Solved – Multiple error messages from system check (delayed write fail/critical error) | TechSpot Forums

Solved – multiple error messages from system check (delayed write fail/critical error)

OTL Text File

OTL logfile created on: 3/21/2022 5:11:55 PM – Run 1
OTL by OldTimer – Version 3.2.39.1 Folder = C:UsersStandardDesktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) – Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.05% Memory free
6.18 Gb Paging File | 4.76 Gb Available in Paging File | 77.12% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
Drive C: | 137.12 Gb Total Space | 37.79 Gb Free Space | 27.56% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 5.20 Gb Free Space | 43.56% Space Free | Partition Type: NTFS

Computer Name: KISAKI-LAPTOP | User Name: Kisaki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC – [2022/03/21 17:00:47 | 000,594,432 | —- | M] (OldTimer Tools) — C:UsersStandardDesktopOTL.exe
PRC – [2022/02/02 05:40:18 | 000,180,648 | —- | M] (Google Inc.) — C:Program FilesGoogleUpdate1.3.21.99GoogleCrashHandler.exe
PRC – [2022/09/22 12:03:30 | 000,974,944 | —- | M] (ESET) — C:Program FilesESETESET NOD32 Antivirusekrn.exe
PRC – [2022/09/22 12:03:02 | 003,080,264 | —- | M] (ESET) — C:Program FilesESETESET NOD32 Antivirusegui.exe
PRC – [2022/08/25 17:53:00 | 000,013,672 | —- | M] (Intuit Inc.) — C:Program FilesCommon FilesIntuitUpdate Service v4IntuitUpdateService.exe
PRC – [2022/11/03 11:00:42 | 002,113,024 | —- | M] (Megaupload Limited) — C:Program FilesMegauploadMega ManagerMegaManager.exe
PRC – [2022/08/23 20:21:40 | 000,013,672 | —- | M] (Intuit Inc.) — C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
PRC – [2022/06/14 21:16:35 | 000,910,296 | —- | M] (Mozilla Corporation) — C:Program FilesMozilla Firefoxfirefox.exe
PRC – [2009/04/11 15:27:36 | 002,926,592 | —- | M] (Microsoft Corporation) — C:Windowsexplorer.exe
PRC – [2008/11/10 05:48:14 | 000,602,392 | —- | M] (Yahoo! Inc.) — C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
PRC – [2008/10/08 05:25:48 | 000,095,744 | —- | M] (j2 Global Communications, Inc.) — C:Program FileseFax Messenger 4.4J2GDllCmd.exe
PRC – [2007/12/11 13:15:04 | 000,012,800 | —- | M] (Agere Systems) — C:WindowsSystem32agrsmsvc.exe
PRC – [2007/09/28 08:27:02 | 004,839,936 | —- | M] () — C:Program FilesCamera Assistant Software for GatewayCEC_MAIN.exe
PRC – [2007/09/14 06:09:44 | 000,638,976 | —- | M] (Chicony) — C:Program FilesCamera Assistant Software for Gatewaytraybar.exe
PRC – [2007/09/07 11:23:36 | 000,405,504 | —- | M] (IDT, Inc.) — C:Windowssttray.exe
PRC – [2007/08/17 09:17:56 | 002,342,912 | —- | M] (BigFix Inc.) — C:Program FilesBigFixbigfix.exe
PRC – [2007/07/13 08:36:12 | 000,354,840 | —- | M] (Intel Corporation) — C:Program FilesIntelIntel Matrix Storage ManagerIAANTmon.exe
PRC – [2007/07/13 08:36:10 | 000,178,712 | —- | M] (Intel Corporation) — C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe

========== Modules (No Company Name) ==========

MOD – [2022/11/20 12:02:05 | 008,527,008 | —- | M] () — C:WindowsSystem32MacromedFlashNPSWF32.dll
MOD – [2022/07/30 21:57:34 | 003,572,224 | —- | M] () — C:Program FilesCombined Community Codec PackFiltersFFDShowffdshow.ax
MOD – [2022/11/03 10:58:18 | 000,019,968 | —- | M] () — C:Program FilesMegauploadMega Managerwwwinit.dll
MOD – [2022/11/03 10:58:14 | 000,015,360 | —- | M] () — C:Program FilesMegauploadMega Managerwwwssl.dll
MOD – [2022/11/03 10:58:12 | 000,061,440 | —- | M] () — C:Program FilesMegauploadMega Managerwwwapp.dll
MOD – [2022/11/03 10:58:06 | 000,069,632 | —- | M] () — C:Program FilesMegauploadMega Managerwwwhttp.dll
MOD – [2022/11/03 10:58:00 | 000,036,864 | —- | M] () — C:Program FilesMegauploadMega Managerwwwftp.dll
MOD – [2022/11/03 10:57:58 | 000,033,280 | —- | M] () — C:Program FilesMegauploadMega Managerwwwmime.dll
MOD – [2022/11/03 10:57:56 | 000,020,480 | —- | M] () — C:Program FilesMegauploadMega Managerwwwdir.dll
MOD – [2022/11/03 10:57:54 | 000,055,296 | —- | M] () — C:Program FilesMegauploadMega Managerwwwhtml.dll
MOD – [2022/11/03 10:57:54 | 000,026,112 | —- | M] () — C:Program FilesMegauploadMega Managerwwwstream.dll
MOD – [2022/11/03 10:57:50 | 000,024,064 | —- | M] () — C:Program FilesMegauploadMega Managerwwwfile.dll
MOD – [2022/11/03 10:57:48 | 000,027,648 | —- | M] () — C:Program FilesMegauploadMega Managerwwwcache.dll
MOD – [2022/11/03 10:57:46 | 000,022,016 | —- | M] () — C:Program FilesMegauploadMega Managerwwwtrans.dll
MOD – [2022/11/03 10:57:42 | 000,143,360 | —- | M] () — C:Program FilesMegauploadMega Managerwwwcore.dll
MOD – [2022/11/03 10:57:30 | 000,038,400 | —- | M] () — C:Program FilesMegauploadMega Managerwwwutils.dll
MOD – [2022/06/14 21:16:36 | 001,014,744 | —- | M] () — C:Program FilesMozilla Firefoxjs3250.dll
MOD – [2022/02/23 06:04:00 | 001,589,248 | —- | M] () — C:Program FilesGoogleGoogle GearsFirefoxlibff36gears.dll
MOD – [2009/12/01 16:46:20 | 000,839,680 | R— | M] () — C:Program FilesMegauploadMega Managerlibeay32.dll
MOD – [2009/12/01 16:46:20 | 000,159,744 | R— | M] () — C:Program FilesMegauploadMega Managerssleay32.dll
MOD – [2009/12/01 16:46:20 | 000,062,464 | R— | M] () — C:Program FilesMegauploadMega Managerhs_regex.dll
MOD – [2007/09/28 08:27:02 | 004,839,936 | —- | M] () — C:Program FilesCamera Assistant Software for GatewayCEC_MAIN.exe

========== Win32 Services (SafeList) ==========

SRV – [2022/09/22 12:03:30 | 000,974,944 | —- | M] (ESET) [Auto | Running] — C:Program FilesESETESET NOD32 Antivirusekrn.exe — (ekrn)
SRV – [2022/08/25 17:53:00 | 000,013,672 | —- | M] (Intuit Inc.) [Auto | Running] — C:Program FilesCommon FilesIntuitUpdate Service v4IntuitUpdateService.exe — (IntuitUpdateServiceV4)
SRV – [2022/08/23 20:21:40 | 000,013,672 | —- | M] (Intuit Inc.) [Auto | Running] — C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe — (IntuitUpdateService)
SRV – [2008/11/10 05:48:14 | 000,602,392 | —- | M] (Yahoo! Inc.) [Auto | Running] — C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe — (YahooAUService)
SRV – [2008/05/06 07:25:46 | 000,165,416 | —- | M] (WildTangent, Inc.) [On_Demand | Stopped] — C:Program FilesGateway GamesGateway Game ConsoleGameConsoleService.exe — (GameConsoleService)
SRV – [2008/01/21 11:23:32 | 000,272,952 | —- | M] (Microsoft Corporation) [On_Demand | Running] — C:Program FilesWindows DefenderMpSvc.dll — (WinDefend)
SRV – [2007/12/11 13:15:04 | 000,012,800 | —- | M] (Agere Systems) [Auto | Running] — C:WindowsSystem32agrsmsvc.exe — (AgereModemAudio)
SRV – [2007/07/13 08:36:12 | 000,354,840 | —- | M] (Intel Corporation) [Auto | Running] — C:Program FilesIntelIntel Matrix Storage ManagerIAANTmon.exe — (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV – File not found [Kernel | On_Demand | Stopped] — system32DRIVERSnwlnkfwd.sys — (NwlnkFwd)
DRV – File not found [Kernel | On_Demand | Stopped] — system32DRIVERSnwlnkflt.sys — (NwlnkFlt)
DRV – File not found [Kernel | On_Demand | Stopped] — system32DRIVERSipinip.sys — (IpInIp)
DRV – File not found [Kernel | On_Demand | Stopped] — C:UsersKisakiAppDataLocalTempcatchme.sys — (catchme)
DRV – [2022/08/09 14:24:52 | 000,163,424 | —- | M] (ESET) [File_System | Auto | Running] — C:WindowsSystem32driverseamonm.sys — (eamonm)
DRV – [2022/08/04 09:20:38 | 000,103,112 | —- | M] (ESET) [Kernel | Auto | Running] — C:WindowsSystem32driversepfwwfpr.sys — (epfwwfpr)
DRV – [2022/08/04 09:20:36 | 000,118,104 | —- | M] (ESET) [Kernel | System | Running] — C:WindowsSystem32driversehdrv.sys — (ehdrv)
DRV – [2022/06/23 09:21:32 | 000,259,176 | —- | M] (Realtek ) [Kernel | On_Demand | Running] — C:WindowsSystem32driversRtlh86.sys — (RTL8169)
DRV – [2009/05/19 19:34:31 | 000,005,632 | —- | M] () [File_System | System | Running] — C:WindowsSystem32driversStarOpen.sys — (StarOpen)
DRV – [2008/11/17 15:40:22 | 003,668,480 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSystem32driversNETw5v32.sys — (NETw5v32) Intel(R)
DRV – [2008/02/29 17:13:38 | 001,202,560 | —- | M] (Agere Systems) [Kernel | On_Demand | Running] — C:WindowsSystem32driversAGRSM.sys — (AgereSoftModem)
DRV – [2008/01/21 11:23:20 | 002,225,664 | —- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSystem32driversNETw3v32.sys — (NETw3v32) Intel(R)
DRV – [2007/09/07 11:26:04 | 000,330,240 | —- | M] (IDT, Inc.) [Kernel | On_Demand | Running] — C:WindowsSystem32driversstwrt.sys — (STHDA)
DRV – [2007/05/24 09:37:40 | 000,011,776 | —- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSystem32driversUVCFTR_S.SYS — (UVCFTR)
DRV – [2007/05/03 00:11:18 | 000,109,704 | —- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSystem32driversss_mdm.sys — (ss_mdm)
DRV – [2007/05/03 00:11:18 | 000,015,112 | —- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSystem32driversss_mdfl.sys — (ss_mdfl)
DRV – [2007/05/03 00:11:16 | 000,083,592 | —- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSystem32driversss_bus.sys — (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV – [2007/04/30 07:45:18 | 002,219,520 | —- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSystem32driversNETw4v32.sys — (NETw4v32) Intel(R)
DRV – [2006/11/02 16:30:56 | 002,589,184 | —- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSystem32driversNETw2v32.sys — (NETw2v32) Intel(R)
DRV – [2002/07/18 05:20:32 | 000,084,832 | —- | M] (Adaptec) [Kernel | On_Demand | Stopped] — C:WindowsSystem32driversASPI32.SYS — (ASPI)

:/>  Почему не работает айтюнс на компьютере

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
IE – HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE – HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE – HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE – HKU.DEFAULTSOFTWAREMicrosoftInternet ExplorerMain,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

IE – HKUS-1-5-18SOFTWAREMicrosoftInternet ExplorerMain,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000SOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000SOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000..SearchScopes,DefaultScope = {B80EE549-26B8-4AC2-A076-4C02DCAC4A35}
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rlz=1I7GWYE_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000..SearchScopes{70D46D94-BF1E-45ED-B567-48701376298E}: “URL” = http://127.0.0.1:4664/search&s=GDY9YzUvqDPbiL-_ojLcTolf4Os?q={searchTerms}
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000..SearchScopes{81E28843-E562-4A45-8C32-73CF94499D3B}: “URL” = http://search.avg.com/route/?d=4ce7402e&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000..SearchScopes{B80EE549-26B8-4AC2-A076-4C02DCAC4A35}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE_en
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001SOFTWAREMicrosoftInternet ExplorerMain,Search Bar = Preserve
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001SOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.gmail.com/
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001..URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} – No CLSID value found
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001..SearchScopes,DefaultScope = {FB77A334-C613-43D6-842A-D3B78C34071F}
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001..SearchScopes{31FA1694-F592-4339-B548-94AED3D49B73}: “URL” = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=aa
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rlz=1I7GWYE_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001..SearchScopes{70D46D94-BF1E-45ED-B567-48701376298E}: “URL” = http://127.0.0.1:4664/search&s=P9rs7kuxicJ0dcPKkcH0am1iQ14?q={searchTerms}
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001..SearchScopes{FB77A334-C613-43D6-842A-D3B78C34071F}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE_en
IE – HKUS-1-5-21-710243377-3777013803-3809824090-1001SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF – prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF – user.js – File not found

FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF32.dll ()
FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found
FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
FF – HKLMSoftwareMozillaPlugins@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:Program FilesYahoo!SharednpYState.dll (Yahoo! Inc.)
FF – HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
FF – HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)
FF – HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.99npGoogleUpdate3.dll (Google Inc.)
FF – HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{000a9d1c-beef-4f90-9363-039d445309b8}: C:Program FilesGoogleGoogle GearsFirefox [2022/03/05 16:07:23 | 000,000,000 | —D | M]FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.4extensions\Components: C:Program FilesMozilla Firefoxcomponents [2022/09/23 16:59:52 | 000,000,000 | —D | M]FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.4extensions\Plugins: C:Program FilesMozilla Firefoxplugins [2022/07/07 18:18:13 | 000,000,000 | —D | M]FF – HKEY_LOCAL_MACHINEsoftwaremozillaThunderbirdExtensions\eplgTb@eset.com: C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird [2022/02/02 05:25:06 | 000,000,000 | —D | M] [2008/11/28 23:04:55 | 000,000,000 | —D | M] (No name found) — C:UsersKisakiAppDataRoamingMozillaExtensions
[2022/03/20 18:52:30 | 000,000,000 | —D | M] (No name found) — C:UsersKisakiAppDataRoamingMozillaFirefoxProfileshoggeevb.defaultextensions
[2022/03/02 22:03:24 | 000,000,000 | —D | M] (Microsoft .NET Framework Assistant) — C:UsersKisakiAppDataRoamingMozillaFirefoxProfileshoggeevb.defaultextensions{20a82645-c095-46ed-80e3-08825760534b}
[2022/03/20 18:52:30 | 000,000,000 | —D | M] (No name found) — C:Program FilesMozilla Firefoxextensions
[2022/03/05 16:07:23 | 000,000,000 | —D | M] (Google Gears) — C:PROGRAM FILESGOOGLEGOOGLE GEARSFIREFOX

O1 HOSTS File: ([2022/03/20 18:48:56 | 000,000,027 | —- | M]) – C:WindowsSystem32driversetchosts
O1 – Hosts: 127.0.0.1 localhost
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – No CLSID value found.
O2 – BHO: (IeMonitorBho Class) – {bf00e119-21a3-4fd1-b178-3b8537e75c92} – C:Program FilesMegauploadMega ManagerMegaIEMn.dll (Megaupload Limited)
O2 – BHO: (Google Gears Helper) – {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} – C:Program FilesGoogleGoogle GearsInternet Explorer.5.36.0gears.dll (Google Inc.)
O3 – HKLM..Toolbar: (Grab Pro) – {C55BBCD6-41AD-48AD-9953-3609C48EACC7} – C:Program FilesOrbitdownloaderGrabPro.dll ()
O3 – HKUS-1-5-21-710243377-3777013803-3809824090-1000..ToolbarWebBrowser: (Grab Pro) – {C55BBCD6-41AD-48AD-9953-3609C48EACC7} – C:Program FilesOrbitdownloaderGrabPro.dll ()
O3 – HKUS-1-5-21-710243377-3777013803-3809824090-1001..ToolbarWebBrowser: (Grab Pro) – {C55BBCD6-41AD-48AD-9953-3609C48EACC7} – C:Program FilesOrbitdownloaderGrabPro.dll ()
O4 – HKLM..Run: [Camera Assistant Software] C:Program FilesCamera Assistant Software for Gatewaytraybar.exe (Chicony)
O4 – HKLM..Run: [egui] C:Program FilesESETESET NOD32 Antivirusegui.exe (ESET)
O4 – HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe (Intel Corporation)
O4 – HKLM..Run: [Malwarebytes Anti-Malware (reboot)] C:Program FilesMalwarebytes’ Anti-Malwarembam.exe (Malwarebytes Corporation)
O4 – HKLM..Run: [SigmatelSysTrayApp] C:Windowssttray.exe (IDT, Inc.)
O4 – HKUS-1-5-21-710243377-3777013803-3809824090-1000..Run: [Messenger (Yahoo!)] C:Program FilesYahoo!MessengerYahooMessenger.exe (Yahoo! Inc.)
O4 – HKUS-1-5-21-710243377-3777013803-3809824090-1000..Run: [WindowsWelcomeCenter] C:WindowsSystem32oobefldr.dll (Microsoft Corporation)
O4 – HKUS-1-5-21-710243377-3777013803-3809824090-1001..Run: [eFax 4.4] C:Program FileseFax Messenger 4.4J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 – HKUS-1-5-21-710243377-3777013803-3809824090-1001..Run: [fvmJCJEUlfbO.exe] C:ProgramDatafvmJCJEUlfbO.exe File not found
O4 – HKUS-1-5-21-710243377-3777013803-3809824090-1001..Run: [Mega Manager] C:Program FilesMegauploadMega ManagerMegaManager.exe (Megaupload Limited)
O4 – HKUS-1-5-21-710243377-3777013803-3809824090-1001..Run: [TOY5KNQ8OC] C:UsersStandardAppDataLocalTempAm4.exe File not found
O4 – HKLM..RunOnce: [*WerKernelReporting] C:WindowsSystem32WerFault.exe (Microsoft Corporation)
O4 – HKLM..RunOnce: [InnoSetupRegFile.0000000001] C:Windowsis-JB6QU.exe ()
O4 – HKLM..RunOnce: [Launcher] C:WindowsSMINSTLauncher.exe (soft thinks)
O4 – HKUS-1-5-21-710243377-3777013803-3809824090-1000..RunOnce: [FlashPlayerUpdate] C:WindowsSystem32MacromedFlashFlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 – HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O7 – HKU.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 – HKUS-1-5-18SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 – HKUS-1-5-19SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 – HKUS-1-5-20SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 – HKUS-1-5-21-710243377-3777013803-3809824090-1000SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 – HKUS-1-5-21-710243377-3777013803-3809824090-1000SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O7 – HKUS-1-5-21-710243377-3777013803-3809824090-1001SoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: &Download by Orbit – C:Program FilesOrbitdownloaderorbitmxt.dll (Orbitdownloader.com)
O8 – Extra context menu item: &Grab video by Orbit – C:Program FilesOrbitdownloaderorbitmxt.dll (Orbitdownloader.com)
O8 – Extra context menu item: Do&wnload selected by Orbit – C:Program FilesOrbitdownloaderorbitmxt.dll (Orbitdownloader.com)
O8 – Extra context menu item: Down&load all by Orbit – C:Program FilesOrbitdownloaderorbitmxt.dll (Orbitdownloader.com)
O9 – Extra ‘Tools’ menuitem : &Gears Settings – {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} – C:Program FilesGoogleGoogle GearsInternet Explorer.5.36.0gears.dll (Google Inc.)
O15 – HKUS-1-5-21-710243377-3777013803-3809824090-1000..Trusted Domains: localhost ([]http in Local intranet)
O15 – HKUS-1-5-21-710243377-3777013803-3809824090-1000..Trusted Ranges: GD ([http] in Local intranet)
O15 – HKUS-1-5-21-710243377-3777013803-3809824090-1001..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 – HKUS-1-5-21-710243377-3777013803-3809824090-1001..Trusted Domains: localhost ([]http in Local intranet)
O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 – DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 – DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 – DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{AB31D837-0957-4C15-BFD6-41483FD56E7D}: DhcpNameServer = 192.168.0.1
O20 – AppInit_DLLs: (C:PROGRA~1GoogleGOOGLE~1GoogleDesktopNetwork3.dll) – C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopNetwork3.dll (Google)
O20 – AppInit_DLLs: (C:PROGRA~1GoogleGOOGLE~1GoogleDesktopNetwork3.dll) – C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopNetwork3.dll (Google)
O20 – HKLM Winlogon: Shell – (Explorer.exe) – C:Windowsexplorer.exe (Microsoft Corporation)
O20 – HKLM Winlogon: UserInit – (C:Windowssystem32userinit.exe) – C:WindowsSystem32userinit.exe (Microsoft Corporation)
O24 – Desktop WallPaper: C:WindowsWebWallpaperimg11.jpg
O24 – Desktop BackupWallPaper: C:WindowsWebWallpaperimg11.jpg
O28 – HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} – No CLSID value found.
O32 – HKLM CDRom: AutoRun – 1
O32 – AutoRun File – [2006/09/19 06:43:36 | 000,000,024 | —- | M] () – C:autoexec.bat — [ NTFS ]O34 – HKLM BootExecute: (autocheck autochk *)
O35 – HKLM..comfile [open] — “%1” %*
O35 – HKLM..exefile [open] — “%1” %*
O37 – HKLM…com [@ = ComFile] — “%1” %*
O37 – HKLM…exe [@ = exefile] — “%1” %*
O37 – HKUS-1-5-21-710243377-3777013803-3809824090-1001…exe [@ = exefile] — Reg Error: Key error. File not found

:/>  Как удалить обновления Windows 10 - старые, последние, скачанные и установленные файлы, можно ли это делать, инструкция со скриншотами

NetSvcs: FastUserSwitchingCompatibility – File not found
NetSvcs: Ias – C:WindowsSystem32ias.dll (Microsoft Corporation)
NetSvcs: Nla – File not found
NetSvcs: Ntmssvc – File not found
NetSvcs: NWCWorkstation – File not found
NetSvcs: Nwsapagent – File not found
NetSvcs: SRService – File not found
NetSvcs: WmdmPmSp – File not found
NetSvcs: LogonHours – File not found
NetSvcs: PCAudit – File not found
NetSvcs: helpsvc – File not found
NetSvcs: uploadmgr – File not found

Drivers32: msacm.clmp3enc – C:Program FilesCyberLinkPower2GoCLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm – C:WindowsSystem32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp – C:WindowsSystem32l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 – C:WindowsSystem32vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid – C:WindowsSystem32iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS – C:Program FilesCombined Community Codec PackFiltersFFDShowff_vfw.dll ()
Drivers32: vidc.mjpg – C:WindowsSystem32pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.XVID – C:WindowsSystem32xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders – Created Within 30 Days ==========

[2022/03/20 18:51:15 | 000,000,000 | -HSD | C] — C:UsersKisaki%APPDATA%
[2022/03/20 18:51:15 | 000,000,000 | -HSD | C] — C:$RECYCLE.BIN
[2022/03/20 18:51:13 | 000,000,000 | —D | C] — C:Windowstemp
[2022/03/20 18:51:13 | 000,000,000 | —D | C] — C:UsersKisakiAppDataLocaltemp
[2022/03/20 18:39:04 | 000,518,144 | —- | C] (SteelWerX) — C:WindowsSWREG.exe
[2022/03/20 18:39:04 | 000,406,528 | —- | C] (SteelWerX) — C:WindowsSWSC.exe
[2022/03/20 18:39:04 | 000,060,416 | —- | C] (NirSoft) — C:WindowsNIRCMD.exe
[2022/03/20 18:38:55 | 000,000,000 | —D | C] — C:Qoobox

========== Files – Modified Within 30 Days ==========

[2022/03/21 16:45:00 | 000,000,886 | —- | M] () — C:WindowstasksGoogleUpdateTaskMachineUA.job
[2022/03/21 16:40:07 | 000,003,216 | -H– | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2022/03/21 16:40:07 | 000,003,216 | -H– | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2022/03/21 05:45:00 | 000,000,882 | —- | M] () — C:WindowstasksGoogleUpdateTaskMachineCore.job
[2022/03/21 04:40:12 | 000,067,584 | –S- | M] () — C:Windowsbootstat.dat
[2022/03/20 19:02:57 | 3211,190,272 | -HS- | M] () — C:hiberfil.sys
[2022/03/20 18:48:56 | 000,000,027 | —- | M] () — C:WindowsSystem32driversetchosts
[2022/03/19 18:20:21 | 000,000,512 | —- | M] () — C:UsersKisakiDesktopMBR.dat
[2022/03/15 03:23:11 | 000,321,824 | —- | M] () — C:WindowsSystem32FNTCACHE.DAT
[2022/03/13 06:46:03 | 000,001,982 | —- | M] () — C:UsersPublicDesktopGoogle Chrome.lnk
[2022/03/10 15:06:26 | 007,939,876 | —- | M] () — C:WindowsSystem32perfh009.dat
[2022/03/10 15:06:26 | 002,736,438 | —- | M] () — C:WindowsSystem32perfc009.dat

========== Files Created – No Company Name ==========

[2022/03/20 18:39:04 | 000,256,000 | —- | C] () — C:WindowsPEV.exe
[2022/03/20 18:39:04 | 000,208,896 | —- | C] () — C:WindowsMBR.exe
[2022/03/20 18:39:04 | 000,098,816 | —- | C] () — C:Windowssed.exe
[2022/03/20 18:39:04 | 000,080,412 | —- | C] () — C:Windowsgrep.exe
[2022/03/20 18:39:04 | 000,068,096 | —- | C] () — C:Windowszip.exe
[2022/03/19 18:20:21 | 000,000,512 | —- | C] () — C:UsersKisakiDesktopMBR.dat
[2022/01/28 15:14:26 | 000,000,451 | —- | C] () — C:ProgramDataMicrosoft.SqlServer.Compact.400.32.bc
[2022/10/16 06:36:29 | 000,175,616 | —- | C] () — C:WindowsSystem32unrar.dll
[2022/09/10 14:47:46 | 001,201,368 | —- | C] () — C:Windowsis-JB6QU.exe

========== LOP Check ==========

[2009/10/29 22:56:52 | 000,000,000 | —D | M] — C:UsersKisakiAppDataRoamingGrabPro
[2009/07/16 03:52:48 | 000,000,000 | —D | M] — C:UsersKisakiAppDataRoamingImgBurn
[2009/11/27 03:37:27 | 000,000,000 | —D | M] — C:UsersKisakiAppDataRoamingOrbit
[2009/04/21 04:04:08 | 000,000,000 | —D | M] — C:UsersKisakiAppDataRoamingSampleView
[2009/05/19 19:11:51 | 000,000,000 | —D | M] — C:UsersKisakiAppDataRoamingSamsung
[2022/10/06 19:59:02 | 000,000,000 | —D | M] — C:UsersKisakiAppDataRoaminguTorrent
[2009/07/16 03:59:18 | 000,000,000 | —D | M] — C:UsersKisakiAppDataRoamingVso
[2008/10/20 07:44:15 | 000,000,000 | —D | M] — C:UsersKisakiAppDataRoamingWildTangent
[2022/11/20 13:06:35 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoamingAVG10
[2022/03/01 04:09:45 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoamingGrabPro
[2022/01/30 10:11:36 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoamingMegaupload
[2009/11/03 08:03:34 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoamingOrbit
[2022/01/22 18:50:49 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoamingQuickScan
[2009/07/25 10:31:53 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoamingSampleView
[2009/05/19 19:22:29 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoamingSamsung
[2022/01/26 02:58:01 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoamingTemplate
[2022/12/28 02:49:57 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoaminguTorrent
[2008/12/02 04:20:58 | 000,000,000 | -H-D | M] — C:UsersStandardAppDataRoamingWildTangent
[2022/03/20 19:01:59 | 000,032,606 | —- | M] () — C:WindowsTasksSCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%*.* >
[2006/09/19 06:43:36 | 000,000,024 | —- | M] () — C:autoexec.bat
[2009/04/11 15:36:36 | 000,333,257 | RHS- | M] () — C:bootmgr
[2008/02/05 14:22:11 | 000,008,192 | R-S- | M] () — C:BOOTSECT.BAK
[2009/05/19 19:39:41 | 000,000,074 | —- | M] () — C:CMLoader.log
[2022/03/20 18:51:11 | 000,009,891 | —- | M] () — C:ComboFix.txt
[2006/09/19 06:43:37 | 000,000,010 | —- | M] () — C:config.sys
[2022/03/20 19:02:57 | 3211,190,272 | -HS- | M] () — C:hiberfil.sys
[2008/06/10 16:22:08 | 000,000,165 | —- | M] () — C:Labelprint.log
[2022/03/20 19:02:55 | 3524,980,736 | -HS- | M] () — C:pagefile.sys
[2008/06/10 16:27:51 | 000,000,163 | —- | M] () — C:power2go.log

< %systemroot%Fonts*.com >
[2006/11/02 21:37:12 | 000,026,040 | —- | M] () — C:WindowsFontsGlobalMonospace.CompositeFont
[2006/11/02 21:37:12 | 000,026,489 | —- | M] () — C:WindowsFontsGlobalSansSerif.CompositeFont
[2006/11/02 21:37:12 | 000,029,779 | —- | M] () — C:WindowsFontsGlobalSerif.CompositeFont
[2009/11/03 07:56:50 | 000,037,665 | —- | M] () — C:WindowsFontsGlobalUserInterface.CompositeFont

< %systemroot%Fonts*.dll >

< %systemroot%Fonts*.ini >
[2006/09/19 06:37:34 | 000,000,065 | —- | M] () — C:WindowsFontsdesktop.ini

:/>  Очистка диска Windows в расширенном режиме | Пикабу

< %systemroot%Fonts*.ini2 >

< %systemroot%Fonts*.exe >

< %systemroot%system32spoolprtprocsw32x86*.* >
[2006/11/02 21:35:48 | 000,022,528 | —- | M] (Microsoft Corporation) — C:Windowssystem32spoolprtprocsw32x86jnwppr.dll
[2006/10/27 11:56:12 | 000,033,104 | —- | M] (Microsoft Corporation) — C:Windowssystem32spoolprtprocsw32x86msonpppr.dll

< %systemroot%REPAIR*.bak1 >

< %systemroot%REPAIR*.ini >

< %systemroot%system32*.jpg >

< %systemroot%*.jpg >

< %systemroot%*.png >

< %systemroot%*.scr >

< %systemroot%*._sy >
Invalid Environment Variable: APPDATA

< %ALLUSERSPROFILE%Favorites*.* >
Invalid Environment Variable: APPDATA

< %PROGRAMFILES%*.* >
[2008/01/21 11:43:21 | 000,000,174 | -HS- | M] () — C:Program Filesdesktop.ini
Invalid Environment Variable: APPDATA

< %systemroot%*. /mp /s >

< %systemroot%System32config*.sav >
[2008/01/21 12:14:18 | 016,846,848 | —- | M] () — C:WindowsSystem32configCOMPONENTS.SAV
[2008/01/21 12:14:08 | 000,106,496 | —- | M] () — C:WindowsSystem32configDEFAULT.SAV
[2008/01/21 12:14:18 | 000,020,480 | —- | M] () — C:WindowsSystem32configSECURITY.SAV
[2006/11/02 19:34:08 | 010,133,504 | —- | M] () — C:WindowsSystem32configSOFTWARE.SAV
[2006/11/02 19:34:08 | 001,826,816 | —- | M] () — C:WindowsSystem32configSYSTEM.SAV

< %PROGRAMFILES%bak. /s >

< %systemroot%system32bak. /s >

< %ALLUSERSPROFILE%Start Menu*.lnk /x >

< %systemroot%system32configsystemprofile*.dat /x >

< %systemroot%*.config >

< %systemroot%system32*.db >
Invalid Environment Variable: APPDATA

< %USERPROFILE%Desktop*.exe >

< %PROGRAMFILES%Common Files*.* >

< %systemroot%*.src >

< %systemroot%install*.* >

< %systemroot%system32DLL*.* >

< %systemroot%system32HelpFiles*.* >

< %systemroot%tasks*.* >
[2022/03/21 05:45:00 | 000,000,882 | —- | M] () — C:WindowstasksGoogleUpdateTaskMachineCore.job
[2022/03/21 16:45:00 | 000,000,886 | —- | M] () — C:WindowstasksGoogleUpdateTaskMachineUA.job
[2022/03/20 19:03:06 | 000,000,006 | -H– | M] () — C:WindowstasksSA.DAT
[2022/03/20 19:01:59 | 000,032,606 | —- | M] () — C:WindowstasksSCHEDLGU.TXT

< %systemroot%system32rundll*.* >

< %systemroot%winn32*.* >

< %systemroot%Java*.* >

< %systemroot%system32test*.* >

< %systemroot%system32Rundll32*.* >

< %systemroot%AppPatchCustom*.* >
Invalid Environment Variable: APPDATA

< %PROGRAMFILES%PC-DoctorDownloads*.* >

< %PROGRAMFILES%Internet Explorer*.tmp >

< %PROGRAMFILES%Internet Explorer*.dat >

< %USERPROFILE%My Documents*.exe >

< %USERPROFILE%*.exe >

< %systemroot%ADDINS*.* >

< %systemroot%assembly*.bak2 >

< %systemroot%Config*.* >

< %systemroot%REPAIR*.bak2 >

< %systemroot%SECURITYDatabase*.sdb /x >

< %systemroot%SYSTEM*.bak2 >

< %systemroot%Web*.bak2 >

< %systemroot%Driver Cache*.* >

< %PROGRAMFILES%Mozilla Firefox*.exe >

< %ProgramFiles%Microsoft Common*.* >

< %ProgramFiles%TinyProxy. >

< %USERPROFILE%Favorites*.url /x >
[2008/10/20 05:24:21 | 000,000,402 | -HS- | M] () — C:UsersKisakiFavoritesdesktop.ini

< %systemroot%system32*.bk >

< %systemroot%*.te >

< %systemroot%system32system32*.* >

< %ALLUSERSPROFILE%*.dat /x >
[2022/08/14 06:56:11 | 000,000,000 | -H– | M] () — C:ProgramDataLauncherAccess.dt
[2022/01/31 17:43:13 | 000,000,451 | —- | M] () — C:ProgramDataMicrosoft.SqlServer.Compact.400.32.bc
[2022/03/11 17:21:25 | 000,000,258 | RHS- | M] () — C:ProgramDatantuser.pol

< %systemroot%system32drivers*.rmv >

< dir /b “%systemroot%system32*.exe” | find /i ” ” /c >

< dir /b “%systemroot%*.exe” | find /i ” ” /c >

< %PROGRAMFILES%Microsoft*.* >

< %systemroot%System32Wbemproquota.exe >

< %PROGRAMFILES%Mozilla Firefox*.dat >

< %USERPROFILE%Cookies*.txt /x >

< %SystemRoot%system32fonts*.* >

< %systemroot%system32winlog*.* >

< %systemroot%system32Language*.* >

< %systemroot%system32Settings*.* >

< %systemroot%system32*.quo >

< %SYSTEMROOT%AppPatch*.exe >

< %SYSTEMROOT%inf*.exe >

< %SYSTEMROOT%Installer*.exe >

< %systemroot%system32config*.bak2 >

< %systemroot%system32Computers*.* >

< %SystemRoot%system32Sound*.* >

< %SystemRoot%system32SpecialImg*.* >

< %SystemRoot%system32code*.* >

< %SystemRoot%system32draft*.* >

< %SystemRoot%system32MSSSys*.* >

< %ProgramFiles%Javascript*.* >

< %systemroot%pchealthhelpctrSystem*.exe /s >

< %systemroot%Web*.exe >

< %systemroot%system32msn*.* >

< %systemroot%system32*.tro >
Invalid Environment Variable: AppData

< %ProgramFiles%Messenger*.* >

< %systemroot%system32systhem32*.* >

< %systemroot%system*.exe >

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdate Auto UpdateResultsInstall|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream – 125 bytes -> C:ProgramDataTEMP:5C321E34

< End of report >

Как работает служба регистрации и отчеты об ошибках

Всем пользователям знакома ситуация, когда приложение Windows завершается некорректно и выдает диалоговое окно с уведомлением. Из этой познавательной статьи Вы узнаете что это такое, где хранятся файлы и как она работает вообще.

С Windows Vista вместо старого «инструмента анализа системных сбоев или аварий» пришла новая Windows Error Reporting (WER) – Служба регистрации ошибок Windows (другие названия – Отчеты о проблемах и их решениях, Отчеты о проблемах и решения).

Эта служба представляет собой набор файлов, которые расположены в системной папке WindowsSystem32 . Список файлов и их назначение представлены под спойлером:

  • wer.dll (Библиотека сообщений об ошибках Windows);
  • wercon.exe (Отчеты о проблемах и их решениях);
  • wercplsupport.dll (Отчеты о проблемах и их решениях);
  • werdiagcontroller.dll (WER Diagnostic Controller);
  • WerFault.exe (Отчет об ошибках Windows);
  • WerFaultSecure.exe (Отчеты об ошибках Windows);
  • wermgr.exe (Windows Problem Reporting);
  • wersvc.dll (Служба регистрации ошибок Windows);
  • wertargets.wtl.
  • Предположим, что у нас возникла ошибка в

    браузере

    Internet Explorer .

    Первым делом, при сбое, служба

    WER

    запускает (в сеансе ошибочного процесса) утилиту (

    WerFault.exe

    )

    передавая идентификатор (

    PID

    ) процесса, вызвавшего сбой, в командную строку

    WerFault

    :

    В это время показывается окно с сообщением об ошибке – «

    Прекращена работа {Название_программы}. При следующем подключении к Интернету Windows может провести поиск способа устранения этой ошибки

    »:

    Если нажать на

    Показать подробности проблемы

    , то раскроется список, содержащий сигнатуры самой проблемы:

    Эти сигнатуры никуда не удаляются и находятся в системных папках по пути

    UsersMasterAppDataLocalMicrosoftWindowsWERReportArchive
    каждый отчет сохраняется в новой (или существующей) папке Report******** (например, Report0b003f38), в файле Report.wer.

    Если зайти в этот каталог и просмотреть содержание, то можно увидеть следующее:

    Version=1
    EventType=APPCRASH
    EventTime=129234418886148269
    ReportType=2
    Consent=1
    Response.type=4
    Sig[0].Name=Имя приложения
    Sig[0].Value=iexplore.exe
    Sig[1].Name=Версия приложения
    Sig[1].Value=8.0.6001.18928
    Sig[2].Name=Штамп времени приложения
    Sig[2].Value=4bdfa327
    Sig[3].Name=Имя модуля с ошибкой
    Sig[3].Value=mshtml.dll
    Sig[4].Name=Версия модуля с ошибкой
    Sig[4].Value=8.0.6001.18928
    Sig[5].Name=Штамп времени модуля с ошибкой
    Sig[5].Value=4bdfb76d
    Sig[6].Name=Код исключения
    Sig[6].Value=c0000005
    Sig[7].Name=Смещение исключения
    Sig[7].Value=000da33f
    DynamicSig[1].Name=Версия ОС
    DynamicSig[1].Value=6.0.6002.2.2.0.768.3
    DynamicSig[2].Name=Код языка
    DynamicSig[2].Value=1049
    DynamicSig[22].Name=Дополнительные сведения 1
    DynamicSig[22].Value=fd00
    DynamicSig[23].Name=Дополнительные сведения 2
    DynamicSig[23].Value=ea6f5fe8924aaa756324d57f87834160
    DynamicSig[24].Name=Дополнительные сведения 3
    DynamicSig[24].Value=fd00
    DynamicSig[25].Name=Дополнительные сведения 4
    DynamicSig[25].Value=ea6f5fe8924aaa756324d57f87834160
    UI[2]=C:Program FilesInternet Exploreriexplore.exe
    UI[3]=Прекращена работа Internet Explorer
    UI[4]=Windows может провести поиск способа устранения этой ошибки в Интернете.
    UI[5]=Искать решение проблемы в Интернете и закрыть программу
    UI[6]=Проверить наличие способа исправления ошибки в Интернете позднее и закрыть программу
    UI[7]=Закрыть программу
    FriendlyEventName=Остановка работы
    ConsentKey=APPCRASH
    AppName=Internet Explorer
    AppPath=C:Program FilesInternet Exploreriexplore.exe

    Как запустить службу Отчеты о проблемах и их решениях
    Пуск –> Панель управления –> Отчеты о проблемах и их решениях

    На этом познавательная статья о регистрации и отчетах ошибок считается закрытой.

    Оставьте комментарий

    Adblock
    detector