Jump to content

Can't run Malwarebytes, computer won't restart


Recommended Posts

I have a Windows 8 Asus laptop that is not even 2 years old. I think I'm infected. I am running free avast but it found no threats. Malwarebytes refuses to run, chameleon loads but won't finish. I ran the malwarebytes cleaner once before installing the latest version of Malwarebytes. I opened it once but it froze and I was never able to perform a scan. My Asus laptop itself refuses to perform restarts, I have to manually force shutdown with the button.

Here is my fbar log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2016
Ran by Kathleen (administrator) on ISHII (17-10-2016 19:15:05)
Running from C:\Users\Kathleen\Desktop
Loaded Profiles: Kathleen (Available Profiles: Kathleen)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dropbox, Inc.) C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
(Microsoft Corporation) C:\Windows\hh.exe
(MalwareBytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(MalwareBytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
() C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-14] (AVAST Software)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1485096 2011-07-16] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-24] (Valve Corporation)
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\...\Run: [GoogleChromeAutoLaunch_2BDE1626D1BCF167F36C7C11F511FA17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [966760 2016-09-25] (Google Inc.)
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\...\Run: [Dropbox Update] => C:\Users\Kathleen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\...\Run: [Amazon Music] => C:\Users\Kathleen\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-04-15] ()
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-16] (Piriform Ltd)
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-01] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kathleen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{79BA45EF-88B7-4A2A-B917-CAFD6450F988}: [DhcpNameServer] 40.53.1.16
Tcpip\..\Interfaces\{9D7DE041-A63B-4080-BF10-9C00B43BBB67}: [DhcpNameServer] 192.168.11.1

Internet Explorer:
==================
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-2230534638-1152460850-2751653348-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-2230534638-1152460850-2751653348-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2230534638-1152460850-2751653348-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-01] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-01] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: tv0whvfz.default
FF ProfilePath: C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\tv0whvfz.default [2016-10-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tv0whvfz.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\tv0whvfz.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\tv0whvfz.default -> hxxp://pleated-jeans.com/
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\tv0whvfz.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28]
FF Extension: (Rikaichan Japanese-English Dictionary File) - C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\tv0whvfz.default\Extensions\rikaichan-jpen@polarcloud.com [2016-01-02]
FF Extension: (Rikaichan) - C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\tv0whvfz.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2015-05-30]
FF Extension: (FlashGot) - C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\tv0whvfz.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-17]
FF Extension: (Save Image in Folder) - C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\tv0whvfz.default\Extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-13]
FF Extension: (Adblock Plus) - C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\tv0whvfz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-07-27] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default [2016-10-17]
CHR Extension: (Google Slides) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24]
CHR Extension: (I'm a Gentleman) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjaicccalbbickikgdegaihmajaidpd [2016-02-16]
CHR Extension: (Google Docs) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24]
CHR Extension: (Google Drive) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Hola Better Internet Engine) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2015-05-21]
CHR Extension: (Google Sheets) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-10-12]
CHR Extension: (Avast Online Security) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-28]
CHR Extension: (Instant Translate: Select and Translate) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2016-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (ADTelly Free) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjjcnhdfjhfmkpilggjhhkgafmflld [2016-10-12]
CHR Extension: (Gmail) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-13] (ASUS Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-10-17] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-10-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-17] (Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-18 10:22 - 2016-10-18 10:22 - 00000000 _____ C:\Recovery.txt
2016-10-17 18:17 - 2016-10-17 18:17 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-10-17 18:16 - 2016-10-17 18:17 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-17 18:15 - 2016-10-17 18:16 - 11579432 _____ (SurfRight B.V.) C:\Users\Kathleen\Desktop\HitmanPro_x64.exe
2016-10-17 17:58 - 2016-10-17 18:00 - 00225550 _____ C:\TDSSKiller.3.1.0.11_17.10.2016_17.58.31_log.txt
2016-10-17 17:58 - 2016-10-17 17:58 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Kathleen\Desktop\tdsskiller.exe
2016-10-17 17:53 - 2016-10-17 17:53 - 33597888 _____ (Adlice Software ) C:\Users\Kathleen\Desktop\setup.exe
2016-10-17 17:48 - 2016-10-17 17:48 - 06705178 _____ C:\Users\Kathleen\Desktop\mbam-chameleon-3.1.33.0.zip
2016-10-17 17:45 - 2016-10-17 17:46 - 00048646 _____ C:\Users\Kathleen\Desktop\Addition.txt
2016-10-17 17:42 - 2016-10-17 19:15 - 00024294 _____ C:\Users\Kathleen\Desktop\FRST.txt
2016-10-17 17:42 - 2016-10-17 19:15 - 00000000 ____D C:\FRST
2016-10-17 17:41 - 2016-10-17 17:41 - 02406912 _____ (Farbar) C:\Users\Kathleen\Desktop\FRST64.exe
2016-10-17 16:42 - 2016-10-17 18:51 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-17 16:42 - 2016-10-17 17:27 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-17 16:42 - 2016-10-17 16:42 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-17 16:42 - 2016-10-17 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-17 16:42 - 2016-10-17 16:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-17 16:42 - 2016-10-17 16:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-17 16:42 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-10-17 16:42 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-10-17 16:29 - 2016-10-17 16:29 - 00566128 _____ (Malwarebytes) C:\Users\Kathleen\Desktop\mbam-clean-2.3.0.1001.exe
2016-10-17 16:25 - 2016-10-17 18:03 - 00002504 _____ C:\Users\Kathleen\Desktop\Rkill.txt
2016-10-17 16:25 - 2016-10-17 16:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Kathleen\Desktop\rkill.exe
2016-10-17 16:25 - 2016-10-17 16:25 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Kathleen\Desktop\rkill64.exe
2016-10-17 16:23 - 2016-10-17 16:23 - 22851472 _____ (Malwarebytes ) C:\Users\Kathleen\Desktop\mbam-setup-2.2.1.1043.exe
2016-10-16 16:13 - 2016-10-17 16:40 - 00000000 ____D C:\WINDOWS\Minidump
2016-10-14 13:45 - 2016-10-14 13:45 - 00058410 _____ C:\Users\Kathleen\Desktop\Katie receipt_tracker sept 2016.pdf
2016-10-14 08:21 - 2016-10-14 08:21 - 00000000 ____D C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-28 22:28 - 2016-09-28 23:35 - 00000000 ____D C:\Users\Kathleen\Desktop\mudol
2016-09-24 22:02 - 2016-09-25 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-17 18:36 - 2015-06-18 23:25 - 00000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2230534638-1152460850-2751653348-1001UA.job
2016-10-17 18:35 - 2015-01-25 02:58 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-17 18:24 - 2015-02-23 06:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-17 17:28 - 2015-01-21 13:21 - 00000074 _____ C:\Users\Kathleen\AppData\Roaming\sp_data.sys
2016-10-17 17:26 - 2015-02-09 09:14 - 00000000 ___DO C:\Users\Kathleen\OneDrive
2016-10-17 17:25 - 2015-01-25 02:58 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-17 17:24 - 2015-05-09 20:45 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-10-17 17:24 - 2013-08-22 23:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-17 16:47 - 2015-01-21 13:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2230534638-1152460850-2751653348-1001
2016-10-17 16:40 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\Inf
2016-10-17 16:36 - 2015-01-21 14:49 - 00000000 ___RD C:\Users\Kathleen\Dropbox
2016-10-17 16:19 - 2015-02-24 23:00 - 00506398 _____ C:\WINDOWS\system32\perfh011.dat
2016-10-17 16:19 - 2015-02-24 23:00 - 00135664 _____ C:\WINDOWS\system32\perfc011.dat
2016-10-17 16:19 - 2014-11-21 17:44 - 01496524 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-17 15:25 - 2015-02-01 13:10 - 00000000 ____D C:\Users\Kathleen\AppData\Roaming\vlc
2016-10-17 14:36 - 2013-08-22 22:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-10-17 12:47 - 2015-05-13 21:56 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-10-17 12:47 - 2015-05-13 21:56 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-10-16 12:36 - 2015-06-18 23:25 - 00000890 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2230534638-1152460850-2751653348-1001Core.job
2016-10-15 18:17 - 2015-02-09 08:05 - 00000000 ____D C:\Users\Kathleen
2016-10-14 14:50 - 2015-01-21 13:41 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-10-14 08:21 - 2015-01-21 14:45 - 00000000 ____D C:\Users\Kathleen\AppData\Roaming\Dropbox
2016-10-12 22:10 - 2015-02-06 14:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-12 21:37 - 2015-01-25 03:02 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-12 21:24 - 2015-02-23 06:58 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-10-12 21:24 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-12 21:24 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-01 20:38 - 2015-06-18 23:25 - 00000000 ____D C:\Users\Kathleen\AppData\Local\Dropbox
2016-09-30 12:09 - 2015-06-07 18:29 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-28 23:44 - 2015-05-22 23:14 - 00000000 ____D C:\Users\Kathleen\AppData\Roaming\MyPhoneExplorer
2016-09-26 23:59 - 2015-06-06 20:18 - 00000000 ____D C:\Users\Kathleen\AppData\Roaming\Skype
2016-09-25 17:37 - 2015-01-21 13:41 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-09-25 17:32 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-25 17:29 - 2015-01-21 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-24 21:24 - 2016-03-23 17:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458723330
2016-09-24 21:23 - 2016-03-23 17:55 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-24 08:03 - 2015-06-06 20:17 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-01-21 13:21 - 2016-10-17 17:28 - 0000074 _____ () C:\Users\Kathleen\AppData\Roaming\sp_data.sys
2015-02-21 00:42 - 2015-02-21 00:42 - 0003584 _____ () C:\Users\Kathleen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-09 07:59 - 2015-02-09 07:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-01 18:34 - 2012-09-07 20:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 18:34 - 2009-07-22 19:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 18:34 - 2012-09-07 20:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

I hope that you can help me. Thank you

 

CheckResultsv.txt

Link to post
Share on other sites

Hello and :welcome:

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

Check Disk

  • Press the WindowsKey.png on your keyboard. Type cmd and right click >> Run as Administrator.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.


Check Disk report:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Link to post
Share on other sites

Checkdisk was stuck at 18%, then went away. Viewer showed no log so I guess it didn't actually complete. By some miracle, malwarebytes ran and scanned to completion. No obvious threats. At the advice of a friend, I also did adwcleaner successfully, but my computer still hangs really hard when it attempts to restart. I still have to manually shut it down. Blue screen of death with a couple of options to refresh or restart my computer, but I am not ready to do those yet. Otherwise I have a black screen with nothing happening when I try to restart

malware1.txt

AdwCleaner[C0]1018.txt

Link to post
Share on other sites

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          10/25/2016 2:39:33 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Ishii
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  426496 file records processed.                                                        

File verification completed.
  5332 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  510248 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Cleaning up 49 unused index entries from index $SII of file 0x9.
Cleaning up 49 unused index entries from index $SDH of file 0x9.
Cleaning up 49 unused security descriptors.
Security descriptor verification completed.
  41877 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34648688 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  426480 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  9341418 free clusters processed.                                                       

Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

 194892799 KB total disk space.
 156836380 KB in 236779 files.
    155156 KB in 41878 indexes.
         0 KB in bad sectors.
    535591 KB in use by the system.
     65536 KB occupied by the log file.
  37365672 KB available on disk.

      4096 bytes in each allocation unit.
  48723199 total allocation units on disk.
   9341418 allocation units available on disk.

Internal Info:
00 82 06 00 74 40 04 00 0b 52 08 00 00 00 00 00  ....t@...R......
b0 2e 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  ....;...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-10-24T17:39:33.000000000Z" />
    <EventRecordID>95791</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Ishii</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  426496 file records processed.                                                        

File verification completed.
  5332 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  510248 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Cleaning up 49 unused index entries from index $SII of file 0x9.
Cleaning up 49 unused index entries from index $SDH of file 0x9.
Cleaning up 49 unused security descriptors.
Security descriptor verification completed.
  41877 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34648688 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  426480 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  9341418 free clusters processed.                                                       

Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

 194892799 KB total disk space.
 156836380 KB in 236779 files.
    155156 KB in 41878 indexes.
         0 KB in bad sectors.
    535591 KB in use by the system.
     65536 KB occupied by the log file.
  37365672 KB available on disk.

      4096 bytes in each allocation unit.
  48723199 total allocation units on disk.
   9341418 allocation units available on disk.

Internal Info:
00 82 06 00 74 40 04 00 0b 52 08 00 00 00 00 00  ....t@...R......
b0 2e 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  ....;...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

 

Things seem to be going better than before. No freezing or crashing.

Link to post
Share on other sites

Okay, that's good.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.