Jump to content

Hangs Crashes and occasional restarts


Recommended Posts

Hangs crashes occasionally restarts sometimes with a quick flash of BSOD which doesn't appear long enough to get any info.... Widows explorer stops working sometimes... Windows update does not work or show any updates at all Chkdsc has replaced a few bad clusters. Previous scan with Super Anti Spyware showed no errors, today's scan froze and crashed... Just completed MBAM scan with no errors...I am running in safe mode with networking at this time...

FRST logs below...

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by User (administrator) on USER-PC on 06-07-2015 12:49:57
Running from C:\Users\User\Documents\Programs
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-06-10] (SUPERAntiSpyware)
HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\MountPoints2: {6f7b4290-4fd3-11e4-961c-0022684728d4} - E:\launcher.exe
HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\MountPoints2: {7ab38629-651d-11e4-bf49-0022684728d4} - J:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-09-16]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-06-25]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4256741779-1254924251-658174128-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-4256741779-1254924251-658174128-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-4256741779-1254924251-658174128-1000 -> {6F452E27-87DA-4FE7-8E97-489910D74B32} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-4256741779-1254924251-658174128-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{14DE41BF-45B5-481C-A5D0-0326BE9AB470}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bo7gvxx3.default
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-15]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-15]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-15]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-15]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-15]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-15]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-15]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 12:49 - 2015-07-06 12:49 - 00000000 ____D C:\FRST
2015-07-06 12:31 - 2015-07-06 12:31 - 00270056 _____ C:\Windows\Minidump\070615-8892-01.dmp
2015-07-06 11:39 - 2015-07-06 11:39 - 00282120 _____ C:\Windows\Minidump\070615-10873-01.dmp
2015-07-02 13:22 - 2015-07-06 12:25 - 00000000 ____D C:\Users\User\Documents\SysnativeFileCollectionApp
2015-07-01 17:23 - 2015-07-01 17:23 - 00003560 ____N C:\bootsqm.dat
2015-06-30 19:55 - 2015-06-30 19:55 - 00274408 _____ C:\Windows\Minidump\063015-12448-01.dmp
2015-06-30 15:58 - 2015-06-30 15:58 - 00282120 _____ C:\Windows\Minidump\063015-12058-01.dmp
2015-06-30 14:29 - 2015-06-30 14:29 - 00274408 _____ C:\Windows\Minidump\063015-10920-01.dmp
2015-06-30 14:19 - 2015-06-30 14:19 - 00282120 _____ C:\Windows\Minidump\063015-11637-01.dmp
2015-06-29 15:02 - 2015-06-29 15:02 - 00282120 _____ C:\Windows\Minidump\062915-11388-01.dmp
2015-06-25 16:53 - 2015-06-25 16:53 - 00282120 _____ C:\Windows\Minidump\062515-11731-01.dmp
2015-06-24 17:17 - 2015-06-24 17:17 - 00282120 _____ C:\Windows\Minidump\062415-14180-01.dmp
2015-06-23 18:42 - 2015-06-23 18:42 - 00282120 _____ C:\Windows\Minidump\062315-14024-01.dmp
2015-06-19 20:35 - 2015-06-19 20:35 - 00282120 _____ C:\Windows\Minidump\061915-13993-01.dmp
2015-06-17 11:15 - 2015-06-17 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-11 13:31 - 2015-06-11 13:31 - 00000000 ____D C:\Users\User\AppData\Local\Hewlett-Packard
2015-06-11 11:19 - 2015-06-11 11:19 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-11 11:18 - 2015-06-11 11:18 - 05197824 _____ C:\Users\User\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-06-10 15:55 - 2015-06-10 15:55 - 00448512 _____ (OldTimer Tools) C:\Users\User\Downloads\TFC.exe
2015-06-10 15:38 - 2015-06-10 15:38 - 00009345 _____ C:\Users\User\Downloads\courtesy-cleaner-stantonpc.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 12:43 - 2014-09-12 15:42 - 01645416 _____ C:\Windows\WindowsUpdate.log
2015-07-06 12:37 - 2015-01-22 16:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-06 12:37 - 2015-01-22 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-06 12:37 - 2015-01-22 16:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-06 12:31 - 2015-01-02 22:20 - 337968877 _____ C:\Windows\MEMORY.DMP
2015-07-06 12:31 - 2015-01-02 22:20 - 00000000 ____D C:\Windows\Minidump
2015-07-06 11:43 - 2014-09-15 08:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-06 11:43 - 2014-09-15 08:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-06 11:42 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-06 11:41 - 2014-11-21 17:16 - 00015872 _____ C:\Windows\setupact.log
2015-07-06 11:01 - 2009-07-13 21:45 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 11:00 - 2009-07-13 21:45 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 10:52 - 2009-07-13 22:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-30 18:35 - 2009-07-13 22:13 - 00802762 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-25 10:56 - 2014-12-23 10:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 10:44 - 2014-09-15 08:14 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 14:26 - 2006-01-11 12:29 - 00000000 ____D C:\Users\User\Documents\CPRMatters
2015-06-18 10:53 - 2014-09-15 14:41 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-18 10:53 - 2014-09-15 14:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 10:53 - 2014-09-15 14:34 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-06-18 08:41 - 2015-01-22 16:56 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-01-22 16:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-01-22 16:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 11:25 - 2014-09-18 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-17 11:25 - 2010-11-20 20:47 - 00079328 _____ C:\Windows\PFRO.log
2015-06-16 14:27 - 2014-09-22 13:24 - 00000000 ____D C:\ProgramData\pdf995
2015-06-16 14:12 - 2014-09-22 13:24 - 00000059 _____ C:\Windows\wpd99.drv
2015-06-11 10:39 - 2015-01-22 17:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

==================== Files in the root of some directories =======

2014-10-09 16:40 - 2014-10-09 16:40 - 0000000 _____ () C:\Users\User\AppData\Roaming\monFDE.log
2015-01-22 16:08 - 2015-01-22 16:08 - 0166712 _____ () C:\Users\User\AppData\Local\ars.cache
2015-01-22 16:08 - 2015-01-22 16:08 - 0216714 _____ () C:\Users\User\AppData\Local\census.cache
2015-01-22 16:01 - 2015-01-22 16:01 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-01-06 19:38 - 2015-01-06 19:38 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2015-01-22 16:07 - 2015-01-22 16:07 - 0000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache
2014-09-16 13:22 - 2014-09-16 13:22 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 13:08

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by User at 2015-07-06 12:50:24
Running from C:\Users\User\Documents\Programs
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4256741779-1254924251-658174128-500 - Administrator - Disabled)
Guest (S-1-5-21-4256741779-1254924251-658174128-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4256741779-1254924251-658174128-1003 - Limited - Enabled)
User (S-1-5-21-4256741779-1254924251-658174128-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D386AA62-CC9D-213D-BCD3-1FF53F7B8BAC}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Pdf995 (HKLM-x32\...\Pdf995) (Version: 14.2s - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media  (06/22/2009 6.0.64.0059) (HKLM\...\7F4303078887B33BF9E472598BB463CBE007C68E) (Version: 06/22/2009 6.0.64.0059 - YUAN TV DRIVER)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2FEB8BC2-EB20-4A4A-B77A-E9985C569403} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {43600D62-38FF-4E26-8A20-7EB174884B3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.)
Task: {46CD3BB0-7A06-4398-BEC9-1BBDA61FA55C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4256741779-1254924251-658174128-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{EA88E3D8-0242-4FB8-A3DB-AA4550D527D6}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{ED707ADA-C905-472E-A9BB-E55FDF1A490A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AEA01F53-B2EA-4C8F-BE01-E00474046029}] => (Allow) LPort=2869
FirewallRules: [{42C00142-808B-461F-9221-9CF827F0C583}] => (Allow) LPort=1900
FirewallRules: [{4BAA6270-5C0D-4375-999C-EBA1EDC1453E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{727D58E0-1EC8-456C-9244-CA723CA5E531}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{7C0C9E91-F83D-4E8B-835A-CF05A1B68076}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{07383412-97D1-4128-AB3E-E8C93B69DE7F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{A1A788D9-5C9B-4AAF-BB13-5784AAC497B2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{F3BA39DF-0ABA-4067-BED0-3252B9DD5A09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0BBB03A0-883F-4C53-81BE-7F4FE6359EEE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{99BC1E35-FCDB-4A67-9C03-49650501829A}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
FirewallRules: [{389419F4-9E6D-4214-87C7-2E3793412925}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
FirewallRules: [{9830FAD6-6B39-455B-A04F-8346F0F978A8}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
FirewallRules: [{6417C46B-0852-4021-8358-4BB40A3913E3}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
FirewallRules: [{38245B97-297A-4DBA-AC3B-A23AA51A1A7A}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS423C\HPDiagnosticCoreUI.exe
FirewallRules: [{47F475B0-EECA-461E-98C7-94F0CDE8991E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS423C\HPDiagnosticCoreUI.exe
FirewallRules: [{15F5AAFF-95A8-41D6-9108-30571B71626D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B77A44EC-4AC3-4A49-8B63-BF2428AB0665}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1BECF49A-14CC-4850-9980-4A182BD76D2D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{DDF4B675-6D6A-49BD-A2C3-D2E4849B3F6C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D18212E1-2E52-4D98-8BB4-874001A6FEBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CAC2810-9DA7-41F6-A0FF-2A25DA1D6E88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9314AAD9-6EAD-4B44-BE2D-34992AE74F87}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{03C37331-46B6-414E-AEA8-576219C5F570}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{82AA9580-1708-4CB3-AD7A-8C8C307CCE29}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9762C2A6-90BA-4CED-8372-9D76FA0D1AE8}C:\users\user\appdata\local\temp\7zs01a4\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs01a4\enterprisedu.exe
FirewallRules: [uDP Query User{715D465C-0886-4305-837F-40342D7F387B}C:\users\user\appdata\local\temp\7zs01a4\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs01a4\enterprisedu.exe
FirewallRules: [TCP Query User{27BB2F88-9D55-441C-A3C5-FFE4A67467E4}C:\users\user\appdata\local\temp\7zs163a\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs163a\enterprisedu.exe
FirewallRules: [uDP Query User{501BC1D8-2C23-4CFB-8D1D-5185D3D2D12C}C:\users\user\appdata\local\temp\7zs163a\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs163a\enterprisedu.exe
FirewallRules: [TCP Query User{1231AF12-2FEA-4148-BD6A-586645793A54}C:\users\user\appdata\local\temp\7zs20a6\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs20a6\enterprisedu.exe
FirewallRules: [uDP Query User{B7823D46-EE94-4A1B-A115-7AF10DA914AB}C:\users\user\appdata\local\temp\7zs20a6\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs20a6\enterprisedu.exe
FirewallRules: [{09EF79C4-04AE-4ABB-80E5-3E189267BC10}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: eHome Infrared Receiver (USBCIR)
Description: eHome Infrared Receiver (USBCIR)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbcir
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2015 00:33:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 11:49:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 11:17:05 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgRobust.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgRobust.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (07/06/2015 11:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000006
Fault offset: 0x000000000001d143
Faulting process id: 0x13c8
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (07/06/2015 11:14:58 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.

Program: Antimalware Service Executable
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 0

Error: (07/06/2015 11:14:58 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\imaadp32.acm for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Tasks because of this error.

Program: Host Process for Windows Tasks
File: C:\Windows\System32\imaadp32.acm

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (07/06/2015 11:14:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.11804.0, time stamp: 0x557a8cde
Exception code: 0xc0000006
Fault offset: 0x00000000004a5ec3
Faulting process id: 0x314
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3

Error: (07/06/2015 11:14:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7601.18010, time stamp: 0x50aee9f3
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000006
Fault offset: 0x00000000000393eb
Faulting process id: 0x668
Faulting application start time: 0xtaskhost.exe0
Faulting application path: taskhost.exe1
Faulting module path: taskhost.exe2
Report Id: taskhost.exe3

Error: (07/06/2015 11:09:01 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\dbgeng.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Problem Reporting because of this error.

Program: Windows Problem Reporting
File: C:\Windows\System32\dbgeng.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (07/06/2015 11:07:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WerFault.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc607
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000006
Fault offset: 0x0000000000054144
Faulting process id: 0xd38
Faulting application start time: 0xWerFault.exe0
Faulting application path: WerFault.exe1
Faulting module path: WerFault.exe2
Report Id: WerFault.exe3


System errors:
=============
Error: (07/06/2015 00:50:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2015 00:50:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2015 00:50:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2015 00:49:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2015 00:49:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2015 00:49:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2015 00:49:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (07/06/2015 00:49:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (07/06/2015 00:48:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2015 00:48:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (06/30/2015 02:01:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 117 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/30/2015 01:56:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 656 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (06/30/2015 09:47:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 213 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/30/2015 09:45:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 582 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-06-20 10:23:42.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 4094.18 MB
Available physical RAM: 3174.71 MB
Total Virtual: 8186.54 MB
Available Virtual: 7105.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:476.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B14BFCDD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of log ============================

Link to post
Share on other sites
  • Staff

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:
 

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
 

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites

Thanks for your help TwinHeadedEagle!!!

 

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          7/7/2015 9:30:33 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      User-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  211712 file records processed.                                         

File verification completed.
  474 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  47 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  272350 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  211712 file SDs/SIDs processed.                                        

Cleaning up 43 unused index entries from index $SII of file 0x9.
Cleaning up 43 unused index entries from index $SDH of file 0x9.
Cleaning up 43 unused security descriptors.
Security descriptor verification completed.
  30320 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37286976 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000185 at offset 0x269910000 for 0x2000 bytes.
Read failure with status 0xc0000185 at offset 0xffd06000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0xffd16000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0xffd19000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0xffd1a000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0xffe0a000 for 0x2000 bytes.
Read failure with status 0xc0000185 at offset 0xffe0e000 for 0x1000 bytes.
Windows replaced bad clusters in file 59522
of name \Windows\System32\config\COMPON~2.
  211696 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  125026066 free clusters processed.                                        

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 625027071 KB total disk space.
 124494808 KB in 154011 files.
     93140 KB in 30321 indexes.
       248 KB in bad sectors.
    334611 KB in use by the system.
     65536 KB occupied by the log file.
 500104264 KB available on disk.

      4096 bytes in each allocation unit.
 156256767 total allocation units on disk.
 125026066 allocation units available on disk.

Internal Info:
00 3b 03 00 17 d0 02 00 aa 32 05 00 00 00 00 00  .;.......2......
24 37 00 00 2f 00 00 00 00 00 00 00 00 00 00 00  $7../...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-07T16:30:33.000000000Z" />
    <EventRecordID>15190</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>User-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  211712 file records processed.                                         

File verification completed.
  474 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  47 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  272350 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  211712 file SDs/SIDs processed.                                        

Cleaning up 43 unused index entries from index $SII of file 0x9.
Cleaning up 43 unused index entries from index $SDH of file 0x9.
Cleaning up 43 unused security descriptors.
Security descriptor verification completed.
  30320 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37286976 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000185 at offset 0x269910000 for 0x2000 bytes.
Read failure with status 0xc0000185 at offset 0xffd06000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0xffd16000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0xffd19000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0xffd1a000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0xffe0a000 for 0x2000 bytes.
Read failure with status 0xc0000185 at offset 0xffe0e000 for 0x1000 bytes.
Windows replaced bad clusters in file 59522
of name \Windows\System32\config\COMPON~2.
  211696 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  125026066 free clusters processed.                                        

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 625027071 KB total disk space.
 124494808 KB in 154011 files.
     93140 KB in 30321 indexes.
       248 KB in bad sectors.
    334611 KB in use by the system.
     65536 KB occupied by the log file.
 500104264 KB available on disk.

      4096 bytes in each allocation unit.
 156256767 total allocation units on disk.
 125026066 allocation units available on disk.

Internal Info:
00 3b 03 00 17 d0 02 00 aa 32 05 00 00 00 00 00  .;.......2......
24 37 00 00 2f 00 00 00 00 00 00 00 00 00 00 00  $7../...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

Link to post
Share on other sites

Ok... I restarted windows normally and attempted to return here...

After about a 10 minute hang everything on my desktop disappeared for about 5 minutes.

Shortly after everything returned I got Windows Explorer has stopped woking and trying to restart,

followed by "remote procedure call failed"

I returned here after restarting in safe mode....

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.