Multiple running processes of ie and Chrome using up serious memory and causing program lockups

Malnutrition · Oct 26, 2015

I would like you to re-scan with Zoek.

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

Code:

createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

LadyGreenWitch · Oct 27, 2015

Super, thanks Mal, I'll get back to you once I have done that. While I was waiting for you, I had some serious things pop up, one of the programs I regularly use denied me access, I ran both MBAM and Combofix, both found issues, I have included the Combofix log, as well as the confirmation log from OTL, for you if you wouldn't mind making sure that there isn't anything else that was missed. I will post back

Malnutrition · Oct 28, 2015

Please copy and paste all logs.

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VIRIT LITE MONITOR deleted successfully.
File move failed. C:\VEXPLite\MONLITE.EXE scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SoftwareSASGeneration deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gamehouse.com\www\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Unable to delete ADS C:\Windows:nlsPreferences .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\SysNative\drivers\etc\hosts moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Teresa's Laptop\Desktop\cmd.bat deleted successfully.
C:\Users\Teresa's Laptop\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 10272015_130424

Files\Folders moved on Reboot...
File move failed. C:\VEXPLite\MONLITE.EXE scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ComboFix 15-10-27.01 - Teresa's Laptop 10/27/2015 12:21:47.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5963 [GMT -7:00]
Running from: c:\users\Teresa's Laptop\Desktop\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Teresa's Laptop\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-09-27 to 2015-10-27 )))))))))))))))))))))))))))))))
.
.
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\Theo\AppData\Local\temp
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\TEMP.TERESAS\AppData\Local\temp
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\TEMP.TERESAS.001\AppData\Local\temp
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\TEMP.TERESAS.000\AppData\Local\temp
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\Administrator.TERESAS\AppData\Local\temp
2015-10-27 19:30 . 2015-10-27 19:30 -------- d-----w- c:\users\Administrator.TERESAS.000\AppData\Local\temp
2015-10-27 01:41 . 2015-10-27 05:07 -------- d-s---w- c:\windows\system32\GWX
2015-10-27 01:41 . 2015-10-27 01:41 -------- d-s---w- c:\windows\SysWow64\GWX
2015-10-19 18:46 . 2015-10-19 18:51 -------- d-----w- c:\users\Teresa's Laptop\AppData\Roaming\Smart DNS Changer
2015-10-14 17:22 . 2015-10-14 17:22 -------- d-----w- c:\users\Default\AppData\Local\Google
2015-10-13 00:21 . 2015-10-20 03:44 -------- d-----w- c:\users\Teresa's Laptop\AppData\Roaming\Nitro
2015-10-13 00:20 . 2015-09-16 14:14 31896 ----a-w- c:\windows\system32\nitrolocalmon10.dll
2015-10-13 00:20 . 2015-09-16 14:14 20120 ----a-w- c:\windows\system32\nitrolocalui10.dll
2015-10-13 00:18 . 2015-10-13 00:19 -------- d-----w- c:\program files (x86)\Common Files\Nitro
2015-10-13 00:18 . 2015-10-13 00:18 -------- d-----w- c:\program files (x86)\Nitro
2015-10-13 00:18 . 2015-10-13 00:18 -------- d-----w- c:\program files\Common Files\Nitro
2015-10-13 00:18 . 2015-10-13 00:18 -------- d-----w- c:\programdata\Nitro
2015-10-13 00:18 . 2015-10-13 00:18 -------- d-----w- c:\program files\Nitro
2015-10-13 00:16 . 2015-10-13 00:18 -------- d-----w- c:\programdata\Package Cache
2015-10-13 00:06 . 2015-10-27 07:29 -------- d-----w- c:\users\Teresa's Laptop\AppData\Local\FMSoftwareStudio
2015-10-12 21:18 . 2015-10-12 21:18 -------- d-----w- c:\users\DefaultAppPool.IIS APPPOOL.001
2015-10-11 21:14 . 2015-10-11 21:14 -------- d-----w- c:\programdata\pdf995
2015-10-11 21:14 . 2015-10-11 21:34 114 ----a-w- c:\windows\wpd99.drv
2015-10-11 21:14 . 2012-06-07 17:29 2266624 ----a-w- c:\windows\system32\pdfmona64.dll
2015-10-11 21:14 . 2012-04-26 22:51 40448 ----a-w- c:\windows\system32\pdf995mon64.dll
2015-10-11 21:14 . 2005-06-30 22:29 11264 ----a-w- c:\windows\system32\pdf995mon64ui.dll
2015-10-11 21:14 . 2015-10-11 21:34 40448 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
2015-10-11 21:10 . 2015-10-11 21:13 -------- d-----w- C:\pdf995
2015-10-10 18:26 . 2015-10-10 18:26 -------- d-----w- c:\users\Teresa's Laptop\AppData\Local\AbleWord
2015-10-10 18:07 . 2015-10-10 18:07 -------- d-----w- c:\users\Teresa's Laptop\AppData\Roaming\AbleWord
2015-10-05 20:37 . 2011-09-16 05:29 78848 ----a-w- c:\windows\system32\tabcal.exe
2015-10-05 20:37 . 2011-09-16 05:28 684032 ----a-w- c:\windows\system32\TabletPC.cpl
2015-10-05 20:32 . 2011-07-15 03:39 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2015-10-05 20:25 . 2011-06-25 03:22 409088 ----a-w- c:\windows\system32\drivers\srv2.sys
2015-10-05 20:20 . 2011-05-20 12:52 1077248 ----a-w- c:\windows\system32\Narrator.exe
2015-10-05 19:50 . 2015-10-05 19:50 -------- d-----w- c:\users\Teresa's Laptop\AppData\Local\GlassWire
2015-10-05 19:49 . 2015-05-29 04:15 33248 ----a-w- c:\windows\system32\drivers\gwdrv.sys
2015-10-05 19:49 . 2015-10-05 19:49 -------- d-----w- c:\programdata\GlassWire
2015-10-05 19:49 . 2015-10-05 19:50 -------- d-----w- c:\program files (x86)\GlassWire
2015-10-05 06:48 . 2015-10-05 20:38 -------- d-----w- c:\users\Teresa's Laptop\AppData\Roaming\Everything
2015-10-05 06:48 . 2015-10-05 06:48 -------- d-----w- c:\program files\Everything
2015-10-03 18:29 . 2015-10-27 19:30 -------- d-----w- c:\users\Teresa's Laptop\AppData\Local\assembly
2015-10-03 18:00 . 2015-10-03 18:02 -------- d-----w- c:\users\Teresa's Laptop\AppData\Local\WinZip
2015-10-03 18:00 . 2015-10-03 18:01 -------- d-----w- c:\programdata\WinZip
2015-10-03 18:00 . 2015-10-03 18:00 -------- d-----w- c:\program files\WinZip
2015-10-03 17:59 . 2015-10-03 17:59 -------- d-----w- c:\program files (x86)\WinBee
2015-10-03 17:59 . 2015-10-03 17:59 -------- d-----w- c:\users\Teresa's Laptop\AppData\Local\lina
2015-10-03 03:04 . 2015-10-03 03:04 350160 ----a-w- c:\windows\system32\drivers\trufos.sys
2015-10-03 03:03 . 2015-10-03 03:03 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2015-10-03 03:03 . 2015-10-03 03:03 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2015-10-03 03:03 . 2015-10-03 03:03 572928 ----a-w- c:\windows\SysWow64\msvcp90.dll
2015-10-03 03:03 . 2015-10-03 03:03 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2015-10-03 03:03 . 2015-10-03 03:03 156392 ----a-w- c:\windows\SysWow64\eEmpty.exe
2015-10-03 03:03 . 2015-10-03 03:03 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2015-10-03 03:03 . 2015-10-03 03:03 -------- d-----w- c:\programdata\MicroWorld
2015-10-03 02:53 . 2015-10-27 01:48 -------- d-----w- C:\$360Section
2015-10-01 20:50 . 2015-10-27 19:06 -------- dc-h--w- c:\programdata\{DE7CA46F-D006-4512-AAA9-5C72D65B487A}
2015-10-01 20:50 . 2015-08-03 13:23 67376 ----a-w- c:\windows\system32\drivers\VIAGLT64.SYS
2015-10-01 20:50 . 2015-10-27 19:08 -------- d-----w- C:\VEXPLite
2015-10-01 19:27 . 2015-10-01 19:27 -------- d-----w- c:\program files\Reason
2015-10-01 18:37 . 2015-10-01 18:37 -------- d-----w- c:\program files (x86)\Toolwiz Smart Defrag FREE
2015-09-30 06:04 . 2015-09-30 06:04 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AEA6221-5123-41DD-87F5-10A40ECE79D0}\offreg.4448.dll
2015-09-29 18:08 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AEA6221-5123-41DD-87F5-10A40ECE79D0}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-27 18:03 . 2015-09-11 20:06 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-27 18:02 . 2015-09-11 20:06 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-26 19:40 . 2012-04-25 23:13 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-26 19:40 . 2011-06-27 23:36 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-15 20:56 . 2011-06-30 01:47 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-09-21 04:10 . 2015-09-16 21:23 319568 ----a-w- c:\windows\system32\drivers\360Box64.sys
2015-09-21 04:10 . 2015-09-16 21:23 77904 ----a-w- c:\windows\system32\drivers\360AvFlt.sys
2015-09-16 14:14 . 2015-09-16 14:14 71832 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2015-09-16 11:06 . 2014-06-24 22:32 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-13 08:04 . 2015-09-13 06:31 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2015-09-13 00:12 . 2015-09-13 00:39 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-10 02:39 . 2015-09-10 02:38 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-09-10 02:39 . 2015-09-10 02:38 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-09-10 02:39 . 2015-09-10 02:38 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-09-10 02:37 . 2015-09-10 02:37 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-09-10 02:37 . 2015-09-10 02:37 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-09-10 02:37 . 2015-09-10 02:37 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-09-10 02:37 . 2015-09-10 02:37 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-09-10 02:37 . 2015-09-10 02:37 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-09-10 02:37 . 2015-09-10 02:37 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-09-10 02:37 . 2015-09-10 02:37 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-09-10 02:37 . 2015-09-10 02:37 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-09-10 02:37 . 2015-09-10 02:37 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-09-10 02:37 . 2015-09-10 02:37 2126336 ----a-w- c:\windows\system32\inetcpl.cpl
2015-09-10 02:37 . 2015-09-10 02:37 2886144 ----a-w- c:\windows\system32\iertutil.dll
2015-09-10 02:37 . 2015-09-10 02:37 585216 ----a-w- c:\windows\system32\vbscript.dll
2015-09-10 02:37 . 2015-09-10 02:37 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-09-10 02:37 . 2015-09-10 02:37 4520448 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-09-10 02:37 . 2015-09-10 02:37 1951232 ----a-w- c:\windows\SysWow64\wininet.dll
2015-09-10 02:37 . 2015-09-10 02:37 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-09-10 02:37 . 2015-09-10 02:37 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-09-10 02:37 . 2015-09-10 02:37 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-09-10 02:37 . 2015-09-10 02:37 615936 ----a-w- c:\windows\system32\ieui.dll
2015-09-10 02:37 . 2015-09-10 02:37 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-09-10 02:37 . 2015-09-10 02:37 817664 ----a-w- c:\windows\system32\jscript.dll
2015-09-10 02:37 . 2015-09-10 02:37 14451712 ----a-w- c:\windows\system32\ieframe.dll
2015-09-10 02:37 . 2015-09-10 02:37 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-09-10 02:37 . 2015-09-10 02:37 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-09-10 02:37 . 2015-09-10 02:37 5923328 ----a-w- c:\windows\system32\jscript9.dll
2015-09-10 02:37 . 2015-09-10 02:37 2427392 ----a-w- c:\windows\system32\wininet.dll
2015-09-10 02:37 . 2015-09-10 02:37 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-09-10 02:37 . 2015-09-10 02:37 25190400 ----a-w- c:\windows\system32\mshtml.dll
2015-09-10 02:37 . 2015-09-10 02:37 199680 ----a-w- c:\windows\system32\msrating.dll
2015-09-10 02:35 . 2015-09-10 02:35 41984 ----a-w- c:\windows\system32\UtcResources.dll
2015-09-10 02:35 . 2015-09-10 02:35 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2015-09-10 02:35 . 2015-09-10 02:35 5568960 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-09-10 02:35 . 2015-09-10 02:35 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-09-10 02:35 . 2015-09-10 02:35 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-09-10 02:35 . 2015-09-10 02:35 879104 ----a-w- c:\windows\system32\tdh.dll
2015-09-10 02:35 . 2015-09-10 02:35 3934656 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-09-10 02:35 . 2015-09-10 02:35 1311768 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-09-10 02:35 . 2015-09-10 02:34 3989952 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-09-10 02:35 . 2015-09-10 02:34 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-09-10 02:35 . 2015-09-10 02:34 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-09-10 02:34 . 2015-09-10 02:34 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-09-10 02:34 . 2015-09-10 02:34 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-09-10 02:34 . 2015-09-10 02:34 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-09-10 02:34 . 2015-09-10 02:34 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-09-10 02:34 . 2015-09-10 02:34 243712 ----a-w- c:\windows\system32\wow64.dll
2015-09-10 02:34 . 2015-09-10 02:34 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-09-10 02:34 . 2015-09-10 02:34 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-09-10 02:34 . 2015-09-10 02:34 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-09-10 02:34 . 2015-09-10 02:34 729088 ----a-w- c:\windows\system32\kerberos.dll
2015-09-10 02:34 . 2015-09-10 02:34 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-09-10 02:34 . 2015-09-10 02:34 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-09-10 02:34 . 2015-09-10 02:34 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-09-10 02:34 . 2015-09-10 02:34 503808 ----a-w- c:\windows\system32\srcore.dll
2015-09-10 02:34 . 2015-09-10 02:34 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-09-10 02:34 . 2015-09-10 02:34 50176 ----a-w- c:\windows\system32\srclient.dll
2015-09-10 02:34 . 2015-09-10 02:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-10 02:34 . 2015-09-10 02:34 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-09-10 02:34 . 2015-09-10 02:34 342016 ----a-w- c:\windows\system32\schannel.dll
2015-09-10 02:34 . 2015-09-10 02:34 338432 ----a-w- c:\windows\system32\conhost.exe
2015-09-10 02:34 . 2015-09-10 02:34 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-09-10 02:34 . 2015-09-10 02:34 31232 ----a-w- c:\windows\system32\lsass.exe
2015-09-10 02:34 . 2015-09-10 02:34 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-09-10 02:34 . 2015-09-10 02:34 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-09-10 02:34 . 2015-09-10 02:34 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-09-10 02:34 . 2015-09-10 02:34 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-09-10 02:34 . 2015-09-10 02:34 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-09-10 02:34 . 2015-09-10 02:34 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-09-10 02:34 . 2015-09-10 02:34 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-09-10 02:34 . 2015-09-10 02:34 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-09-10 02:34 . 2015-09-10 02:34 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-09-10 02:34 . 2015-09-10 02:34 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-09-10 02:34 . 2015-09-10 02:34 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-09-10 02:34 . 2015-09-10 02:34 112640 ----a-w- c:\windows\system32\smss.exe
2015-09-10 02:34 . 2015-09-10 02:34 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-09-10 02:34 . 2015-09-10 02:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-09-10 02:34 . 2015-09-10 02:34 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-09-10 02:34 . 2015-09-10 02:34 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-09-10 02:34 . 2015-09-10 02:34 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-10 02:34 . 2015-09-10 02:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-10 02:34 . 2015-09-10 02:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-10 02:34 . 2015-09-10 02:34 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-09-10 02:34 . 2015-09-10 02:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-10 02:34 . 2015-09-10 02:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-09-10 02:34 . 2015-09-10 02:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-09-10 02:34 . 2015-09-10 02:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-10 02:34 . 2015-09-10 02:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GlassWire"="c:\program files (x86)\GlassWire\glasswire.exe" [2015-07-31 12783648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QHSafeTray"="c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2015-09-21 1287800]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2015-10-08 676656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FAH.lnk - c:\program files\WinZip\FAH\FAHConsole.exe [2015-6-16 434352]
NETGEAR A6100 Genie.lnk - c:\program files (x86)\NETGEAR\A6100\RtlService.exe -b [2013-7-2 45784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/17 03:44;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 WBA_Scheduler;Brother Web BRAdmin Scheduler;c:\program files (x86)\Brother\Web BRAdmin\cgi-bin\wbatimer.exe;c:\program files (x86)\Brother\Web BRAdmin\cgi-bin\wbatimer.exe [x]
R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 NitroUpdateService;NitroUpdateService;c:\program files\Nitro\Pro 10\Nitro_UpdateService.exe;c:\program files\Nitro\Pro 10\Nitro_UpdateService.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
R4 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIAGLT64.SYS;c:\windows\SYSNATIVE\drivers\VIAGLT64.SYS [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Everything;Everything;c:\program files\Everything\Everything.exe;c:\program files\Everything\Everything.exe [x]
S2 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 NitroDriverReadSpool10;NitroPDFDriverCreatorReadSpool10;c:\program files\Nitro\Pro 10\NitroPDFDriverService10x64.exe;c:\program files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 QHActiveDefense;360 Total Security;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x]
S2 Realtek8723AU;Realtek8723AU;c:\program files (x86)\NETGEAR\A6100\RtlService.exe;c:\program files (x86)\NETGEAR\A6100\RtlService.exe [x]
S2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\viritsvc.exe ;c:\vexplite\viritsvc.exe [x]
S2 WBA_Agent_Client_Service;Brother BRAgent Service;c:\program files (x86)\Brother\Web BRAdmin\cgi-bin\wbaagent.exe;c:\program files (x86)\Brother\Web BRAdmin\cgi-bin\wbaagent.exe [x]
S2 WBA_Agent_Receiver;BRAgent Receiver;c:\program files (x86)\Brother\Web BRAdmin\cgi-bin\agentrcv.exe;c:\program files (x86)\Brother\Web BRAdmin\cgi-bin\agentrcv.exe [x]
S3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
S3 A6100;NETGEAR A6100 WiFi Adapter;c:\windows\system32\DRIVERS\A6100.sys;c:\windows\SYSNATIVE\DRIVERS\A6100.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-25 03:02 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f0683e6d4fd8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 22:40]
.
2015-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d002017f14014e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 22:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-10-12 19:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-10-12 19:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-10-12 19:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
Trusted Zone: gamehouse.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{42018084-A013-4F62-9B18-C7BC70C477EC}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7ACF87CE-E134-4E74-9ECC-5771258C5BAC}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{836920ED-60BD-414C-A692-62A8663A1B06}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{836920ED-60BD-414C-A692-62A8663A1B06}\C4966796E6760227F6F6D602348627F6D65636163747: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EDD98A01-3A14-4257-90AD-04DC320B86C2}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-AppXSvc
SafeBoot-ClipSvc
SafeBoot-WSService
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files (x86)\NETGEAR\A6100\A6100.exe
c:\program files (x86)\360\Total Security\safemon\QHWatchdog.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2015-10-27 12:45:15 - machine was rebooted
ComboFix-quarantined-files.txt 2015-10-27 19:45
.
Pre-Run: 222,861,594,624 bytes free
Post-Run: 222,656,700,416 bytes free
.
- - End Of File - - F5F2FAFB66DFC305CD895D8023A23D72

LadyGreenWitch · Oct 30, 2015

Sorry, I thought we were uploading. Will do. Here is the Zoek Log

Zoek.exe v5.0.0.1 Updated 29-October-2015
Tool run by Teresa's Laptop on Thu 10/29/2015 at 20:27:30.00.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Teresa's Laptop\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 20:29:06.05 =====

--- Create Environment Variables 20:29:07.89
--- Create System Restore Point 20:29:21.61
--- Checking Input 20:29:45.65
--- AU AppData Check 20:31:17.21
--- Remove From Windows Installer 20:31:23.47
--- Empty Folders Check 20:33:02.54
--- Registry HKLM Software Check 20:33:02.57
--- Quick Launch Shortcut Check 20:33:24.29
--- IE Startpage Check 20:33:31.11
--- Program Files DB Check 20:33:58.94
--- C:\Users\Administrator\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\Administrator.TERESAS\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\Administrator.TERESAS.000\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\Administrator.TERESAS.001\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\Default\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\Default User\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\DefaultAppPool.IIS APPPOOL.001\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\TEMP\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\TEMP.TERESAS\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\TEMP.TERESAS.000\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\TEMP.TERESAS.001\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\Teresa's Laptop\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\Theo\AppData\Roaming DB Check 20:34:40.09
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 20:34:40.09
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 20:34:40.09
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 20:34:40.09
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 20:34:40.09
--- C:\Users\Teresa's Laptop DB Check 20:39:41.09
--- C:\PROGRA~3 DB Check 20:39:57.13
--- C:\Users\Administrator\AppData\Local DB Check 20:40:25.57
--- C:\Users\Administrator.TERESAS\AppData\Local DB Check 20:40:25.57
--- C:\Users\Administrator.TERESAS.000\AppData\Local DB Check 20:40:25.57
--- C:\Users\Administrator.TERESAS.001\AppData\Local DB Check 20:40:25.57
--- C:\Users\Default\AppData\Local DB Check 20:40:25.57
--- C:\Users\Default User\AppData\Local DB Check 20:40:25.57
--- C:\Users\DefaultAppPool.IIS APPPOOL.001\AppData\Local DB Check 20:40:25.57
--- C:\Users\Public\AppData\Local DB Check 20:40:25.57
--- C:\Users\TEMP\AppData\Local DB Check 20:40:25.57
--- C:\Users\TEMP.TERESAS\AppData\Local DB Check 20:40:25.57
--- C:\Users\TEMP.TERESAS.000\AppData\Local DB Check 20:40:25.57
--- C:\Users\TEMP.TERESAS.001\AppData\Local DB Check 20:40:25.57
--- C:\Users\Teresa's Laptop\AppData\Local DB Check 20:40:25.57
--- C:\Users\Theo\AppData\Local DB Check 20:40:25.57
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 20:40:25.57
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 20:40:25.57
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 20:40:25.57
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 20:40:25.57
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 20:44:01.66
--- C:\Users\Teresa's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 20:44:10.85
--- Tasks DB Check 20:44:16.70
--- Downloads DB Check 20:44:21.22
--- C:\Users\Administrator.TERESAS.001\AppData\LocalLow DB Check 20:44:25.14
--- C:\Users\DefaultAppPool.IIS APPPOOL.001\AppData\LocalLow DB Check 20:44:25.14
--- C:\Users\TEMP.TERESAS.001\AppData\LocalLow DB Check 20:44:25.14
--- C:\Users\Teresa's Laptop\AppData\LocalLow DB Check 20:44:25.14
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 20:44:25.14
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 20:44:25.14
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 20:44:25.14
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 20:44:25.14
--- Tasks2 DB Check 20:45:35.31
--- Documents DB Check 20:46:03.12
--- C:\Users\TERESA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ub2vrslm.default DB Check 20:46:21.09
--- C:\Users\Public\Desktop DB Check 20:46:23.23
--- C:\Users\Teresa's Laptop\Desktop DB Check 20:46:31.06
--- Services DB Check 20:46:40.47
--- FF prefs.js DB Check 20:47:08.61
--- Emptyclsid 20:47:43.71
--- Del by CLSID 20:47:45.80
--- Delete Services 20:48:38.17
--- Batch Commands 20:48:40.36
--- Delete files\folders 20:48:40.61
--- Create Backups 20:48:40.70

There is some crazy stuff going on, I have lost access to several other pages now, they all seem to have to do with research on how to fix this stuff. Also ran CHKDSK /r /v, it found quite a few things and fixed them. I noted before it disappeared, that it had found areas in open space that showed as used. Here is the log if it is of any use to you.

- Provider
[ Name] Microsoft-Windows-Wininit
[ Guid] {206f6dea-d3c5-4d10-bc72-989f03c8b84b}
[ EventSourceName] Wininit
- EventID 1001
[ Qualifiers] 16384
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2015-10-30T03:07:29.000000000Z
EventRecordID 95784
Correlation
- Execution
[ ProcessID] 0
[ ThreadID] 0
Channel Application
Computer Teresas
Security
- EventData
Checking file system on C: The type of the file system is NTFS. Volume label is OSDisk. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... The attribute of type 0x80 and instance tag 0x0 in file 0x2b35b has allocated length of 0x51033000 instead of 0x51032000. Deleted corrupt attribute list entry with type code 128 in file 176987. Unable to locate attribute with instance tag 0x0 and segment reference 0x111000000000338. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 824. Unable to locate attribute with instance tag 0x0 and segment reference 0x710000000043ae. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 17326. Unable to locate attribute with instance tag 0x0 and segment reference 0x61000000018dd5. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 101845. Unable to locate attribute with instance tag 0x0 and segment reference 0x3b000000019156. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 102742. Unable to locate attribute with instance tag 0x0 and segment reference 0x300000000191a1. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 102817. Unable to locate attribute with instance tag 0x0 and segment reference 0x390000000191a4. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 102820. Unable to locate attribute with instance tag 0x0 and segment reference 0x480000000192e8. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 103144. Unable to locate attribute with instance tag 0x0 and segment reference 0x280000000192ec. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 103148. Unable to locate attribute with instance tag 0x0 and segment reference 0x16000000001982a. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 104490. Unable to locate attribute with instance tag 0x0 and segment reference 0x3f100000001f0ad. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 127149. Unable to locate attribute with instance tag 0x0 and segment reference 0x4300000001f133. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 127283. Unable to locate attribute with instance tag 0x0 and segment reference 0x9500000001fd59. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 130393. Unable to locate attribute with instance tag 0x0 and segment reference 0x237000000043860. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 276576. Unable to locate attribute with instance tag 0x0 and segment reference 0x150000000438ab. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 276651. Unable to locate attribute with instance tag 0x0 and segment reference 0x430000000bdf21. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 778017. Unable to locate attribute with instance tag 0x0 and segment reference 0x230000000be0f9. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 778489. Unable to locate attribute with instance tag 0x0 and segment reference 0x430000000be109. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 778505. Unable to locate attribute with instance tag 0x0 and segment reference 0x480000000be140. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 778560. Unable to locate attribute with instance tag 0x0 and segment reference 0x2e0000000be238. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 778808. Unable to locate attribute with instance tag 0x0 and segment reference 0x4f0000000be27a. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 778874. Unable to locate attribute with instance tag 0x0 and segment reference 0x470000000be2a0. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 778912. Unable to locate attribute with instance tag 0x0 and segment reference 0x370000000be31d. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 779037. Unable to locate attribute with instance tag 0x0 and segment reference 0xf0000000c2d0f. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 797967. Unable to locate attribute with instance tag 0x0 and segment reference 0x500000000c2dfa. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 798202. Unable to locate attribute with instance tag 0x0 and segment reference 0x210000000c3693. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800403. Unable to locate attribute with instance tag 0x0 and segment reference 0x2e0000000c3702. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800514. Unable to locate attribute with instance tag 0x0 and segment reference 0x100000000c3703. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800515. Unable to locate attribute with instance tag 0x0 and segment reference 0xd0000000c370c. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800524. Unable to locate attribute with instance tag 0x0 and segment reference 0x1c0000000c372a. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800554. Unable to locate attribute with instance tag 0x0 and segment reference 0xd0000000c372c. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800556. Unable to locate attribute with instance tag 0x0 and segment reference 0x60000000c3737. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800567. Unable to locate attribute with instance tag 0x0 and segment reference 0x50000000c3744. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800580. Unable to locate attribute with instance tag 0x0 and segment reference 0x260000000c3749. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800585. Unable to locate attribute with instance tag 0x0 and segment reference 0x110000000c374c. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800588. Unable to locate attribute with instance tag 0x0 and segment reference 0x100000000c374f. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800591. Unable to locate attribute with instance tag 0x0 and segment reference 0xe0000000c37bb. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800699. Unable to locate attribute with instance tag 0x0 and segment reference 0xb0000000c37ea. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800746. Unable to locate attribute with instance tag 0x0 and segment reference 0xd0000000c381e. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800798. Unable to locate attribute with instance tag 0x0 and segment reference 0xe0000000c3826. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800806. Unable to locate attribute with instance tag 0x0 and segment reference 0x160000000c388c. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800908. Unable to locate attribute with instance tag 0x0 and segment reference 0x1c0000000c3893. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 800915. Unable to locate attribute with instance tag 0x0 and segment reference 0x90000000c3985. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 801157. Cleaning up instance tags for file 0x3f41a. 802048 file records processed. File verification completed. Deleting orphan file record segment 824. Deleting orphan file record segment 17326. Deleting orphan file record segment 101845. Deleting orphan file record segment 102742. Deleting orphan file record segment 102817. Deleting orphan file record segment 102820. Deleting orphan file record segment 103144. Deleting orphan file record segment 103148. Deleting orphan file record segment 104490. Deleting orphan file record segment 127149. Deleting orphan file record segment 127283. Deleting orphan file record segment 130393. 3121 large file records processed. 0 bad file records processed. 0 EA records processed. 260 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 947964 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 802048 file SDs/SIDs processed. Cleaning up 211 unused index entries from index $SII of file 0x9. Cleaning up 211 unused index entries from index $SDH of file 0x9. Cleaning up 211 unused security descriptors. Security descriptor verification completed. Inserting data attribute into file 176987. 72960 data files processed. CHKDSK is verifying Usn Journal... The remaining of an USN page at offset 0x79d70f000 in file 0xf7cf should be filled with zeros. Repairing Usn Journal file record segment. 507192656 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 802032 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 52021463 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 474047487 KB total disk space. 264225744 KB in 724892 files. 351576 KB in 72960 indexes. 4 KB in bad sectors. 1384311 KB in use by the system. 65536 KB occupied by the log file. 208085852 KB available on disk. 4096 bytes in each allocation unit. 118511871 total allocation units on disk. 52021463 allocation units available on disk. Internal Info: 00 3d 0c 00 a7 2c 0c 00 b5 a0 14 00 00 00 00 00 .=...,.......... 47 d0 00 00 04 01 00 00 00 00 00 00 00 00 00 00 G............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.

This really is quite frustrating, Not on you at all, but that I don't seem to be able to be rid of whatever is causing the problems. Ah well, I await your wisdom with as much grace as I am able. LOL

TTFN
LGW

Malnutrition · Oct 30, 2015

Zoek log is incomplete. Also Can you create a new admin account and see how things go from there.

Malnutrition · Oct 30, 2015

Also what was found by malwarebytes? Got the log? You can check the C: drive for the Zoek log, if that is the only one then you did not allow Zoek to complete.

Malnutrition · Nov 3, 2015

I noticed that the GWX update is back on your machine, did you ever remove? I provided instructions in this thread. A lot of people complain that it slows their machine to a crawl. Also might be worth updating your drivers.

http://sourceforge.net/projects/snappy-driver-installer/

Malnutrition · Nov 7, 2015

update??

LadyGreenWitch · Nov 9, 2015

Sorry Dude,
I am doing a show and have been crazy busy. Let me work back through your instructions, and I will attempt to give you what you want. I had to do a few things without your help. I know that makes it difficult to pinpoint the problem, but I was in a world of hurt. So I redid the Win Repair, which at least got me back to some regular functionality. I will get back to you with everything that you requested.
TTFN,
LGW

Malnutrition · Nov 9, 2015

Yeah, Zoek never completed. You will know when it does when it reboots your machine.

Malnutrition · Jul 27, 2016

How about an update?

Multiple running processes of ie and Chrome using up serious memory and causing program lockups

Malnutrition

Still Hungry

LadyGreenWitch

I'll get you my pretty, and your little log too!

Attachments

Malnutrition

Still Hungry

LadyGreenWitch

I'll get you my pretty, and your little log too!

Malnutrition

Still Hungry

Malnutrition

Still Hungry

Malnutrition

Still Hungry

Malnutrition

Still Hungry

LadyGreenWitch

I'll get you my pretty, and your little log too!

Malnutrition

Still Hungry

Malnutrition

Still Hungry