Jump to content

constant crashes, blue screens


Recommended Posts

I am looking at my sisters computer and it is constantly crashing she says, I can't find a cause.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by michelle (administrator) on MICHELLE-PC on 15-07-2015 14:09:42
Running from C:\Users\michelle\Downloads
Loaded Profiles: michelle (Available Profiles: michelle & wyatt)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\michelle\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-17] (Avast Software s.r.o.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKU\S-1-5-21-1527173825-2590610167-1253211815-1000\...\Run: [steam] => C:\Program Files\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-1527173825-2590610167-1253211815-1000\...\MountPoints2: {bd91aaaa-1466-11e5-b47f-94de80d48eb1} - E:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-06-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-17] (Avast Software s.r.o.)
GroupPolicyUsers\S-1-5-21-1527173825-2590610167-1253211815-1004\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{6BDEB675-2B43-43A0-BBF2-45B14AFCDD94}: [DhcpNameServer] 64.71.255.204 64.71.255.198

FireFox:
========
FF ProfilePath: C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tvy0dc83.default-1434565962122
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Extension: Adblock Plus - C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tvy0dc83.default-1434565962122\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-17] (Avast Software s.r.o.)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1997168 2015-06-09] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-17] ()
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [99992 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation                           )
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek                                            )
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation)
R3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-13] (Microsoft Corporation)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 14:09 - 2015-07-15 14:09 - 01636864 _____ (Farbar) C:\Users\michelle\Downloads\FRST(1).exe
2015-07-04 22:30 - 2015-07-05 11:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-04 22:29 - 2015-07-04 22:43 - 00000000 ____D C:\Users\michelle\Desktop\mbar
2015-07-04 22:28 - 2015-07-04 22:28 - 16502728 _____ (Malwarebytes Corp.) C:\Users\michelle\Downloads\mbar-1.09.1.1004.exe
2015-07-01 00:00 - 2015-07-01 00:00 - 00131072 _____ C:\Windows\Minidump\070115-17269-01.dmp
2015-06-28 15:02 - 2015-06-28 15:02 - 00000000 ____D C:\Users\michelle\AppData\Roaming\WinAuth
2015-06-28 14:57 - 2015-06-28 14:57 - 01502629 _____ C:\Users\michelle\Desktop\WinAuth-3.1.8.zip
2015-06-17 15:54 - 2015-06-17 15:54 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-17 15:54 - 2015-06-17 15:54 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 14:09 - 2014-12-10 07:46 - 00007322 _____ C:\Users\michelle\Downloads\FRST.txt
2015-07-15 14:09 - 2014-12-10 07:46 - 00000000 ____D C:\FRST
2015-07-15 14:07 - 2014-06-21 08:27 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-15 14:03 - 2014-06-22 06:11 - 00000000 ____D C:\Program Files\Steam
2015-07-15 14:01 - 2015-05-14 14:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-15 14:01 - 2014-08-03 01:00 - 00017694 _____ C:\Windows\setupact.log
2015-07-15 14:01 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-15 13:59 - 2015-04-30 22:20 - 245170756 _____ C:\Windows\MEMORY.DMP
2015-07-15 03:39 - 2014-06-21 09:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 21:25 - 2015-05-10 13:12 - 00000047 _____ C:\Users\michelle\jagex_cl_oldschool_LIVE.dat
2015-07-14 21:25 - 2015-05-10 13:12 - 00000024 _____ C:\Users\michelle\random.dat
2015-07-14 20:53 - 2014-06-21 09:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 20:53 - 2014-06-21 09:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 20:52 - 2014-08-08 01:11 - 00000000 ____D C:\Users\michelle\AppData\Local\Adobe
2015-07-14 20:03 - 2014-06-21 08:17 - 01818723 _____ C:\Windows\WindowsUpdate.log
2015-07-14 18:23 - 2015-04-24 03:28 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-13 13:04 - 2009-07-14 00:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 13:04 - 2009-07-14 00:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 10:54 - 2015-05-10 13:12 - 00000023 _____ C:\Users\michelle\jagexappletviewer.preferences
2015-07-05 11:34 - 2014-06-22 06:03 - 00163488 _____ C:\Windows\PFRO.log
2015-07-05 11:34 - 2014-06-21 08:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-04 22:44 - 2014-06-21 08:58 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-04 22:43 - 2014-08-17 14:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-04 22:29 - 2014-06-21 08:57 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-03 18:04 - 2015-04-30 22:20 - 00000000 ____D C:\Windows\Minidump
2015-06-28 14:58 - 2014-08-29 22:59 - 03900928 _____ C:\Users\michelle\Desktop\WinAuth.exe
2015-06-27 17:44 - 2014-06-21 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-27 17:44 - 2014-06-21 08:57 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-26 15:54 - 2014-06-21 09:22 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-23 13:27 - 2014-06-21 08:39 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-18 08:41 - 2014-06-21 08:57 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-06-21 08:57 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 15:54 - 2014-06-21 09:22 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-17 15:54 - 2014-06-21 09:22 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-17 15:54 - 2014-06-21 09:22 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-17 15:54 - 2014-06-21 09:22 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-17 15:54 - 2014-06-21 09:22 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-17 15:54 - 2014-06-21 09:22 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-17 15:54 - 2014-06-21 09:22 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-17 14:32 - 2015-06-12 18:09 - 00000000 ____D C:\Users\michelle\Desktop\Old Firefox Data

Some files in TEMP:
====================
C:\Users\michelle\AppData\Local\Temp\devcon.exe
C:\Users\michelle\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\michelle\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\michelle\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\michelle\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 00:58

==================== End of log ============================

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


 

 

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

I finally was able to see the error she was talking about this time, I had turned the computer off well waiting for a reply so it wasn't being used by her kids well waiting for a reply.  When i noticed there was a reply, I turned the computer on and It gave me the error message, windows failed to start, and asked me to pick an option.

 

PIcking boot normally, worked and it booted up, but apparently just about every time the computer is turned on it gives the error messaged windows failed to start.

 

there also hasn't been a blue screen since the 30th of june or so.

FRST.txt

Addition.txt

Link to post
Share on other sites

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:
 

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
 

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites

this took almost 2 hours complete. I started it a minute after you responded.

 

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          7/15/2015 5:22:32 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      michelle-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  153344 file records processed.                                         

File verification completed.
  669 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  60 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  192160 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  153344 file SDs/SIDs processed.                                        

Cleaning up 844 unused index entries from index $SII of file 0x9.
Cleaning up 844 unused index entries from index $SDH of file 0x9.
Cleaning up 844 unused security descriptors.
Security descriptor verification completed.
  19409 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35300832 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  153328 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  73696665 free clusters processed.                                        

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 193148968 KB in 129523 files.
     75544 KB in 19410 indexes.
         0 KB in bad sectors.
    270935 KB in use by the system.
     65536 KB occupied by the log file.
 294786664 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  73696666 allocation units available on disk.

Internal Info:
00 57 02 00 d1 45 02 00 6e 45 04 00 00 00 00 00  .W...E..nE......
7d 05 00 00 3c 00 00 00 00 00 00 00 00 00 00 00  }...<...........
98 f4 2f 00 50 01 2e 00 88 19 2e 00 00 00 2e 00  ../.P...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-15T21:22:32.000000000Z" />
    <EventRecordID>6773</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>michelle-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  153344 file records processed.                                         

File verification completed.
  669 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  60 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  192160 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  153344 file SDs/SIDs processed.                                        

Cleaning up 844 unused index entries from index $SII of file 0x9.
Cleaning up 844 unused index entries from index $SDH of file 0x9.
Cleaning up 844 unused security descriptors.
Security descriptor verification completed.
  19409 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35300832 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  153328 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  73696665 free clusters processed.                                        

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 193148968 KB in 129523 files.
     75544 KB in 19410 indexes.
         0 KB in bad sectors.
    270935 KB in use by the system.
     65536 KB occupied by the log file.
 294786664 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  73696666 allocation units available on disk.

Internal Info:
00 57 02 00 d1 45 02 00 6e 45 04 00 00 00 00 00  .W...E..nE......
7d 05 00 00 3c 00 00 00 00 00 00 00 00 00 00 00  }...<...........
98 f4 2f 00 50 01 2e 00 88 19 2e 00 00 00 2e 00  ../.P...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifCCleaner - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to show your appreciation for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.