Tech Support Forum banner
Status
Not open for further replies.

Failed update lost drive space?

SOLVED 
3K views 23 replies 2 participants last post by  ron-e-g 
#1 ·
For the second time in 6 months my win 7 has gone through a update sequence that windows failed. The system then goes through a sort of undoing process. Very lengthy process. After witch I have lost roughly 18GB of drive space. I did a drive clean-up only to regain under 2GB of space back.

sound familiar to anyone? Can help? please
 
#2 ·
Go to Start/Search and type CMD, right click the CMD results and Run As Administrator. In the Elevated Command Prompt type chkdsk /R and press enter. Now type a Y for Yes and Reboot the computer. Check Disk will start at next bootup and it will go through 5 stages. This will take a long while.
After that completes, you can start an Elevated Command Prompt as discussed, and type SFC /scannow and press enter. This will replace any missing system files. If that finishes saying it found no integrity violations, then try the updates again.
 
#4 ·
This event happened around 6-7 pm yesterday. It was not like a regular update (one that list the number of updates being installed) it just said configuring your system or windows..can't remember. then after a while it read unable or failed reverting your system back. It was after the desktop finally came back I noticed my free space on the c drive had gone from 70GB free To 51.9 or so. DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18666
Run by Ron at 10:32:59 on 2017-05-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.24567.5687 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\M-Audio\Fast Track C600\AudioDevMon.exe
C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [HP Officejet Pro 8620 (NET)] "C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe" -deviceID "CN465C403H:NW" -scfn "HP Officejet Pro 8620 (NET)" -AutoStart 1
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Ron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - E:\Windows.old\Users\Ronald Cox\AppData\Roaming\Dropbox\bin\Dropbox (2).exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1D52BABE-F82C-476C-8E19-10D2A4CEEC83} : NameServer = 172.20.1.1
TCP: Interfaces\{23EFABCA-111D-433B-9B6B-BBA04F546AFE} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - LocalServer32 - <no file>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - LocalServer32 - <no file>
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [MouseDriver] TiltWheelMouse.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\9q6uuus7.default-1494960953674\
FF - prefs.js: browser.startup.homepage - hxxp://myyahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\Users\Ron\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-3-14 24880]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-9-1 26528]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2012-6-4 389968]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 FastTrackC600AudioDevMon;Fast Track C600 Audio Device Monitor;C:\Program Files (x86)\M-Audio\Fast Track C600\AudioDevMon.exe [2014-8-18 574184]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2017-4-7 33640]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2015-7-16 26776]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2016-9-13 47330344]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-3-1 104976]
R3 GOLDFINGER;Service for M-Audio Fast Track C600;C:\Windows\System32\drivers\MAudioFastTrackC600.sys [2014-8-18 528104]
R3 GOLDFINGERDFU;Service for M-Audio Fast Track C600 DFU;C:\Windows\System32\drivers\MAudioFastTrackC600_DFU.sys [2014-8-18 31464]
R3 L6TPortB;Service - Line 6 TonePort UX2;C:\Windows\System32\drivers\L6TPortB64.sys [2015-8-21 777728]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-11-13 135928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 NIWinCDEmu;ISO Mounter driver;C:\Windows\System32\drivers\NIWinCDEmu.sys [2015-8-24 112408]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-26 125064]
S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe --> C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [?]
S3 grmobileavs;Guitar Rig Mobile I/O WDM Audio;C:\Windows\System32\drivers\grmobileavs.sys [2011-4-11 358480]
S3 grmobileusb_svc;Guitar Rig Mobile I/O;C:\Windows\System32\drivers\grmobileusb.sys [2011-4-11 97360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-5-17 116224]
S3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor;C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [2015-4-27 1065312]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\Windows\System32\drivers\KORGUM64.SYS [2011-3-30 33656]
S3 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-9-1 2909472]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-12 19456]
S3 semav6msr64;semav6msr64;C:\Windows\System32\drivers\semav6msr64.sys [2017-5-25 21984]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-9-5 165504]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-9-12 29696]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\System32\drivers\teVirtualMIDI64.sys [2012-8-15 30208]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-10-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-12 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-05-26 02:36:33 -------- d-----w- C:\Program Files (x86)\WinDirStat
2017-05-26 02:22:45 13020000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA8CB160-A37D-46BC-9E07-1434D1CD0D8D}\mpengine.dll
2017-05-26 02:10:33 13020000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-05-25 19:05:31 21984 ----a-w- C:\Windows\System32\drivers\semav6msr64.sys
2017-05-25 18:31:22 -------- d-----w- C:\Users\Ron\AppData\Local\HP_Inc
2017-05-25 18:22:26 763912 ------w- C:\Windows\System32\HPDiscoPM7012.dll
2017-05-25 17:26:18 -------- d-----w- C:\ProgramData\TechUtilities64
2017-05-25 01:08:59 517960 ----a-w- C:\Windows\System32\XAudio2_5.dll
2017-05-25 01:05:00 -------- d-----w- C:\Windows\SysWow64\directx
2017-05-20 01:34:08 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C21566E-D489-4CE6-BDD1-8F5FF5787861}\gapaengine.dll
2017-05-17 16:23:51 -------- d--h--w- C:\Windows\msdownld.tmp
2017-05-09 20:01:43 880640 ----a-w- C:\Windows\System32\advapi32.dll
2017-05-03 14:07:06 -------- dc-h--w- C:\ProgramData\{00E0164B-B182-4800-96DA-F8D39B3A7189}
2017-04-28 19:29:13 -------- dc-h--w- C:\ProgramData\{F0F3660E-3963-4E9E-B44E-192B34C6DECD}
2017-04-27 16:26:45 -------- dc-h--w- C:\ProgramData\{6765FF4A-D3FF-48F4-8F6F-D61DA603637B}
2017-04-27 00:17:36 -------- dc-h--w- C:\ProgramData\{E71D880F-E3CD-4075-B318-369A8C1E916A}
.
==================== Find3M ====================
.
2017-05-25 02:54:48 272 ----a-w- C:\Users\Ron\AppData\Roaming\msregsvv.dll
2017-05-16 19:34:05 803320 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-05-16 19:34:05 144888 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-04-28 19:44:12 320 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2017-04-28 01:14:59 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-04-28 01:14:09 706792 ----a-w- C:\Windows\System32\winload.efi
2017-04-28 01:14:08 5547240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-04-28 01:14:05 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-04-28 01:14:05 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-04-28 01:11:49 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-04-28 01:09:59 44032 ----a-w- C:\Windows\System32\csrsrv.dll
2017-04-28 00:36:36 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-04-28 00:36:36 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-04-28 00:34:21 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-04-28 00:19:29 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-04-28 00:19:26 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-04-28 00:19:25 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-04-28 00:18:44 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-04-28 00:15:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-04-28 00:14:54 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-04-28 00:12:14 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-04-28 00:11:40 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-04-28 00:11:38 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-04-28 00:11:35 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-04-28 00:10:56 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-04-28 00:10:53 112640 ----a-w- C:\Windows\System32\smss.exe
2017-04-28 00:08:07 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-04-28 00:08:06 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-04-28 00:08:06 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-04-28 00:08:05 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-04-28 00:07:21 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-04-28 00:07:13 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-04-28 00:07:13 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-28 00:07:13 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-28 00:07:13 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2017-04-26 14:59:15 3220992 ----a-w- C:\Windows\System32\win32k.sys
2017-04-21 15:34:00 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2017-04-21 15:15:28 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2017-04-17 15:37:31 512000 ----a-w- C:\Windows\System32\rpcss.dll
2017-04-17 15:37:29 876544 ----a-w- C:\Windows\System32\oleaut32.dll
2017-04-17 15:37:29 26112 ----a-w- C:\Windows\System32\oleres.dll
2017-04-17 15:37:29 2065408 ----a-w- C:\Windows\System32\ole32.dll
2017-04-17 15:37:20 8704 ----a-w- C:\Windows\System32\comcat.dll
2017-04-17 15:12:24 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2017-04-17 15:12:24 26112 ----a-w- C:\Windows\SysWow64\oleres.dll
2017-04-17 15:12:24 1417728 ----a-w- C:\Windows\SysWow64\ole32.dll
2017-04-17 14:54:48 7168 ----a-w- C:\Windows\SysWow64\comcat.dll
2017-04-16 09:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-04-16 09:16:46 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-04-16 08:57:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-04-16 08:55:41 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-04-16 08:55:24 417792 ----a-w- C:\Windows\System32\html.iec
2017-04-16 08:54:52 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-04-16 08:54:39 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-04-16 08:37:33 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-04-16 08:37:32 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-04-16 08:36:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-04-16 08:25:51 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-04-16 08:19:51 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-04-16 08:18:59 5977600 ----a-w- C:\Windows\System32\jscript9.dll
2017-04-16 08:11:22 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-04-16 08:10:56 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-04-16 08:02:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-04-16 08:01:42 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-04-16 08:01:40 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-04-16 08:01:20 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-04-16 08:00:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-04-16 07:47:30 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-04-16 07:46:56 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-04-16 07:37:51 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-04-16 07:37:40 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-04-16 07:30:01 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-04-16 07:29:28 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-04-16 07:08:57 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-04-16 07:08:30 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-04-16 07:08:11 4548608 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-04-16 07:04:52 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-04-16 06:37:47 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-04-12 15:32:24 229376 ----a-w- C:\Windows\System32\wintrust.dll
2017-04-12 15:32:10 190976 ----a-w- C:\Windows\System32\cryptsvc.dll
2017-04-12 15:32:10 1483776 ----a-w- C:\Windows\System32\crypt32.dll
2017-04-12 15:32:10 141824 ----a-w- C:\Windows\System32\cryptnet.dll
2017-04-12 15:26:12 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2017-04-12 15:25:04 145920 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2017-04-12 15:25:04 1176064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2017-04-12 15:25:04 106496 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2017-04-07 22:06:58 532136 ------w- C:\Windows\System32\MpSigStub.exe
2017-04-07 15:34:43 986856 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2017-04-07 15:34:43 265448 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2017-04-07 15:30:55 405504 ----a-w- C:\Windows\System32\gdi32.dll
2017-04-07 15:30:53 144384 ----a-w- C:\Windows\System32\cdd.dll
2017-04-07 15:22:12 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2017-04-07 11:24:50 23280 ----a-w- C:\Windows\help\OEM\Scripts\checkMui.dll
2017-04-05 14:55:36 460800 ----a-w- C:\Windows\System32\drivers\srv.sys
2017-04-05 14:55:28 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2017-04-05 14:55:23 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2017-04-04 15:34:38 1895656 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2017-04-04 15:34:36 377576 ----a-w- C:\Windows\System32\drivers\netio.sys
2017-04-04 15:34:36 287976 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2017-04-04 14:53:18 496128 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 10:34:10.29 ===============
 

Attachments

#5 · (Edited)
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
Please do not post Hijack this logs here. Due to Forum rules, we cannot assist with Virus discussion or removal. If you feel you are infected, please click the link in my signature Virus/Malware Help, do those things and post in that section of the Forum and not here please. Do not post a HJT log there unless requested by them.
That being said, the SFC /scannow now screenshot shows you did not type it in correctly. At the Elevated Command Prompt (ie) C:\Windows\Systme32> type SFC (space) /scannow (as shown previously in this post) and press enter.
Also did you run chkdsk /R from the Elevated Command Prompt? Be sure to leave a space between the k and the /
 
#7 ·
Ok that time SFC was typed correctly and it finished. Now open an Elevated Command Prompt and type in or copy and paste
Dism /Online /Cleanup-Image /ScanHealth and press enter.
When that completed then type or copy and paste
Dism /Online /Cleanup-Image /RestoreHealth and press enter. when that is done type
SFC /scannow and press enter again. Report what it says.
 
#11 ·
spunk.funk are you aware I can not enter a new command prompt in the same window that just completed one? Each time I must close the window then open a new elevated command prompt then enter the new command. Probably why Dism /Online /Cleanup-Image /RestoreHealth didn't complete. I got SFC /scannow to work in new window
 

Attachments

#23 ·
Here is a video showing you how Space Sniffer works. Basically, the bigger the box is, the more space it is taking up on your HDD. If a directory keeps growing, you will know which program it is that needs to be uninstalled or dealt with.

 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top