Edition Trial (HKLM-x32\...\SONAR7ProducerTrial_is1) (Version: 16.0 - Cakewalk Music Software)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.10 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.30 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.3 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
ZoneAlarm Antivirus (HKLM-x32\...\{87D6BFBA-093E-40B8-845E-746B75BE7339}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{3B214EF2-9413-4300-96DB-165ECA1ED736}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 15.1.504.17269 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{A51FEF33-C7A2-492E-840B-35A85D1F007E}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3943819030-1241084623-1333657090-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3943819030-1241084623-1333657090-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\willied3\AppData\Local\Citrix\GoToMeeting\3911\G2MOutlookAddin64.dll => No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-11] ()
ContextMenuHandlers1: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-10-11] (SurfRight B.V.)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => C:\windows\SysWOW64\ISCM64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-08-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-08-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-04-14] (Check Point Software Technologies Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-10-11] (SurfRight B.V.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-11] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-08-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-08-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-04-14] (Check Point Software Technologies Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AD778EB-751B-4D05-A935-D3BA8F2EF0A8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-05-04] (Synaptics Incorporated)
Task: {2305F464-34D8-4DAD-890D-FF8BB7CE76C1} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {29537563-381A-4CA3-A2CD-CD7F6B7A7C82} - System32\Tasks\G2MUploadTask-S-1-5-21-3943819030-1241084623-1333657090-1001 => C:\Users\willied3\AppData\Local\GoToMeeting\7716\g2mupload.exe [2017-10-04] (LogMeIn, Inc.)
Task: {3183B08F-C0BE-4D9E-8274-21DB81C55361} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
Task: {62C786C0-399F-4C0F-8C3B-03D07CE5296A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {642F51D5-0BE6-4E0A-BEB4-09B3C6A598B0} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {7BEE7285-C060-484A-B827-5C21C055836F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [2017-10-12] (Microsoft Corporation)
Task: {8EC2B956-4A7C-4249-9571-D727D235391B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {9B2A7D13-23A1-4685-8C70-3ABEFFCD06CC} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1b6ba0b2-abdf-492b-9511-1d50ca742f52 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {A26EA248-7C27-43CB-8E06-76F32CBAD78D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-05] (Google Inc.)
Task: {A956DAF6-B846-4387-943F-1D3D26E2CD6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-05] (Google Inc.)
Task: {B58441D7-E944-430F-A008-E1E7093F6CD5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe
Task: {C01FF536-997E-4D5C-A5AE-03B5B037F78E} - \WPD\SqmUpload_S-1-5-21-3943819030-1241084623-1333657090-1001 -> No File <==== ATTENTION
Task: {E36A2555-A335-4880-8EED-4B0417CD9E51} - System32\Tasks\G2MUpdateTask-S-1-5-21-3943819030-1241084623-1333657090-1001 => C:\Users\willied3\AppData\Local\GoToMeeting\7716\g2mupdate.exe [2017-10-04] (LogMeIn, Inc.)
Task: {FD79A1A5-689E-4F08-AD9C-34F2CB821E73} - System32\Tasks\SUPERAntiSpyware Scheduled Task 85108678-9447-4f3a-9dba-4efe57171fc4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3943819030-1241084623-1333657090-1001.job => C:\Users\willied3\AppData\Local\GoToMeeting\7716\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3943819030-1241084623-1333657090-1001.job => C:\Users\willied3\AppData\Local\GoToMeeting\7716\g2mupload.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1b6ba0b2-abdf-492b-9511-1d50ca742f52.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 85108678-9447-4f3a-9dba-4efe57171fc4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\willied3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-03-25 19:44 - 2013-03-25 19:44 - 000016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2017-10-10 21:20 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-10-11 18:30 - 2017-10-11 18:30 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-08-13 23:00 - 2012-05-24 13:47 - 007591424 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe
2017-09-17 16:00 - 2017-09-17 16:03 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-06 16:48 - 2017-10-06 16:48 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-10-06 16:48 - 2017-10-06 16:48 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-10-09 17:06 - 2017-10-09 17:07 - 034988544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-10-09 17:06 - 2017-10-09 17:07 - 009214464 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-24 22:08 - 2017-08-24 22:08 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2017-09-27 23:57 - 2017-09-27 23:58 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-09 17:06 - 2017-10-09 17:07 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2017-10-06 17:35 - 2017-10-06 17:36 - 001226424 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40445.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-04-08 17:27 - 2017-04-08 17:32 - 001695440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40445.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-09-17 16:00 - 2017-09-17 16:03 - 003553704 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40445.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2015-05-18 00:01 - 2016-10-27 12:31 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-05-18 00:01 - 2016-10-27 12:31 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-05-18 00:01 - 2016-10-27 12:31 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-05-18 00:01 - 2016-10-27 12:31 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2013-07-31 20:43 - 2013-01-14 13:25 - 001200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-08-13 23:00 - 2012-05-22 12:07 - 000176128 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll
2015-05-16 23:02 - 2014-05-19 17:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-05-16 23:02 - 2014-10-31 16:40 - 001498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Innovation\White.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\StartupApproved\Run: => "Norton Download Manager{NIS2250215-SHPD-FSD51083}"
HKU\S-1-5-21-3943819030-1241084623-1333657090-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{43936649-EADE-45BA-8793-04A686576401}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{57EFA8C7-BE7C-47EB-A64C-182925AF52AE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{24C0F7F5-AEE0-48D3-BCEA-E05E9EBA2E23}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{1B292AF9-95AA-4359-AFF2-C04C41D6BEB2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{1984B65D-E214-4E29-8F9A-EF94A0142995}] => (Allow) C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe
FirewallRules: [{F6F1BC20-9868-4A7B-86AF-50154FC4D904}] => (Allow) C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe
FirewallRules: [UDP Query User{BE67FDC3-2FE7-423B-AE94-6CCA9EB0BC6B}C:\program files (x86)\presonus\studio one 2\studio one.exe] => (Allow) C:\program files (x86)\presonus\studio one 2\studio one.exe
FirewallRules: [TCP Query User{7D4BF04C-1F5F-472A-8FEA-FD669042B2C1}C:\program files (x86)\presonus\studio one 2\studio one.exe] => (Allow) C:\program files (x86)\presonus\studio one 2\studio one.exe
FirewallRules: [UDP Query User{6CBA939B-308A-4638-8572-547B72471A7C}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [TCP Query User{C5466792-5DB0-4EFF-BC28-AD1F1F4D7332}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{A4CDA79F-6790-49B4-A73B-F9E9CE97DE98}C:\program files (x86)\presonus\studio one 2\studio one.exe] => (Block) C:\program files (x86)\presonus\studio one 2\studio one.exe
FirewallRules: [TCP Query User{FAE60295-F049-4D91-8CFE-3EAC2085F48B}C:\program files (x86)\presonus\studio one 2\studio one.exe] => (Block) C:\program files (x86)\presonus\studio one 2\studio one.exe
FirewallRules: [{0F473AF6-DC1D-4218-8D14-72DB035355A3}] => (Allow) C:\Users\willied3\Downloads\pdftobmp_setup-74064309.exe
FirewallRules: [{4A981F5E-6310-4ECE-8034-667569E299F3}] => (Allow) C:\Users\willied3\Downloads\pdftobmp_setup-74064309.exe
FirewallRules: [UDP Query User{25753C00-29F9-4F89-A27C-54C94E1D2761}C:\program files\presonus\audiobox\audiobox.exe] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{206BFDE8-663E-4E83-A147-4BF389B8F172}C:\program files\presonus\audiobox\audiobox.exe] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{6582A954-3A95-4566-9D43-F712A7F8F643}C:\program files\presonus\audiobox\audiobox.exe] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{D5300791-147F-401C-9D95-86F74EEC2E0B}C:\program files\presonus\audiobox\audiobox.exe] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{EC8C46E5-EE77-4573-9F65-663A542CAF84}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D5DC987-6062-4639-BBAA-E92430AE7D88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7457EF9D-EF9D-4BD8-8A22-27348CA2A712}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ABCE8C15-272E-4A89-B925-4C840DD56481}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{163DD348-F62D-454F-BC1D-CD9D15645B98}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [UDP Query User{5F2FBF29-59B8-438D-98B2-186C31EC2655}C:\program files (x86)\iskysoft\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\iskysoft\vcu\urlreqservice.exe
FirewallRules: [TCP Query User{37FC9553-CD68-4509-A8DD-7A41A79BEC4F}C:\program files (x86)\iskysoft\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\iskysoft\vcu\urlreqservice.exe
FirewallRules: [{9498EE81-6A3B-420D-BE13-CF31B310BEB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{65A623B7-4DF4-478C-9E72-4B4CDD4BE91F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C49E61A-104C-4C35-B81A-CE0A2A5CA7ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
03-10-2017 13:26:08 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8188EE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/13/2017 08:57:42 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize
Stack Trace:
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(Object sender, InternalConfigEventArgs e)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(String configPath, BaseConfigurationRecord configRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
   at System.Configuration.ConfigurationManager.GetSection(String sectionName)
   at System.Configuration.ClientSettingsStore.ReadSettings(String sectionName, Boolean isUserScoped)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(SettingsContext context, SettingsPropertyCollection properties)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(SettingsProvider provider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(String propertyName)
   at System.Configuration.SettingsBase.get_Item(String propertyName)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(String propertyName)
   at System.Configuration.ApplicationSettingsBase.get_Item(String propertyName)
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/13/2017 06:48:00 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize
Stack Trace:
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(Object sender, InternalConfigEventArgs e)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(String configPath, BaseConfigurationRecord configRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
   at System.Configuration.ConfigurationManager.GetSection(String sectionName)
   at System.Configuration.ClientSettingsStore.ReadSettings(String sectionName, Boolean isUserScoped)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(SettingsContext context, SettingsPropertyCollection properties)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(SettingsProvider provider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(String propertyName)
   at System.Configuration.SettingsBase.get_Item(String propertyName)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(String propertyName)
   at System.Configuration.ApplicationSettingsBase.get_Item(String propertyName)
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/13/2017 06:26:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize
Stack Trace:
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(Object sender, InternalConfigEventArgs e)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(String configPath, BaseConfigurationRecord configRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
   at System.Configuration.ConfigurationManager.GetSection(String sectionName)
   at System.Configuration.ClientSettingsStore.ReadSettings(String sectionName, Boolean isUserScoped)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(SettingsContext context, SettingsPropertyCollection properties)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(SettingsProvider provider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(String propertyName)
   at System.Configuration.SettingsBase.get_Item(String propertyName)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(String propertyName)
   at System.Configuration.ApplicationSettingsBase.get_Item(String propertyName)
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/12/2017 09:06:17 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize
Stack Trace:
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(Object sender, InternalConfigEventArgs e)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(String configPath, BaseConfigurationRecord configRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
   at System.Configuration.ConfigurationManager.GetSection(String sectionName)
   at System.Configuration.ClientSettingsStore.ReadSettings(String sectionName, Boolean isUserScoped)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(SettingsContext context, SettingsPropertyCollection properties)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(SettingsProvider provider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(String propertyName)
   at System.Configuration.SettingsBase.get_Item(String propertyName)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(String propertyName)
   at System.Configuration.ApplicationSettingsBase.get_Item(String propertyName)
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/12/2017 08:58:14 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize
Stack Trace:
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(Object sender, InternalConfigEventArgs e)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(String configPath, BaseConfigurationRecord configRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
   at System.Configuration.ConfigurationManager.GetSection(String sectionName)
   at System.Configuration.ClientSettingsStore.ReadSettings(String sectionName, Boolean isUserScoped)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(SettingsContext context, SettingsPropertyCollection properties)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(SettingsProvider provider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(String propertyName)
   at System.Configuration.SettingsBase.get_Item(String propertyName)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(String propertyName)
   at System.Configuration.ApplicationSettingsBase.get_Item(String propertyName)
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/12/2017 08:54:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: willie)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/12/2017 08:54:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: zatray.exe, version: 15.1.504.17269, time stamp: 0x58efd818
Faulting module name: VSINIT.dll, version: 15.1.504.17269, time stamp: 0x58efd348
Exception code: 0xc0000005
Fault offset: 0x00012b31
Faulting process id: 0x16d8
Faulting application start time: 0x01d343bdde0972b3
Faulting application path: C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
Faulting module path: C:\Program Files (x86)\CheckPoint\ZoneAlarm\VSINIT.dll
Report Id: 5b9c4f98-71f1-4ff3-88ed-4085e9a48745
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/12/2017 08:54:51 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize
Stack Trace:
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(Object sender, InternalConfigEventArgs e)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(String configPath, BaseConfigurationRecord configRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
   at System.Configuration.ConfigurationManager.GetSection(String sectionName)
   at System.Configuration.ClientSettingsStore.ReadSettings(String sectionName, Boolean isUserScoped)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(SettingsContext context, SettingsPropertyCollection properties)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(SettingsProvider provider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(String propertyName)
   at System.Configuration.SettingsBase.get_Item(String propertyName)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(String propertyName)
   at System.Configuration.ApplicationSettingsBase.get_Item(String propertyName)
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/12/2017 08:50:48 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize
Stack Trace:
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(Object sender, InternalConfigEventArgs e)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(String configPath, BaseConfigurationRecord configRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
   at System.Configuration.ConfigurationManager.GetSection(String sectionName)
   at System.Configuration.ClientSettingsStore.ReadSettings(String sectionName, Boolean isUserScoped)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(SettingsContext context, SettingsPropertyCollection properties)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(SettingsProvider provider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(String propertyName)
   at System.Configuration.SettingsBase.get_Item(String propertyName)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(String propertyName)
   at System.Configuration.ApplicationSettingsBase.get_Item(String propertyName)
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/12/2017 09:48:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: willie)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/13/2017 09:21:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 56 time(s).
 
Error: (10/13/2017 09:21:02 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/13/2017 09:20:58 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/13/2017 09:20:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 55 time(s).
 
Error: (10/13/2017 09:20:35 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/13/2017 09:20:32 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/13/2017 09:20:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 54 time(s).
 
Error: (10/13/2017 09:20:10 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/13/2017 09:20:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/13/2017 09:19:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 53 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-10-11 18:26:51.926
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-11 17:49:54.747
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 1037U @ 1.80GHz
Percentage of memory in use: 50%
Total physical RAM: 3975.27 MB
Available physical RAM: 1985.82 MB
Total Virtual: 4231.27 MB
Available Virtual: 2230.93 MB
 
==================== Drives ================================
 
Drive c: (TI10664600G) (Fixed) (Total:452.8 GB) (Free:184.59 GB) NTFS
Drive e: () (Removable) (Total:3.73 GB) (Free:0.61 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 dennis369

dennis369
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 17 October 2017 - 09:14 PM

Gary,

 

I am unable to get the machine to go into any safe mode. I've performed about 10 attempts since my last post. I am using the Crtl + Restart method. I was able to boot to safe mode with networking when I installed my additional anti-spyware software. So it worked fine for the first reboots I tried before the weekend. But this method has not responded since I turned off the internet access. I believe the two go hand-in-hand.

 

What should I do next?



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:24 PM

Posted 17 October 2017 - 09:28 PM

Greetings Dennis.

There is some indication you might have an issue with your hard drive. We still have some testing to do but I want to save your data while we have the opportunity. I would advise you to back up all your data files as soon as possible. Please let me know when you have successfully done that then we can continue on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 dennis369

dennis369
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 17 October 2017 - 10:50 PM

I was prepared for that. I've moved my data. What's next?

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:24 PM

Posted 18 October 2017 - 09:13 AM

Good. Let's start with this.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click the C:\Program Files (86)\gsmartcontrol folder
  • Double click the gsmartcontrol application icon
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 dennis369

dennis369
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 October 2017 - 11:01 AM

I've run into an issue with the self test. I get an error message that reads: "Failed to execute helper program (Permission denied)"

However there does appear to be an information log when I select "view output"

Should i post that log or do we need to try something else?

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:24 PM

Posted 18 October 2017 - 11:41 AM

Right click on the icon and select Run as administrator.


Edited by Oh My!, 18 October 2017 - 11:54 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 dennis369

dennis369
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 October 2017 - 12:43 PM

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Device Model:     HGST HTS545050A7E380
Serial Number:    130605TM8534ZN2MT5YR
LU WWN Device Id: 5 000cca 71fe52cdf
Firmware Version: GG2OAC90
User Capacity:    500,107,862,016 bytes [500 GB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 6
Local Time is:    Wed Oct 18 11:57:13 2017 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      (  25) The self-test routine was aborted by
the host.
Total time to complete Offline 
data collection: (   45) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: (  99) minutes.
SCT capabilities:        (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   096   096   062    Pre-fail  Always       -       262148
  2 Throughput_Performance  0x0005   100   100   040    Pre-fail  Offline      -       0
  3 Spin_Up_Time            0x0007   214   214   033    Pre-fail  Always       -       1
  4 Start_Stop_Count        0x0012   100   100   000    Old_age   Always       -       1479
  5 Reallocated_Sector_Ct   0x0033   100   100   005    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000b   100   100   067    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0005   100   100   040    Pre-fail  Offline      -       0
  9 Power_On_Hours          0x0012   089   089   000    Old_age   Always       -       5064
 10 Spin_Retry_Count        0x0013   100   100   060    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       1199
191 G-Sense_Error_Rate      0x000a   100   100   000    Old_age   Always       -       0
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       167
193 Load_Cycle_Count        0x0012   065   065   000    Old_age   Always       -       352856
194 Temperature_Celsius     0x0002   150   150   000    Old_age   Always       -       40 (Min/Max 12/53)
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0022   100   100   000    Old_age   Always       -       8
198 Offline_Uncorrectable   0x0008   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x000a   200   200   000    Old_age   Always       -       0
223 Load_Retry_Count        0x000a   100   100   000    Old_age   Always       -       0
 
SMART Error Log Version: 1
ATA Error Count: 9250 (device log contains only the most recent five errors)
CR = Command Register [HEX]
FR = Features Register [HEX]
SC = Sector Count Register [HEX]
SN = Sector Number Register [HEX]
CL = Cylinder Low Register [HEX]
CH = Cylinder High Register [HEX]
DH = Device/Head Register [HEX]
DC = Device Command Register [HEX]
ER = Error register [HEX]
ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.
 
Error 9250 occurred at disk power-on lifetime: 5064 hours (211 days + 0 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 68 bf 1e 01  Error: UNC at LBA = 0x011ebf68 = 18792296
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 08 90 68 bf 1e 40 00      00:30:25.931  READ FPDMA QUEUED
  61 00 88 58 bf 06 40 00      00:30:25.931  WRITE FPDMA QUEUED
  61 00 80 58 be 06 40 00      00:30:25.931  WRITE FPDMA QUEUED
  61 00 78 58 bd 06 40 00      00:30:25.931  WRITE FPDMA QUEUED
  61 00 70 58 bc 06 40 00      00:30:25.931  WRITE FPDMA QUEUED
 
Error 9249 occurred at disk power-on lifetime: 5064 hours (211 days + 0 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 68 bf 1e 01  Error: WP at LBA = 0x011ebf68 = 18792296
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  61 08 30 f0 fb f8 40 00      00:30:22.374  WRITE FPDMA QUEUED
  61 08 28 40 b7 87 40 00      00:30:22.374  WRITE FPDMA QUEUED
  61 08 20 f0 fb f8 40 00      00:30:22.374  WRITE FPDMA QUEUED
  61 08 18 c0 b6 87 40 00      00:30:22.373  WRITE FPDMA QUEUED
  61 08 10 f0 fb f8 40 00      00:30:22.373  WRITE FPDMA QUEUED
 
Error 9248 occurred at disk power-on lifetime: 5064 hours (211 days + 0 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 68 bf 1e 01  Error: UNC at LBA = 0x011ebf68 = 18792296
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 08 28 68 bf 1e 40 00      00:30:03.711  READ FPDMA QUEUED
  61 10 20 d0 68 e4 40 00      00:30:03.711  WRITE FPDMA QUEUED
  61 08 18 c0 b6 87 40 00      00:30:03.711  WRITE FPDMA QUEUED
  60 19 10 80 6c af 40 00      00:30:03.711  READ FPDMA QUEUED
  60 08 08 78 56 2c 40 00      00:30:03.688  READ FPDMA QUEUED
 
Error 9247 occurred at disk power-on lifetime: 5064 hours (211 days + 0 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 68 bf 1e 01  Error: UNC at LBA = 0x011ebf68 = 18792296
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 08 f8 68 bf 1e 40 00      00:30:00.144  READ FPDMA QUEUED
  60 19 f0 c0 23 70 40 00      00:30:00.144  READ FPDMA QUEUED
  60 08 e8 78 56 2c 40 00      00:30:00.139  READ FPDMA QUEUED
  60 19 e0 70 1d d8 40 00      00:30:00.125  READ FPDMA QUEUED
  60 08 d8 00 f2 8f 40 00      00:30:00.113  READ FPDMA QUEUED
 
Error 9246 occurred at disk power-on lifetime: 5064 hours (211 days + 0 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 68 bf 1e 01  Error: UNC at LBA = 0x011ebf68 = 18792296
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 40 88 c8 f9 48 40 00      00:29:37.514  READ FPDMA QUEUED
  61 60 80 b0 5c f4 40 00      00:29:37.514  WRITE FPDMA QUEUED
  61 00 78 b0 5b f4 40 00      00:29:37.514  WRITE FPDMA QUEUED
  61 00 70 b0 5a f4 40 00      00:29:37.514  WRITE FPDMA QUEUED
  61 00 68 b0 59 f4 40 00      00:29:37.514  WRITE FPDMA QUEUED
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Aborted by host               90%      5064         -
# 2  Short offline       Aborted by host               90%      5064         -
# 3  Short offline       Completed without error       00%         3         -
# 4  Short offline       Completed without error       00%         3         -
# 5  Short offline       Completed without error       00%         3         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:24 PM

Posted 18 October 2017 - 02:53 PM

I may want to do a follow up drive test but I would like to do this first.

===================================================

Running chkdsk Scan with Report

--------------------
  • Click Start, type cmd, right click on cmd above and select Run as Administrator
  • Copy and paste the following after the command prompt and click Enter

chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskreport.txt"

  • The black command window will remain empty for a few minutes. When completed you will see the C:\Windows\system32> prompt
  • When completed a chkdskreport.txt document will appear on your desktop
  • Copy and paste the contents of the report on your desktop in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • chkdsk report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 dennis369

dennis369
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 October 2017 - 04:18 PM

Took me a minute to find the right tool. But I got it done.

 

The type of the file system is NTFS.
Volume label is TI10664600G.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 394496 done; Stage:  0%; Total:  0%; ETA:   0:18:59    
Progress: 4176 of 394496 done; Stage:  1%; Total:  0%; ETA:   0:18:55 .  
Progress: 13937 of 394496 done; Stage:  3%; Total:  1%; ETA:   0:18:46 .. 
Progress: 31233 of 394496 done; Stage:  7%; Total:  2%; ETA:   0:00:47 ...
Progress: 39242 of 394496 done; Stage:  9%; Total:  3%; ETA:   0:00:51    
Progress: 45569 of 394496 done; Stage: 11%; Total:  4%; ETA:   0:00:56 .  
Progress: 48897 of 394496 done; Stage: 12%; Total:  4%; ETA:   0:01:02 .. 
Progress: 66985 of 394496 done; Stage: 16%; Total:  5%; ETA:   0:00:54 ...
Progress: 82668 of 394496 done; Stage: 20%; Total:  7%; ETA:   0:00:49    
Progress: 100878 of 394496 done; Stage: 25%; Total:  8%; ETA:   0:00:44 .  
Progress: 116993 of 394496 done; Stage: 29%; Total: 10%; ETA:   0:00:43 .. 
Progress: 127280 of 394496 done; Stage: 32%; Total: 11%; ETA:   0:00:43 ...
Progress: 145921 of 394496 done; Stage: 36%; Total: 12%; ETA:   0:00:39    
Progress: 157071 of 394496 done; Stage: 39%; Total: 13%; ETA:   0:00:39 .  
Progress: 168428 of 394496 done; Stage: 42%; Total: 14%; ETA:   0:00:39 .. 
Progress: 171521 of 394496 done; Stage: 43%; Total: 15%; ETA:   0:00:40 ...
Progress: 173412 of 394496 done; Stage: 43%; Total: 15%; ETA:   0:00:43    
Progress: 174298 of 394496 done; Stage: 44%; Total: 15%; ETA:   0:00:44 .  
Progress: 177161 of 394496 done; Stage: 44%; Total: 15%; ETA:   0:00:46 .. 
Progress: 177710 of 394496 done; Stage: 45%; Total: 15%; ETA:   0:00:49 ...
Progress: 177929 of 394496 done; Stage: 45%; Total: 15%; ETA:   0:00:51    
Progress: 178689 of 394496 done; Stage: 45%; Total: 15%; ETA:   0:00:54 .  
Progress: 179284 of 394496 done; Stage: 45%; Total: 15%; ETA:   0:00:56 .. 
Progress: 183457 of 394496 done; Stage: 46%; Total: 16%; ETA:   0:00:57 ...
Progress: 191877 of 394496 done; Stage: 48%; Total: 17%; ETA:   0:00:57    
Progress: 192180 of 394496 done; Stage: 48%; Total: 17%; ETA:   0:00:59 .  
Progress: 200458 of 394496 done; Stage: 50%; Total: 18%; ETA:   0:00:59 .. 
Progress: 203009 of 394496 done; Stage: 51%; Total: 18%; ETA:   0:00:59 ...
Progress: 203436 of 394496 done; Stage: 51%; Total: 18%; ETA:   0:01:01    
Progress: 203893 of 394496 done; Stage: 51%; Total: 18%; ETA:   0:01:17 .  
Progress: 203985 of 394496 done; Stage: 51%; Total: 18%; ETA:   0:01:31 .. 
Progress: 212771 of 394496 done; Stage: 53%; Total: 19%; ETA:   0:01:31 ...
Progress: 214368 of 394496 done; Stage: 54%; Total: 19%; ETA:   0:01:31    
Progress: 219246 of 394496 done; Stage: 55%; Total: 19%; ETA:   0:01:31 .  
Progress: 222370 of 394496 done; Stage: 56%; Total: 20%; ETA:   0:01:31 .. 
Progress: 223866 of 394496 done; Stage: 56%; Total: 20%; ETA:   0:01:31 ...
Progress: 244993 of 394496 done; Stage: 62%; Total: 22%; ETA:   0:01:23    
Progress: 271201 of 394496 done; Stage: 68%; Total: 24%; ETA:   0:01:15 .  
Progress: 278529 of 394496 done; Stage: 70%; Total: 25%; ETA:   0:01:13 .. 
Progress: 281044 of 394496 done; Stage: 71%; Total: 25%; ETA:   0:01:13 ...
Progress: 282405 of 394496 done; Stage: 71%; Total: 25%; ETA:   0:01:13    
Progress: 285956 of 394496 done; Stage: 72%; Total: 25%; ETA:   0:01:13 .  
Progress: 288857 of 394496 done; Stage: 73%; Total: 26%; ETA:   0:01:15 .. 
Progress: 291803 of 394496 done; Stage: 73%; Total: 26%; ETA:   0:01:15 ...
Progress: 313618 of 394496 done; Stage: 79%; Total: 28%; ETA:   0:01:10    
Progress: 327010 of 394496 done; Stage: 82%; Total: 29%; ETA:   0:01:07 .  
Progress: 334727 of 394496 done; Stage: 84%; Total: 30%; ETA:   0:01:05 .. 
Progress: 348113 of 394496 done; Stage: 88%; Total: 31%; ETA:   0:01:03 ...
Progress: 361729 of 394496 done; Stage: 91%; Total: 32%; ETA:   0:01:02    
Progress: 394496 of 394496 done; Stage: 100%; Total: 35%; ETA:   0:00:55 .  
                                                                                       
                                                                                       
  394496 file records processed.                                                        
 
File verification completed.
Progress: 9807 of 9807 done; Stage: 100%; Total: 26%; ETA:   0:01:21 .. 
                                                                                       
                                                                                       
  9807 large file records processed.                                   
 
Progress: 0 of 0 done; Stage: 99%; Total: 26%; ETA:   0:01:21 ...
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
Progress: 738 of 480364 done; Stage:  0%; Total: 26%; ETA:   0:01:21    
Progress: 39390 of 480364 done; Stage:  8%; Total: 29%; ETA:   0:01:15 .  
Progress: 79323 of 480364 done; Stage: 16%; Total: 31%; ETA:   0:01:07 .. 
Progress: 126710 of 480364 done; Stage: 26%; Total: 35%; ETA:   0:00:59 ...
Progress: 176673 of 480364 done; Stage: 36%; Total: 38%; ETA:   0:00:52    
Progress: 212842 of 480364 done; Stage: 44%; Total: 40%; ETA:   0:00:47 .  
Progress: 287143 of 480364 done; Stage: 59%; Total: 45%; ETA:   0:00:39 .. 
Progress: 326705 of 480364 done; Stage: 68%; Total: 48%; ETA:   0:00:36 ...
Progress: 394499 of 480364 done; Stage: 82%; Total: 52%; ETA:   0:00:31    
Progress: 394592 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31 .  
Progress: 394818 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31 .. 
Progress: 395009 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31 ...
Progress: 395220 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31    
Progress: 395314 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31 .  
Progress: 395341 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:32 .. 
Progress: 395460 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:32 ...
Progress: 395789 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:32    
Progress: 396017 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:32 .  
Progress: 396027 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:32 .. 
Progress: 396029 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:32 ...
Progress: 396042 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:36    
Progress: 396129 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:38 .  
Progress: 396269 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:38 .. 
Progress: 396433 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40 ...
Progress: 396748 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40    
Progress: 396998 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40 .  
Progress: 397570 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40 .. 
Progress: 397823 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40 ...
Progress: 397994 of 480364 done; Stage: 82%; Total: 55%; ETA:   0:00:40    
Progress: 398125 of 480364 done; Stage: 82%; Total: 55%; ETA:   0:00:40 .  
Progress: 398246 of 480364 done; Stage: 82%; Total: 55%; ETA:   0:00:40 .. 
Progress: 398413 of 480364 done; Stage: 82%; Total: 55%; ETA:   0:00:41 ...
Progress: 398975 of 480364 done; Stage: 83%; Total: 55%; ETA:   0:00:41    
Progress: 399597 of 480364 done; Stage: 83%; Total: 55%; ETA:   0:00:41 .  
Progress: 400131 of 480364 done; Stage: 83%; Total: 55%; ETA:   0:00:41 .. 
Progress: 400334 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 ...
Progress: 400487 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41    
Progress: 400608 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 .  
Progress: 400762 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 .. 
Progress: 400990 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 ...
Progress: 401368 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41    
Progress: 401510 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 .  
Progress: 401707 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:43 .. 
Progress: 401830 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:43 ...
Progress: 401907 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:43    
Progress: 401931 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:43 .  
Progress: 401937 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:43 .. 
Progress: 402053 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 ...
Progress: 402174 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44    
Progress: 402262 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 .  
Progress: 402574 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 .. 
Progress: 402839 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 ...
Progress: 402969 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44    
Progress: 403013 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 Index verification completed.
Progress: 1 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:30 .. 
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:30 ...
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        
 
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:30    
                                                                                       
                                                                                       
  0 unindexed files recovered to lost and found.                    
 
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 5 of 5 done; Stage: 100%; Total: 99%; ETA:   0:00:00 .  
                                                                                       
                                                                                       
  42935 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
Progress: 0 of 4679 done; Stage:  0%; Total: 99%; ETA:   0:00:00 .. 
Progress: 3501 of 4679 done; Stage: 74%; Total: 96%; ETA:   0:00:04 ...
Progress: 4679 of 4679 done; Stage: 100%; Total: 96%; ETA:   0:00:04    
                                                                                       
                                                                                       
  38334016 USN bytes processed.                                                           
 
Usn Journal verification completed.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 474799787 KB total disk space.
 271656860 KB in 226735 files.
    146520 KB in 42936 indexes.
         0 KB in bad sectors.
    519079 KB in use by the system.
     65536 KB occupied by the log file.
 202477328 KB available on disk.
 
      4096 bytes in each allocation unit.
 118699946 total allocation units on disk.
  50619332 allocation units available on disk.
The type of the file system is NTFS.
Volume label is TI10664600G.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 394496 done; Stage:  0%; Total:  0%; ETA:   0:18:59    
Progress: 4176 of 394496 done; Stage:  1%; Total:  0%; ETA:   0:18:55 .  
Progress: 13937 of 394496 done; Stage:  3%; Total:  1%; ETA:   0:18:46 .. 
Progress: 31233 of 394496 done; Stage:  7%; Total:  2%; ETA:   0:00:47 ...
Progress: 39242 of 394496 done; Stage:  9%; Total:  3%; ETA:   0:00:51    
Progress: 45569 of 394496 done; Stage: 11%; Total:  4%; ETA:   0:00:56 .  
Progress: 48897 of 394496 done; Stage: 12%; Total:  4%; ETA:   0:01:02 .. 
Progress: 66985 of 394496 done; Stage: 16%; Total:  5%; ETA:   0:00:54 ...
Progress: 82668 of 394496 done; Stage: 20%; Total:  7%; ETA:   0:00:49    
Progress: 100878 of 394496 done; Stage: 25%; Total:  8%; ETA:   0:00:44 .  
Progress: 116993 of 394496 done; Stage: 29%; Total: 10%; ETA:   0:00:43 .. 
Progress: 127280 of 394496 done; Stage: 32%; Total: 11%; ETA:   0:00:43 ...
Progress: 145921 of 394496 done; Stage: 36%; Total: 12%; ETA:   0:00:39    
Progress: 157071 of 394496 done; Stage: 39%; Total: 13%; ETA:   0:00:39 .  
Progress: 168428 of 394496 done; Stage: 42%; Total: 14%; ETA:   0:00:39 .. 
Progress: 171521 of 394496 done; Stage: 43%; Total: 15%; ETA:   0:00:40 ...
Progress: 173412 of 394496 done; Stage: 43%; Total: 15%; ETA:   0:00:43    
Progress: 174298 of 394496 done; Stage: 44%; Total: 15%; ETA:   0:00:44 .  
Progress: 177161 of 394496 done; Stage: 44%; Total: 15%; ETA:   0:00:46 .. 
Progress: 177710 of 394496 done; Stage: 45%; Total: 15%; ETA:   0:00:49 ...
Progress: 177929 of 394496 done; Stage: 45%; Total: 15%; ETA:   0:00:51    
Progress: 178689 of 394496 done; Stage: 45%; Total: 15%; ETA:   0:00:54 .  
Progress: 179284 of 394496 done; Stage: 45%; Total: 15%; ETA:   0:00:56 .. 
Progress: 183457 of 394496 done; Stage: 46%; Total: 16%; ETA:   0:00:57 ...
Progress: 191877 of 394496 done; Stage: 48%; Total: 17%; ETA:   0:00:57    
Progress: 192180 of 394496 done; Stage: 48%; Total: 17%; ETA:   0:00:59 .  
Progress: 200458 of 394496 done; Stage: 50%; Total: 18%; ETA:   0:00:59 .. 
Progress: 203009 of 394496 done; Stage: 51%; Total: 18%; ETA:   0:00:59 ...
Progress: 203436 of 394496 done; Stage: 51%; Total: 18%; ETA:   0:01:01    
Progress: 203893 of 394496 done; Stage: 51%; Total: 18%; ETA:   0:01:17 .  
Progress: 203985 of 394496 done; Stage: 51%; Total: 18%; ETA:   0:01:31 .. 
Progress: 212771 of 394496 done; Stage: 53%; Total: 19%; ETA:   0:01:31 ...
Progress: 214368 of 394496 done; Stage: 54%; Total: 19%; ETA:   0:01:31    
Progress: 219246 of 394496 done; Stage: 55%; Total: 19%; ETA:   0:01:31 .  
Progress: 222370 of 394496 done; Stage: 56%; Total: 20%; ETA:   0:01:31 .. 
Progress: 223866 of 394496 done; Stage: 56%; Total: 20%; ETA:   0:01:31 ...
Progress: 244993 of 394496 done; Stage: 62%; Total: 22%; ETA:   0:01:23    
Progress: 271201 of 394496 done; Stage: 68%; Total: 24%; ETA:   0:01:15 .  
Progress: 278529 of 394496 done; Stage: 70%; Total: 25%; ETA:   0:01:13 .. 
Progress: 281044 of 394496 done; Stage: 71%; Total: 25%; ETA:   0:01:13 ...
Progress: 282405 of 394496 done; Stage: 71%; Total: 25%; ETA:   0:01:13    
Progress: 285956 of 394496 done; Stage: 72%; Total: 25%; ETA:   0:01:13 .  
Progress: 288857 of 394496 done; Stage: 73%; Total: 26%; ETA:   0:01:15 .. 
Progress: 291803 of 394496 done; Stage: 73%; Total: 26%; ETA:   0:01:15 ...
Progress: 313618 of 394496 done; Stage: 79%; Total: 28%; ETA:   0:01:10    
Progress: 327010 of 394496 done; Stage: 82%; Total: 29%; ETA:   0:01:07 .  
Progress: 334727 of 394496 done; Stage: 84%; Total: 30%; ETA:   0:01:05 .. 
Progress: 348113 of 394496 done; Stage: 88%; Total: 31%; ETA:   0:01:03 ...
Progress: 361729 of 394496 done; Stage: 91%; Total: 32%; ETA:   0:01:02    
Progress: 394496 of 394496 done; Stage: 100%; Total: 35%; ETA:   0:00:55 .  
                                                                                       
                                                                                       
  394496 file records processed.                                                        
 
File verification completed.
Progress: 9807 of 9807 done; Stage: 100%; Total: 26%; ETA:   0:01:21 .. 
                                                                                       
                                                                                       
  9807 large file records processed.                                   
 
Progress: 0 of 0 done; Stage: 99%; Total: 26%; ETA:   0:01:21 ...
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
Progress: 738 of 480364 done; Stage:  0%; Total: 26%; ETA:   0:01:21    
Progress: 39390 of 480364 done; Stage:  8%; Total: 29%; ETA:   0:01:15 .  
Progress: 79323 of 480364 done; Stage: 16%; Total: 31%; ETA:   0:01:07 .. 
Progress: 126710 of 480364 done; Stage: 26%; Total: 35%; ETA:   0:00:59 ...
Progress: 176673 of 480364 done; Stage: 36%; Total: 38%; ETA:   0:00:52    
Progress: 212842 of 480364 done; Stage: 44%; Total: 40%; ETA:   0:00:47 .  
Progress: 287143 of 480364 done; Stage: 59%; Total: 45%; ETA:   0:00:39 .. 
Progress: 326705 of 480364 done; Stage: 68%; Total: 48%; ETA:   0:00:36 ...
Progress: 394499 of 480364 done; Stage: 82%; Total: 52%; ETA:   0:00:31    
Progress: 394592 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31 .  
Progress: 394818 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31 .. 
Progress: 395009 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31 ...
Progress: 395220 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31    
Progress: 395314 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:31 .  
Progress: 395341 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:32 .. 
Progress: 395460 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:32 ...
Progress: 395789 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:32    
Progress: 396017 of 480364 done; Stage: 82%; Total: 53%; ETA:   0:00:32 .  
Progress: 396027 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:32 .. 
Progress: 396029 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:32 ...
Progress: 396042 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:36    
Progress: 396129 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:38 .  
Progress: 396269 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:38 .. 
Progress: 396433 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40 ...
Progress: 396748 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40    
Progress: 396998 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40 .  
Progress: 397570 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40 .. 
Progress: 397823 of 480364 done; Stage: 82%; Total: 54%; ETA:   0:00:40 ...
Progress: 397994 of 480364 done; Stage: 82%; Total: 55%; ETA:   0:00:40    
Progress: 398125 of 480364 done; Stage: 82%; Total: 55%; ETA:   0:00:40 .  
Progress: 398246 of 480364 done; Stage: 82%; Total: 55%; ETA:   0:00:40 .. 
Progress: 398413 of 480364 done; Stage: 82%; Total: 55%; ETA:   0:00:41 ...
Progress: 398975 of 480364 done; Stage: 83%; Total: 55%; ETA:   0:00:41    
Progress: 399597 of 480364 done; Stage: 83%; Total: 55%; ETA:   0:00:41 .  
Progress: 400131 of 480364 done; Stage: 83%; Total: 55%; ETA:   0:00:41 .. 
Progress: 400334 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 ...
Progress: 400487 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41    
Progress: 400608 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 .  
Progress: 400762 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 .. 
Progress: 400990 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 ...
Progress: 401368 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41    
Progress: 401510 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:41 .  
Progress: 401707 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:43 .. 
Progress: 401830 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:43 ...
Progress: 401907 of 480364 done; Stage: 83%; Total: 56%; ETA:   0:00:43    
Progress: 401931 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:43 .  
Progress: 401937 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:43 .. 
Progress: 402053 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 ...
Progress: 402174 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44    
Progress: 402262 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 .  
Progress: 402574 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 .. 
Progress: 402839 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 ...
Progress: 402969 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44    
Progress: 403013 of 480364 done; Stage: 83%; Total: 57%; ETA:   0:00:44 Index verification completed.
Progress: 1 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:30 .. 
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:30 ...
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        
 
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:30    
                                                                                       
                                                                                       
  0 unindexed files recovered to lost and found.                    
 
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 5 of 5 done; Stage: 100%; Total: 99%; ETA:   0:00:00 .  
                                                                                       
                                                                                       
  42935 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
Progress: 0 of 4679 done; Stage:  0%; Total: 99%; ETA:   0:00:00 .. 
Progress: 3501 of 4679 done; Stage: 74%; Total: 96%; ETA:   0:00:04 ...
Progress: 4679 of 4679 done; Stage: 100%; Total: 96%; ETA:   0:00:04    
                                                                                       
                                                                                       
  38334016 USN bytes processed.                                                           
 
Usn Journal verification completed.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 474799787 KB total disk space.
 271656860 KB in 226735 files.
    146520 KB in 42936 indexes.
         0 KB in bad sectors.
    519079 KB in use by the system.
     65536 KB occupied by the log file.
 202477328 KB available on disk.
 
      4096 bytes in each allocation unit.
 118699946 total allocation units on disk.
  50619332 allocation units available on disk.

 



#14 dennis369

dennis369
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 18 October 2017 - 04:20 PM

Please pardon if that log posted twice. I think the paste tool clicked more than once..



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:24 PM

Posted 18 October 2017 - 08:30 PM

Thank you, please do this.

===================================================

Data Lifeguard Diagnostic for Windows

-------------------

Note: This process may take several hours to complete.
  • Download Data Lifeguard Diagnostic for Windows and save it to your desktop
  • Unzip the file onto your desktop
  • Right click on setup and select Run as Administrator
  • Click Next three
  • Click Install
  • Click Finish to launch the program
  • Close all screens except for the Western Digital Diagnostics screen
  • Place a check mark in I accept this License Agreement then click Next
  • Left click on your Western Digital (or other brand main) hard drive
  • Just above that link click on the small icon where it says Click to run tests
  • Select EXTENDED TEST then click Start
  • Once completed you will be notified whether the hard drive passed or failed
  • Please copy and paste that information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Test log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users