Jump to content

Stuck on heuristic analysis and crash


Recommended Posts

I was told to post here from my previous post at https://forums.malwarebytes.org/index.php?/topic/168628-stuck-on-heuristic-analysis-and-crash/#entry964318
Below I have pasted the FRST.txt and Addition.txt as per instruction
To reiterate my problem: I can't get past heuristic analysis no matter how long I wait. Before heuristic analysis, there would only be around 2-10 hits but, this time, heuristic analysis got over 12k hits. Why is this happening and how can I fix it?
 

Attached FRST.txt because it was too big

 

FRST.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Chris at 2015-05-22 00:04:26
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3211320817-3581402497-3269666451-500 - Administrator - Disabled)
Chris (S-1-5-21-3211320817-3581402497-3269666451-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3211320817-3581402497-3269666451-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3211320817-3581402497-3269666451-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark (HKLM-x32\...\{f5aa1c48-f2dc-4f4f-a71d-65bd7d0dc5c5}) (Version: 1.5.893.0 - Futuremark)
3DMark (Version: 1.5.893.0 - Futuremark) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Aperture Tag: The Paint Gun Testing Initiative (HKLM-x32\...\Steam App 280740) (Version:  - Aperture Tag Team)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
EnGenius 11n USB Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - EnGenius Technologies)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Futuremark SystemInfo (HKLM-x32\...\{0DD83DE7-507E-44AE-BC2D-2FAAFA48CCA5}) (Version: 4.37.548.0 - Futuremark)
Geometry Wars: Retro Evolved (HKLM-x32\...\Steam App 8400) (Version:  - Bizarre Creations)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.82.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.82.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.177 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
PFPortChecker 1.0.39 (HKLM-x32\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
RuneScape Launcher 1.2.5 (HKLM-x32\...\{BB1810FD-EB25-4A9D-ADDD-3543190D429A}) (Version: 1.2.5 - Jagex Ltd)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
SoundSwitch (HKU\S-1-5-21-3211320817-3581402497-3269666451-1000\...\5e9d4b807286f8d3) (Version: 2.4.1.4 - Jeroen Pelgrims)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Unity Web Player (HKU\S-1-5-21-3211320817-3581402497-3269666451-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {039602EE-52F1-45A0-BA30-6CD80D1ADE30} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {2F35DAD8-01BF-47A3-A0D4-68F761450C45} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {31D74091-AAD1-4F9C-B087-DC8997FA8EC0} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {44EE0FC2-7520-40A0-8E80-BB9E9AE33FFC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {804E7467-ADA0-4159-A7E9-109619167517} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()
Task: {9282629F-DF5A-4479-8659-640A8F0EAC64} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {DFE11DA3-4821-44C4-8F49-6DEDD09FB8C1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E42577B2-7CBB-4420-8E94-427BD4D1EA2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-05-28 16:07 - 2014-05-29 03:14 - 00076888 ____H () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-06 00:03 - 2014-12-06 00:03 - 00565760 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-09-18 00:23 - 2014-09-18 00:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-02-26 11:39 - 2015-02-26 11:39 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 00:23 - 2014-09-18 00:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-02-26 11:39 - 2015-02-26 11:39 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-01-02 04:40 - 2014-01-01 20:40 - 00203965 _____ () D:\Microsoft\Windows\Start Menu\Programs\Startup\always-on-top.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-05-13 14:17 - 2015-05-04 20:19 - 01633608 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-13 14:17 - 2015-05-04 20:19 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-03-26 17:05 - 2015-03-26 17:05 - 00014336 _____ () C:\Users\Chris\jagexcache\jagexlauncher\bin\JagexLauncher.exe
2014-11-01 12:51 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-12-06 00:01 - 2014-12-06 00:01 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2014-12-06 00:01 - 2014-12-06 00:01 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2014-12-06 00:02 - 2014-12-06 00:02 - 00217600 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2014-12-06 00:01 - 2014-12-06 00:01 - 00353792 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-12-06 00:02 - 2014-12-06 00:02 - 00649216 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2014-02-12 16:49 - 2015-04-16 13:43 - 01007104 _____ () D:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-02-12 16:49 - 2015-04-16 13:43 - 00023552 _____ () D:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-02-12 16:49 - 2015-04-16 13:43 - 00024576 _____ () D:\Program Files (x86)\Origin\imageformats\qico.dll
2014-02-12 16:49 - 2015-04-16 13:43 - 00216576 _____ () D:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-02-12 16:49 - 2015-04-16 13:43 - 00261120 _____ () D:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-02-12 16:49 - 2015-04-16 13:43 - 00019456 _____ () D:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-02-12 16:49 - 2015-04-16 13:43 - 00337408 _____ () D:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-02-12 16:49 - 2015-04-16 13:43 - 00018944 _____ () D:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-02-12 16:49 - 2015-04-16 13:43 - 00228352 _____ () D:\Program Files (x86)\Origin\mediaservice\wmfengine.dll
2015-03-26 09:38 - 2015-03-26 09:38 - 00192512 _____ () C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GvVGAConfig.dll
2011-11-10 17:35 - 2011-11-10 17:35 - 03198464 _____ () C:\Users\Chris\jagexcache\jagexlauncher\bin\jvm.dll
2011-11-10 18:16 - 2011-11-10 18:16 - 00402944 _____ () C:\Users\Chris\jagexcache\jagexlauncher\bin\freetype.dll
2013-12-29 20:32 - 2015-05-21 08:31 - 00066048 _____ () C:\Windows\.jagex_cache_32\browsercontrol.dll
2013-12-29 05:22 - 2015-05-21 08:31 - 00132096 ____H () C:\Users\Chris\jagexcache\runescape\LIVE\jaclib.dll
2013-12-29 05:22 - 2015-05-21 08:31 - 00076288 ____H () C:\Users\Chris\jagexcache\runescape\LIVE\jagdx.dll
2013-12-29 14:17 - 2015-04-16 10:40 - 00776192 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2014-12-02 13:13 - 2015-04-22 19:16 - 04962816 _____ () D:\Program Files (x86)\Steam\v8.dll
2014-12-02 13:13 - 2015-04-22 19:16 - 01556992 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2014-12-02 13:13 - 2015-04-22 19:16 - 01187840 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 15:44 - 2015-05-20 18:13 - 02407104 _____ () D:\Program Files (x86)\Steam\video.dll
2014-08-21 19:11 - 2014-12-01 14:31 - 02396672 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-21 19:11 - 2014-12-01 14:31 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-21 19:11 - 2014-12-01 14:31 - 00479744 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-21 19:11 - 2014-12-01 14:31 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-21 19:11 - 2014-12-01 14:31 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2013-12-29 14:17 - 2015-05-20 18:13 - 00703680 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-12-29 14:17 - 2015-05-11 12:01 - 36302728 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-23 13:16 - 2015-05-11 12:01 - 08958344 _____ () D:\Program Files (x86)\Steam\bin\pdf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Chris\ApexFrameworkCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\ApexFrameworkCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_BasicFSCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_BasicFSCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_BasicIOSCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_BasicIOSCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_BasicIOS_LegacyCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_BasicIOS_LegacyCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_Common_LegacyCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_Common_LegacyCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_DynamicSystemCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_DynamicSystemCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_EmitterCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_EmitterCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_Emitter_LegacyCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_Emitter_LegacyCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_FieldSamplerCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_FieldSamplerCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_ForceFieldCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_ForceFieldCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_Framework_LegacyCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_Framework_LegacyCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_IOFXCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_IOFXCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_IOFX_LegacyCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_IOFX_LegacyCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_ParticleIOSCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_ParticleIOSCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_ParticleIOS_LegacyCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_ParticleIOS_LegacyCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_TurbulenceFSCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_TurbulenceFSCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_TurbulenceFS_LegacyCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\APEX_TurbulenceFS_LegacyCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\atimgpud.dll:crc
AlternateDataStreams: C:\Users\Chris\avcodec-53.dll:crc
AlternateDataStreams: C:\Users\Chris\avformat-53.dll:crc
AlternateDataStreams: C:\Users\Chris\avutil-51.dll:crc
AlternateDataStreams: C:\Users\Chris\awesomium.dll:crc
AlternateDataStreams: C:\Users\Chris\awesomium_process.exe:crc
AlternateDataStreams: C:\Users\Chris\bink2w32.dll:crc
AlternateDataStreams: C:\Users\Chris\bink2w64.dll:crc
AlternateDataStreams: C:\Users\Chris\BrowserController.exe:crc
AlternateDataStreams: C:\Users\Chris\ca-bundle.crt:crc
AlternateDataStreams: C:\Users\Chris\cg.dll:crc
AlternateDataStreams: C:\Users\Chris\cgGL.dll:crc
AlternateDataStreams: C:\Users\Chris\ClientConfig.ini:crc
AlternateDataStreams: C:\Users\Chris\cudart32_32_16.dll:crc
AlternateDataStreams: C:\Users\Chris\cudart32_42_6.dll:crc
AlternateDataStreams: C:\Users\Chris\cudart64_32_16.dll:crc
AlternateDataStreams: C:\Users\Chris\DeepGraphicsWrapper.ini:crc
AlternateDataStreams: C:\Users\Chris\dpvs.dll:crc
AlternateDataStreams: C:\Users\Chris\dpvsd.dll:crc
AlternateDataStreams: C:\Users\Chris\eqn.bk2:crc
AlternateDataStreams: C:\Users\Chris\faultlog.dll:crc
AlternateDataStreams: C:\Users\Chris\GControl.dll:crc
AlternateDataStreams: C:\Users\Chris\GControlForms.dll:crc
AlternateDataStreams: C:\Users\Chris\GCtrlTheme_Bitmap.dll:crc
AlternateDataStreams: C:\Users\Chris\GCtrlTheme_Infinity.dll:crc
AlternateDataStreams: C:\Users\Chris\GDF.dll:crc
AlternateDataStreams: C:\Users\Chris\GDraw.dll:crc
AlternateDataStreams: C:\Users\Chris\GDraw_D3D9.dll:crc
AlternateDataStreams: C:\Users\Chris\GDraw_GDI.dll:crc
AlternateDataStreams: C:\Users\Chris\GDraw_GL.dll:crc
AlternateDataStreams: C:\Users\Chris\GFont_FT2.dll:crc
AlternateDataStreams: C:\Users\Chris\GInput.dll:crc
AlternateDataStreams: C:\Users\Chris\GInput_DX8.dll:crc
AlternateDataStreams: C:\Users\Chris\GInput_GDI.dll:crc
AlternateDataStreams: C:\Users\Chris\GKernel.dll:crc
AlternateDataStreams: C:\Users\Chris\glut32.dll:crc
AlternateDataStreams: C:\Users\Chris\GParse.dll:crc
AlternateDataStreams: C:\Users\Chris\Graphics.ini:crc
AlternateDataStreams: C:\Users\Chris\GraphicsDriver.dll:crc
AlternateDataStreams: C:\Users\Chris\icudt.dll:crc
AlternateDataStreams: C:\Users\Chris\InputProfile_Default.xml:crc
AlternateDataStreams: C:\Users\Chris\inspector.pak:crc
AlternateDataStreams: C:\Users\Chris\Landmark64.exe:crc
AlternateDataStreams: C:\Users\Chris\libEGL.dll:crc
AlternateDataStreams: C:\Users\Chris\libGLESv2.dll:crc
AlternateDataStreams: C:\Users\Chris\libsndfile-1.dll:crc
AlternateDataStreams: C:\Users\Chris\LoadingScreen.xml:crc
AlternateDataStreams: C:\Users\Chris\mss32.dll:crc
AlternateDataStreams: C:\Users\Chris\nvToolsExt32_1.dll:crc
AlternateDataStreams: C:\Users\Chris\ortp.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3CharacterKinematicCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3CharacterKinematicCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3CHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3CHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3CommonCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3CommonCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3CookingCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3CookingCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3GpuCHECKED_x64.dll:crc
AlternateDataStreams: C:\Users\Chris\PhysX3GpuCHECKED_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\picn1020.ssm:crc
AlternateDataStreams: C:\Users\Chris\pxtask_cuda_x86.dll:crc
AlternateDataStreams: C:\Users\Chris\scealog.dll:crc
AlternateDataStreams: C:\Users\Chris\SoundSettings.xml:crc
AlternateDataStreams: C:\Users\Chris\steam_api.dll:crc
AlternateDataStreams: C:\Users\Chris\steam_api64.dll:crc
AlternateDataStreams: C:\Users\Chris\vivoxoal.dll:crc
AlternateDataStreams: C:\Users\Chris\vivoxplatform.dll:crc
AlternateDataStreams: C:\Users\Chris\vivoxsdk.dll:crc
AlternateDataStreams: C:\Users\Chris\vld.dll:crc
AlternateDataStreams: C:\Users\Chris\vld.ini:crc
AlternateDataStreams: C:\Users\Chris\WebBrowserAssets.txt:crc
AlternateDataStreams: C:\Users\Chris\welcome.txt:crc
AlternateDataStreams: C:\Users\Chris\wws_crashreport_uploader.exe:crc
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3211320817-3581402497-3269666451-1000\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3211320817-3581402497-3269666451-1000\Control Panel\Desktop\\Wallpaper -> D:\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.12 - 68.105.29.12
 
==================== MSCONFIG/TASK MANAGER Error getting ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F9C3FCF9-6478-44D0-930B-AD66FB316D4E}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{47F82E39-8013-421A-9EEA-8E5BC4CCDA5F}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BB4B7491-249B-4752-BA5A-E9B40627D66C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{35A16AAF-940F-45CC-AEE3-EF5F3864ADC9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{C3864314-8F75-4E5A-9620-D7FA9CD1F958}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{1AB2DB60-55E0-4F8D-A9EA-1D8ED0040E3B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{43832170-3596-4507-895E-9E1A7E1E2504}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7EB3BE4F-FBDC-4B49-B52C-8DC1205B465A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{E568D460-50E5-4EC7-85E6-FCC5C445B7D9}D:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Block) D:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe
FirewallRules: [uDP Query User{652539E3-8D4C-4563-A315-E6E6331A106C}D:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Block) D:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe
FirewallRules: [TCP Query User{D9EC8046-D0E5-4C2E-8361-3BA04B277029}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{531BD529-9698-495F-8900-4CE5EE9B8DA7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{2DBF9732-F7E6-4BA9-BBF8-266DA67E3228}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B40FE629-EC87-439A-8193-EA49CBE9930A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{B2888152-F700-45A1-B536-C8348B5AB08D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{F40051CA-65E2-4F75-86AD-11A2CA476E07}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{8442A9B5-277E-4E1C-9555-9BD431B10857}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D3FADC86-0FFB-4F69-B5E4-20D5F3751331}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A807EF81-F942-4437-9B7A-D3BFA5BFDE6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4B51A0CB-E4A9-465B-86C1-5604AD090841}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{34B43FB0-612E-465A-82A0-0C68C5575552}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [TCP Query User{8217BC2D-22E6-4FA7-AD50-31B3C6F83199}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [{E5A41744-4816-45DB-8E51-99FD986A1F44}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{74889BA0-0A15-4297-8582-6BC8CBDD2DA1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{6302C428-BE28-4E99-BCAC-8732843FEAB4}] => (Allow) LPort=41780
FirewallRules: [TCP Query User{D942BD85-97D4-4BFA-BA9D-5B7275727F54}C:\users\chris\landmark64.exe] => (Block) C:\users\chris\landmark64.exe
FirewallRules: [uDP Query User{38C39030-72AD-43CA-96E2-DB130D438E28}C:\users\chris\landmark64.exe] => (Block) C:\users\chris\landmark64.exe
FirewallRules: [{9A34266E-90AB-4348-BD98-A58D7A582973}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{A8299E07-79E2-4E76-B9AC-6685841BF628}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{D810EF8D-B8EE-411B-873B-36C94CDCDFDE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{C3C1F5F7-DD32-40E8-8834-C994F63A7D9E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{CE3FC4FB-5C00-4F94-98A4-066CDEE6D55B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Geometry Wars\GeometryWars.exe
FirewallRules: [{7DC10269-81CC-48DC-98C0-A68B8BF41C65}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Geometry Wars\GeometryWars.exe
FirewallRules: [{94674D1C-8BA3-4CA4-8DC1-BEA19FBC33DA}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{E7F3D915-3284-4058-803E-5A4145209A98}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{69BA092F-1ADE-4030-8FCE-C4B2983181CC}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{80ED5D03-06A1-4D11-8E65-A9BE2967A280}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{B96AACDC-7E47-475F-903E-826F17DCE4B0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{9A2D2AB1-CD68-472C-8C09-B0636B5FC93B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{25C947A9-EB4E-4512-B008-672ABC6798BD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{E59E496B-92EF-45E9-A3DD-9CBC99A7D972}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{3599D8DD-5BC2-41DE-81DB-CD4D8B91D669}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{F464B943-E4DA-4B71-AB77-F3F7819C3E05}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{D0047CB8-BA96-495A-BB42-B5E0DE4B8DBA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Aperture Tag\portal2.exe
FirewallRules: [{165FC7FC-C898-4CBC-B4FE-14D6D794359E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Aperture Tag\portal2.exe
FirewallRules: [{930DC99B-4E43-45D5-9427-E5821F06FB66}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6580E125-411E-4B92-9A7F-22941AEB81CA}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{7D851792-F8AB-4B06-A164-62A6C1CBA525}D:\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) D:\documents\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [uDP Query User{64FD3A1E-C261-4397-B0AD-129AD20C79C0}D:\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) D:\documents\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [{7CA19266-F1E4-491E-9C44-7847E0DEA9C9}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{74A3C777-024B-4D87-800A-86003D54BB6E}] => (Allow) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{0C0DB523-4F2E-4204-AFFC-35D857C67799}] => (Allow) LPort=1542
FirewallRules: [{70E3D54A-DC61-4DE3-B755-5361BCCC63F8}] => (Allow) LPort=1542
FirewallRules: [{D31FD762-E8DA-4481-9BFF-7D84A8C6B8C2}] => (Allow) LPort=53
FirewallRules: [{CAF0F294-C49E-4E0A-8A6B-1D2EC7E06D0D}] => (Allow) D:\Skype\Phone\Skype.exe
FirewallRules: [{18EF7CF3-D747-4FDC-9FF0-14D85DE74951}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{60360A39-7C96-4270-82C5-D2558213C23B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{1C4761CD-2BD9-4D68-8E48-24BE916786E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{66AB1DC1-00FB-4D62-A6B0-6220D23F5127}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{377BA1E4-1A29-4A35-9806-63635775077A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{AABE461F-2C84-4D9E-B59C-62BA20677A1D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [TCP Query User{D30526E8-A5ED-40D3-82E8-0A829BBE050F}D:\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [uDP Query User{6CFDD88A-33AA-4CCA-80B8-E31FB0BB86A5}D:\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{AE937D10-D7B6-4CCB-AF6C-0252ED956402}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{56F418B4-0380-4AEB-9621-57025C478DE1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{CA7EAD14-5555-44E3-B976-5B04A0509C90}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5B201D09-8297-4284-94C7-970487355303}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{312EB5E1-F918-4B9B-BE3E-B05F142AED9B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A76EBE52-5EF3-4E82-9198-29B4F6CEEEEC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B8FF4574-A753-4BF2-9810-0C75989D4752}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7345E7EA-0A26-45D1-BE6A-7972277E0807}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E5EF946B-F454-4909-813F-DC69B4EFFB89}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{634D9BCD-6175-4054-9197-BACBD78880A1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9AFA5A62-980A-4AD8-B40E-8920677F4B61}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{D38CE2CF-1BBC-42B8-B500-286FF6594732}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{EC063DB7-484B-45BC-9007-7A024E1BB46E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{97064C2D-E81D-4AAD-BB9B-00860B7C9B92}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{0AC0B76D-1411-41FA-85A6-D795B6471613}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{7EA03BD9-2746-485A-B103-D9ACA44475DF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{75A1CFA5-D4EC-4AAC-AA01-4457F3FD5F84}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{1AF23A66-B904-4D71-8BA8-306EA8234A5B}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{8D7777C8-DC71-445F-9341-5CAD93BF1B81}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8226166B-83DB-4EA1-BE00-C885FED419FA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D16ACABB-66FB-4FF5-8341-EF45E63818F4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{BC40A196-818F-45C2-92A2-10559D1293F7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{46DF924E-C6AA-44A6-9061-88CF305656E5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{DC9D7381-62FE-470F-A0C9-7ED29CC74BF4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0D7D3DD1-A6A3-4B32-A2CE-5ADB2E047DF0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CB3237D8-BA5B-446B-BEA1-B0E2188C1C72}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{36AD072C-720D-4214-927F-B4F1A9B679F1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2C8C62D7-862B-43CD-9C6C-5E2E9ADF8BBC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9A5C9551-407B-4675-9990-2F43D6B91AD2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{52901A7B-48E1-42B0-B6C4-C213C1C44485}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{1129934A-ECB4-4A14-9D85-E014AA9C3482}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{49797244-7C30-4D59-9289-BF62EBCFCC1A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{51CD3B0B-E4EF-4ED0-BD0B-BCD83B598F85}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{457DEB41-8584-4347-ACCF-7BE8D1C99ED8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1742433A-56D3-4EE8-945C-D11C9FDE6AFE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{58A461D9-83EC-4F74-B443-1BE731309AF9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{2604BE1B-8627-4123-A635-68EA70D65A71}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/21/2015 08:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.2.929, time stamp: 0x552d3ec4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1be0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (05/19/2015 09:46:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 42.0.2311.152 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d84
 
Start Time: 01d092acf35f915c
 
Termination Time: 4
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 01663d0a-feab-11e4-a1a8-d43d7eea3759
 
Error: (05/19/2015 02:39:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.152, time stamp: 0x55481959
Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8bfa
Exception code: 0xc0000005
Fault offset: 0x000000000005107c
Faulting process id: 0x17cc
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (05/14/2015 00:12:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8bfa
Exception code: 0xc000000d
Fault offset: 0x000000000006ec12
Faulting process id: 0x6dc
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
 
Error: (05/12/2015 09:23:28 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3312) An attempt to open the file "C:\Users\Chris\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (05/12/2015 02:48:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.3.0.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a00
 
Start Time: 01d089129291b70c
 
Termination Time: 28
 
Application Path: D:\Skype\Phone\Skype.exe
 
Report Id: 917dfd26-f8f0-11e4-a39e-d43d7eea3759
 
Error: (05/02/2015 10:07:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bf3.exe, version: 1.6.0.0, time stamp: 0x511c9356
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3e0
Exception code: 0xc0000005
Fault offset: 0x00039e03
Faulting process id: 0x9d0
Faulting application start time: 0xbf3.exe0
Faulting application path: bf3.exe1
Faulting module path: bf3.exe2
Report Id: bf3.exe3
 
Error: (04/18/2015 02:00:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Warframe.x64.exe, version: 2015.4.17.12, time stamp: 0x55313a64
Faulting module name: D3D9.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c5a4
Exception code: 0xc0000005
Fault offset: 0x000007fef3aa33b3
Faulting process id: 0x1a78
Faulting application start time: 0xWarframe.x64.exe0
Faulting application path: Warframe.x64.exe1
Faulting module path: Warframe.x64.exe2
Report Id: Warframe.x64.exe3
 
Error: (04/16/2015 01:43:41 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3400) An attempt to open the file "C:\Users\Chris\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/15/2015 09:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_Google Chrome Installer, version: 42.0.2311.90, time stamp: 0x552c1444
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x36f0
Faulting application start time: 0xsetup.exe_Google Chrome Installer0
Faulting application path: setup.exe_Google Chrome Installer1
Faulting module path: setup.exe_Google Chrome Installer2
Report Id: setup.exe_Google Chrome Installer3
 
 
System errors:
=============
Error: (05/21/2015 00:09:53 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/21/2015 08:31:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (05/21/2015 08:31:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (05/21/2015 08:31:27 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (05/21/2015 08:31:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (05/21/2015 08:31:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (05/21/2015 08:31:27 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (05/21/2015 08:31:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (05/21/2015 08:31:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (05/21/2015 08:31:16 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
 
Microsoft Office:
=========================
Error: (05/21/2015 08:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.2.929552d3ec4MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1be001d093f54a8338dfC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll039bfb00-0034-11e5-a82d-d43d7eea3759
 
Error: (05/19/2015 09:46:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe42.0.2311.152d8401d092acf35f915c4C:\Program Files (x86)\Google\Chrome\Application\chrome.exe01663d0a-feab-11e4-a1a8-d43d7eea3759
 
Error: (05/19/2015 02:39:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.15255481959ntdll.dll6.1.7601.18839553e8bfac0000005000000000005107c17cc01d0927c5112ba0cC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll900baf93-fe6f-11e4-a263-d43d7eea3759
 
Error: (05/14/2015 00:12:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec126dc01d08dbe27206f57C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll9c69f2cb-fa08-11e4-9d8f-d43d7eea3759
 
Error: (05/12/2015 09:23:28 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3312C:\Users\Chris\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (05/12/2015 02:48:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.3.0.101a0001d089129291b70c28D:\Skype\Phone\Skype.exe917dfd26-f8f0-11e4-a39e-d43d7eea3759
 
Error: (05/02/2015 10:07:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf3.exe1.6.0.0511c9356ntdll.dll6.1.7601.187985507b3e0c000000500039e039d001d0855f179574ebD:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exeC:\Windows\SysWOW64\ntdll.dll5bdf93e0-f152-11e4-9c5e-d43d7eea3759
 
Error: (04/18/2015 02:00:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Warframe.x64.exe2015.4.17.1255313a64D3D9.DLL_unloaded0.0.0.04ce7c5a4c0000005000007fef3aa33b31a7801d07a06c0ae4d91D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exeD3D9.DLL0305d942-e60e-11e4-83f5-d43d7eea3759
 
Error: (04/16/2015 01:43:41 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3400C:\Users\Chris\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (04/15/2015 09:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_Google Chrome Installer42.0.2311.90552c1444ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410236f001d077fc410ef133C:\Windows\TEMP\CR_EB97F.tmp\setup.exeC:\Windows\SYSTEM32\ntdll.dll81dad8d1-e3ef-11e4-a186-d43d7eea3759
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-29 13:22:37.246
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\netr6164.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-29 13:22:37.246
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\netr6164.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX-6300 Six-Core Processor 
Percentage of memory in use: 45%
Total physical RAM: 8141.48 MB
Available physical RAM: 4410.1 MB
Total Pagefile: 16281.17 MB
Available Pagefile: 11211.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:57.76 GB) (Free:8.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.88 GB) (Free:112.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: ADD82344)
Partition 1: (Active) - (Size=57.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 176CF387)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 

Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 




FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

  • Staff

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by Chris on Sat 05/23/2015 at 10:32:18.69.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Chris\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

5/23/2015 10:33:03 AM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\VideoLAN deleted successfully

C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully

C:\PROGRA~3\Adobe deleted successfully

C:\PROGRA~3\Hi-Rez Studios deleted successfully

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\VideoLAN not found

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found

D:\\14-4-win7-win8-win8.1-64-dd-ccc-whql deleted

D:\\AMD-Catalyst-14-9-win7-win8.1-64Bit-dd-ccc-whql deleted

C:\found.000 deleted

C:\found.001 deleted

C:\found.002 deleted

C:\Users\Chris\ApexFrameworkCHECKED_x64.dll deleted

C:\Users\Chris\ApexFrameworkCHECKED_x86.dll deleted

C:\Users\Chris\APEX_BasicFSCHECKED_x64.dll deleted

C:\Users\Chris\APEX_BasicFSCHECKED_x86.dll deleted

C:\Users\Chris\APEX_BasicIOSCHECKED_x64.dll deleted

C:\Users\Chris\APEX_BasicIOSCHECKED_x86.dll deleted

C:\Users\Chris\APEX_BasicIOS_LegacyCHECKED_x64.dll deleted

C:\Users\Chris\APEX_BasicIOS_LegacyCHECKED_x86.dll deleted

C:\Users\Chris\APEX_Common_LegacyCHECKED_x64.dll deleted

C:\Users\Chris\APEX_Common_LegacyCHECKED_x86.dll deleted

C:\Users\Chris\APEX_DynamicSystemCHECKED_x64.dll deleted

C:\Users\Chris\APEX_DynamicSystemCHECKED_x86.dll deleted

C:\Users\Chris\APEX_EmitterCHECKED_x64.dll deleted

C:\Users\Chris\APEX_EmitterCHECKED_x86.dll deleted

C:\Users\Chris\APEX_Emitter_LegacyCHECKED_x64.dll deleted

C:\Users\Chris\APEX_Emitter_LegacyCHECKED_x86.dll deleted

C:\Users\Chris\APEX_FieldSamplerCHECKED_x64.dll deleted

C:\Users\Chris\APEX_FieldSamplerCHECKED_x86.dll deleted

C:\Users\Chris\APEX_ForceFieldCHECKED_x64.dll deleted

C:\Users\Chris\APEX_ForceFieldCHECKED_x86.dll deleted

C:\Users\Chris\APEX_Framework_LegacyCHECKED_x64.dll deleted

C:\Users\Chris\APEX_Framework_LegacyCHECKED_x86.dll deleted

C:\Users\Chris\APEX_IOFXCHECKED_x64.dll deleted

C:\Users\Chris\APEX_IOFXCHECKED_x86.dll deleted

C:\Users\Chris\APEX_IOFX_LegacyCHECKED_x64.dll deleted

C:\Users\Chris\APEX_IOFX_LegacyCHECKED_x86.dll deleted

C:\Users\Chris\APEX_ParticleIOSCHECKED_x64.dll deleted

C:\Users\Chris\APEX_ParticleIOSCHECKED_x86.dll deleted

C:\Users\Chris\APEX_ParticleIOS_LegacyCHECKED_x64.dll deleted

C:\Users\Chris\APEX_ParticleIOS_LegacyCHECKED_x86.dll deleted

C:\Users\Chris\APEX_TurbulenceFSCHECKED_x64.dll deleted

C:\Users\Chris\APEX_TurbulenceFSCHECKED_x86.dll deleted

C:\Users\Chris\APEX_TurbulenceFS_LegacyCHECKED_x64.dll deleted

C:\Users\Chris\APEX_TurbulenceFS_LegacyCHECKED_x86.dll deleted

C:\Users\Chris\atimgpud.dll deleted

C:\Users\Chris\avcodec-53.dll deleted

C:\Users\Chris\avformat-53.dll deleted

C:\Users\Chris\avutil-51.dll deleted

C:\Users\Chris\awesomium.dll deleted

C:\Users\Chris\bink2w32.dll deleted

C:\Users\Chris\bink2w64.dll deleted

C:\Users\Chris\cg.dll deleted

C:\Users\Chris\cgGL.dll deleted

C:\Users\Chris\cudart32_32_16.dll deleted

C:\Users\Chris\cudart32_42_6.dll deleted

C:\Users\Chris\cudart64_32_16.dll deleted

C:\Users\Chris\dpvs.dll deleted

C:\Users\Chris\dpvsd.dll deleted

C:\Users\Chris\faultlog.dll deleted

C:\Users\Chris\GControl.dll deleted

C:\Users\Chris\GControlForms.dll deleted

C:\Users\Chris\GCtrlTheme_Bitmap.dll deleted

C:\Users\Chris\GCtrlTheme_Infinity.dll deleted

C:\Users\Chris\GDF.dll deleted

C:\Users\Chris\GDraw.dll deleted

C:\Users\Chris\GDraw_D3D9.dll deleted

C:\Users\Chris\GDraw_GDI.dll deleted

C:\Users\Chris\GDraw_GL.dll deleted

C:\Users\Chris\GFont_FT2.dll deleted

C:\Users\Chris\GInput.dll deleted

C:\Users\Chris\GInput_DX8.dll deleted

C:\Users\Chris\GInput_GDI.dll deleted

C:\Users\Chris\GKernel.dll deleted

C:\Users\Chris\glut32.dll deleted

C:\Users\Chris\GParse.dll deleted

C:\Users\Chris\GraphicsDriver.dll deleted

C:\Users\Chris\icudt.dll deleted

C:\Users\Chris\libEGL.dll deleted

C:\Users\Chris\libGLESv2.dll deleted

C:\Users\Chris\libsndfile-1.dll deleted

C:\Users\Chris\mss32.dll deleted

C:\Users\Chris\nvToolsExt32_1.dll deleted

C:\Users\Chris\ortp.dll deleted

C:\Users\Chris\PhysX3CharacterKinematicCHECKED_x64.dll deleted

C:\Users\Chris\PhysX3CharacterKinematicCHECKED_x86.dll deleted

C:\Users\Chris\PhysX3CHECKED_x64.dll deleted

C:\Users\Chris\PhysX3CHECKED_x86.dll deleted

C:\Users\Chris\PhysX3CommonCHECKED_x64.dll deleted

C:\Users\Chris\PhysX3CommonCHECKED_x86.dll deleted

C:\Users\Chris\PhysX3CookingCHECKED_x64.dll deleted

C:\Users\Chris\PhysX3CookingCHECKED_x86.dll deleted

C:\Users\Chris\PhysX3GpuCHECKED_x64.dll deleted

C:\Users\Chris\PhysX3GpuCHECKED_x86.dll deleted

C:\Users\Chris\pxtask_cuda_x86.dll deleted

C:\Users\Chris\scealog.dll deleted

C:\Users\Chris\steam_api.dll deleted

C:\Users\Chris\steam_api64.dll deleted

C:\Users\Chris\vivoxoal.dll deleted

C:\Users\Chris\vivoxplatform.dll deleted

C:\Users\Chris\vivoxsdk.dll deleted

C:\Users\Chris\vld.dll deleted

C:\PROGRA~3\HirezPipeError.txt deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\Windows\SysWow64\AI_RecycleBin deleted

C:\Users\Chris\awesomium_process.exe deleted

C:\Users\Chris\BrowserController.exe deleted

C:\Users\Chris\Landmark64.exe deleted

C:\Users\Chris\wws_crashreport_uploader.exe deleted

"C:\PROGRA~3\Package Cache" deleted

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

No Chrome User Data found

 

==== Empty All Flash Cache ======================

 

No Flash Cache Found

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=1126 folders=241 939113417 bytes)

 

==== Empty Temp Folders ======================

 

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Chris\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Sat 05/23/2015 at 10:47:22.48 ======================
Link to post
Share on other sites

I've been running hyper scan for 2 hours and the objects scanned number has stopped but the detected objects number keeps rising as time goes on. At the time of this message the scan has been running for 2 hours 10 minutes with 8,599 detected objects on heuristic analysis.

Link to post
Share on other sites

  • Staff

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 



51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

fixlist.txt

Link to post
Share on other sites

  • Staff

Let's try System File Checker:

 

https://support.microsoft.com/en-us/kb/929833

 


 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:
 

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
 

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          5/27/2015 7:09:42 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      ChrisPC
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  187136 file records processed.                                         
 
File verification completed.
  1226 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  58 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  254240 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  187136 file SDs/SIDs processed.                                        
 
Cleaning up 429 unused index entries from index $SII of file 0x9.
Cleaning up 429 unused index entries from index $SDH of file 0x9.
Cleaning up 429 unused security descriptors.
Security descriptor verification completed.
  33553 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  35024544 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  187120 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  2016400 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
  60567583 KB total disk space.
  52123192 KB in 132309 files.
     82612 KB in 33554 indexes.
         0 KB in bad sectors.
    296179 KB in use by the system.
     65536 KB occupied by the log file.
   8065600 KB available on disk.
 
      4096 bytes in each allocation unit.
  15141895 total allocation units on disk.
   2016400 allocation units available on disk.
 
Internal Info:
00 db 02 00 f2 87 02 00 79 be 04 00 00 00 00 00  ........y.......
15 01 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-05-27T14:09:42.000000000Z" />
    <EventRecordID>21799</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>ChrisPC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  187136 file records processed.                                         
 
File verification completed.
  1226 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  58 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  254240 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  187136 file SDs/SIDs processed.                                        
 
Cleaning up 429 unused index entries from index $SII of file 0x9.
Cleaning up 429 unused index entries from index $SDH of file 0x9.
Cleaning up 429 unused security descriptors.
Security descriptor verification completed.
  33553 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  35024544 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  187120 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  2016400 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
  60567583 KB total disk space.
  52123192 KB in 132309 files.
     82612 KB in 33554 indexes.
         0 KB in bad sectors.
    296179 KB in use by the system.
     65536 KB occupied by the log file.
   8065600 KB available on disk.
 
      4096 bytes in each allocation unit.
  15141895 total allocation units on disk.
   2016400 allocation units available on disk.
 
Internal Info:
00 db 02 00 f2 87 02 00 79 be 04 00 00 00 00 00  ........y.......
15 01 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          5/27/2015 7:09:42 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      ChrisPC
Description:
 
 
Checking file system on D:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  136960 file records processed.                                         
 
File verification completed.
  182 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  0 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  144780 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  136960 file SDs/SIDs processed.                                        
 
Cleaning up 212 unused index entries from index $SII of file 0x9.
Cleaning up 212 unused index entries from index $SDH of file 0x9.
Cleaning up 212 unused security descriptors.
Security descriptor verification completed.
  3911 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  36185168 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  136944 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  29864963 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
 244196351 KB total disk space.
 124448104 KB in 91366 files.
     42240 KB in 3912 indexes.
         0 KB in bad sectors.
    246151 KB in use by the system.
     65536 KB occupied by the log file.
 119459856 KB available on disk.
 
      4096 bytes in each allocation unit.
  61049087 total allocation units on disk.
  29864964 allocation units available on disk.
 
Internal Info:
00 17 02 00 3a 74 01 00 16 a7 02 00 00 00 00 00  ....:t..........
11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-05-27T14:09:42.000000000Z" />
    <EventRecordID>21800</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>ChrisPC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on D:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  136960 file records processed.                                         
 
File verification completed.
  182 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  0 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  144780 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  136960 file SDs/SIDs processed.                                        
 
Cleaning up 212 unused index entries from index $SII of file 0x9.
Cleaning up 212 unused index entries from index $SDH of file 0x9.
Cleaning up 212 unused security descriptors.
Security descriptor verification completed.
  3911 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  36185168 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  136944 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  29864963 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
 244196351 KB total disk space.
 124448104 KB in 91366 files.
     42240 KB in 3912 indexes.
         0 KB in bad sectors.
    246151 KB in use by the system.
     65536 KB occupied by the log file.
 119459856 KB available on disk.
 
      4096 bytes in each allocation unit.
  61049087 total allocation units on disk.
  29864964 allocation units available on disk.
 
Internal Info:
00 17 02 00 3a 74 01 00 16 a7 02 00 00 00 00 00  ....:t..........
11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
</Data>
  </EventData>
</Event>
Link to post
Share on other sites

sfcdetails.txt
 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          5/27/2015 2:31:09 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      ChrisPC
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  187136 file records processed.                                         
 
File verification completed.
  1226 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  58 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  254262 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  187136 file SDs/SIDs processed.                                        
 
Cleaning up 14 unused index entries from index $SII of file 0x9.
Cleaning up 14 unused index entries from index $SDH of file 0x9.
Cleaning up 14 unused security descriptors.
CHKDSK is compacting the security descriptor stream
  33564 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  36608192 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  187120 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  2112644 free clusters processed.                                        
 
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
  60567583 KB total disk space.
  51740556 KB in 134288 files.
     83836 KB in 33567 indexes.
         0 KB in bad sectors.
    292615 KB in use by the system.
     65536 KB occupied by the log file.
   8450576 KB available on disk.
 
      4096 bytes in each allocation unit.
  15141895 total allocation units on disk.
   2112644 allocation units available on disk.
 
Internal Info:
00 db 02 00 b8 8f 02 00 be cd 04 00 00 00 00 00  ................
16 01 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-05-27T21:31:09.000000000Z" />
    <EventRecordID>21833</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>ChrisPC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  187136 file records processed.                                         
 
File verification completed.
  1226 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  58 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  254262 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  187136 file SDs/SIDs processed.                                        
 
Cleaning up 14 unused index entries from index $SII of file 0x9.
Cleaning up 14 unused index entries from index $SDH of file 0x9.
Cleaning up 14 unused security descriptors.
CHKDSK is compacting the security descriptor stream
  33564 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  36608192 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  187120 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  2112644 free clusters processed.                                        
 
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
  60567583 KB total disk space.
  51740556 KB in 134288 files.
     83836 KB in 33567 indexes.
         0 KB in bad sectors.
    292615 KB in use by the system.
     65536 KB occupied by the log file.
   8450576 KB available on disk.
 
      4096 bytes in each allocation unit.
  15141895 total allocation units on disk.
   2112644 allocation units available on disk.
 
Internal Info:
00 db 02 00 b8 8f 02 00 be cd 04 00 00 00 00 00  ................
16 01 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>
 
 
Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          5/27/2015 2:31:09 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      ChrisPC
Description:
 
 
Checking file system on D:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  136960 file records processed.                                         
 
File verification completed.
  182 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  0 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  144782 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  136960 file SDs/SIDs processed.                                        
 
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
Security descriptor verification completed.
  3912 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  37173976 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  136944 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  29864800 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
 244196351 KB total disk space.
 124447736 KB in 91367 files.
     42240 KB in 3913 indexes.
         0 KB in bad sectors.
    247175 KB in use by the system.
     65536 KB occupied by the log file.
 119459200 KB available on disk.
 
      4096 bytes in each allocation unit.
  61049087 total allocation units on disk.
  29864800 allocation units available on disk.
 
Internal Info:
00 17 02 00 3c 74 01 00 18 a7 02 00 00 00 00 00  ....<t..........
11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-05-27T21:31:09.000000000Z" />
    <EventRecordID>21834</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>ChrisPC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on D:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  136960 file records processed.                                         
 
File verification completed.
  182 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  0 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  144782 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  136960 file SDs/SIDs processed.                                        
 
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
Security descriptor verification completed.
  3912 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  37173976 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  136944 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  29864800 free clusters processed.                                        
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
 244196351 KB total disk space.
 124447736 KB in 91367 files.
     42240 KB in 3913 indexes.
         0 KB in bad sectors.
    247175 KB in use by the system.
     65536 KB occupied by the log file.
 119459200 KB available on disk.
 
      4096 bytes in each allocation unit.
  61049087 total allocation units on disk.
  29864800 allocation units available on disk.
 
Internal Info:
00 17 02 00 3c 74 01 00 18 a7 02 00 00 00 00 00  ....<t..........
11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
</Data>
  </EventData>
</Event>

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.