Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running slow, pages loading slowly, wasnt like that before.


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,778 posts
  • MVP

You might try:

 

http://filehippo.com...dows_live_mail/

 

Do you use Choice Mail?

 

It also seems to have a problem.

 

How is it running otherwise?


  • 0

Advertisements


#17
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts

ron I already was able to download the file to reinstall the windows program, as a matter of fact I actually got it from the same location filehippo as you recommended as well as I also got a second copy of it from download.com.  getting the file isn't the problem, it just wont install as an error comes up.  ive attached a pic to show you the error.  apparently when I researched this issue online it says this program will not install anymore and the only ones who can use it are those who already have it on their system so it says if you like the program then don't delete it because once you do its gone for good.  i have a Norton ghost backup of my system from 2 days ago right before we started doing all of these repairs and i could revert my hard drive back to that day and that would give me my email program and all my emails back but unfortunately it would mean wiping out everything we've done the last 2 days and starting from scratch and I wouldn't want to do that unless it was the only way to get my emails back.  im hoping I can find a new email program to use that will allow me to export my old emails into it.  im looking into thunderbird or oeclassic email programs but I have to do more research on them.  for now ill just have to use my iphone to send/receive mail as its set up to do that but it doesn't have my old emails.

 

as far as choicemail, its not actually an email program to send/receive email, its a spam filter program that blocks most of my spam based on my settings.  its like a go-through filter to my email program and I love it and ive used it for 5 years but I need an email program independent of that to actually send/receive email.

 

as far as how my computer is running now, its noticeably much better.  it seems to be faster and im not seeing that slowdown that I would see before so it seems like whatever you've done has fixed the problem.  but I don't know if im going to be able to get an email program that will allow me to import my old emails and if not then my only resort would be to use Norton ghost and revert my computer back to how it was 2 days ago before we did all this so my email program would be back.  if that had to be done, knowing what you know now about my system/problem would it be easier/faster for you to start over again in helping me fix this or is that not really an option?  I just don't know what do regarding my email as I have some very important stuff there that I do need.

 

ill wait for your reply, thank you.

Attached Thumbnails

  • windows mail.JPG

  • 0

#18
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
Ron, my worst nightmare has happened! Right now I'm sending this message through my iPhone. I couldn't get the new email programs to import my old emails so I decided to use Norton ghost and revert my computer back to two days ago since there is information in those emails as well as other places on my hard drive that was very important to me and unfortunately when I attempted to use norton ghost it did not work which is the first time it did not work ever. Then unfortunately my Computer was no longer booting up so I researched the error using my cell phone and it told me to get either a recovery disk or the original install disk and then either use that to repair my computer or since I also have a windows Full system image from a week ago also stored on my second hard drive (Yes I used 2 back ups, Norton ghost and windows back up and restore system image, just in case of an emergency) I could use that to recover my drive. Unfortunately neither of those disks are working even though they were supposed to because it keeps coming up that the version is not compatible with the version of windows I'm running. The only thing I can think of is those versions maybe service pack one where as my machine is now service pack three I believe. It looks like my last alternative is to go to my sisters house tomorrow as she has the exact same computer and specs as I do and I mean exactly since we bought two of the identical computers and from her house I can make a Windows recovery disk that should hopefully work on my system and allow me to boot up again. Do you think that's the best way to try to recover my hard drive? And sorry for this inconvenience.
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,778 posts
  • MVP

Worth a shot.  


  • 0

#20
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
Hi again Ron. After only three hours sleep and working on this computer for 15 hours and using my iPhone to access the Internet for research I was able to load a windows image from a few days ago and install that. That allowed me to get past not being able to boot up but the problem I'm having now is when I boot up after the blue welcome screen all I get is a black screen and I can't do anything. But I am able to boot up into safe mode with networking and everything with no issues. It's just not allowing me to boot up into the regular windows as it does make it to the welcome screen but then the next screen is simply a black screen and nothing is active. It took a long effort just to be able to get to this point and I'm wondering if you might know what is wrong now and since I do have access to safe mode with networking maybe there is something you could suggest? I tried using a recovery disk and using the repair of the computer option but that didn't help. Thank you.
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,778 posts
  • MVP

Search for

msconfig

hit Enter.

 

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot.   If it helps then go back and turn on 1/2 of the items each
time until you find the culprit.

  • 0

#22
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts

finally!  hi again ron.  after a few days of headaches and many many hours I finally got my system back up and running using the windows image from a few days before I started working with you.  the good news is my mail program is back and with that is all the important info I needed.  the bad news is all the work we did is gone.  it seems the bsod I was experiencing at bootup was a problem with my intel rapid storage technology feature that uses a 60gb ssd as a buffer for my most common used items at startup.  this is supposed to make my startup a bit faster but I can live without it so I uninstalled it and that solved my bootup bsod issues.  then I found out that it was malwarebytes that was causing my desktop to freeze when it loaded.  at first I put it to a delayed start and that allowed me to boot into my desktop but then when that delayed start took effect it froze me out again right when it happened.  so i disabled malwarebytes for now and im able to run everything normal again.  Im not sure why malwarebytes is causing that issue because its a legal malwarebytes version from years ago with a lifetime license and they don't sell those lifetime licenses anymore as now you have to pay year to year.  so I don't want to lose that but I can contact them later to resolve that issue.

 

so im hoping you can help me again resolve my slowness and clean up my system.  maybe now since you already know what we did before it hopefully would be easier for you to pinpoint what we should do now.  sorry about having to do this all over again but this time I know that I wont uninstall windows live essentials as that is indeed my email program.  thanks again ron and heres my 2 frst text files.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Eve8500 (administrator) on LUIS8500 (10-04-2017 01:20:01)
Running from C:\Users\Eve8500\Desktop
Loaded Profiles: Eve8500 (Available Profiles: Eve8500)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(DigiPortal Software, Inc) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMPreapproval.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\Run: [ChoiceMail] => C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe [7704576 2011-09-30] (DigiPortal Software, Inc.)
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearHistory.cmd [2009-05-06] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8289ACF-9ABC-4E4B-92F6-D56B847D48DF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> DefaultScope {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> {58CC1F7C-3B97-4FFD-85DA-ADB5A3B7339F} URL =
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-13] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-13] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB

FireFox:
========
FF ProfilePath: C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default [2013-08-20]
FF Extension: (Emulator) - C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default\Extensions\Navcore.8.010.9369@tomtom.com [2013-08-20] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2017-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll [2013-05-15] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-05-15] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2502943303-2344771959-3953300128-1004: etrade.com/ETProPlugin -> C:\Program Files (x86)\E-TRADE Pro\npetproplugin.dll [2015-12-21] (E*Trade Financial)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default [2017-04-10]
CHR Extension: (Google Docs) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (YouTube) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Google Search) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-05-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 AffinegyService; C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe [587120 2011-10-17] (Affinegy, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [204928 2012-12-27] (Atheros Commnucations) [File not signed]
R2 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-05-06] (Futuremark)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-23] (Nero AG)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-10-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-10-02] (Electronic Arts)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-07-08] ()
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1017832 2012-08-03] (Cyber Power Systems, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 svcChoiceMail; C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe [4308992 2011-09-30] (DigiPortal Software, Inc.) [File not signed]
R3 svcCMPreApproval; C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMPreapproval.exe [1687552 2011-09-30] (DigiPortal Software, Inc) [File not signed]
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{4DB90D5C-2D86-4014-9349-741A696FA2A7}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10733056 2012-02-23] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [328192 2012-02-22] (Advanced Micro Devices, Inc.) [File not signed]
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20170405.003\BHDrvx64.sys [1831064 2017-03-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-15] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-25] (Symantec Corporation)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-25] (Symantec Corporation)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20170408.001\IDSvia64.sys [1038024 2017-02-13] (Symantec Corporation)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-09] (Malwarebytes)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170409.001\ENG64.SYS [138912 2017-03-28] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170409.001\EX64.SYS [2151072 2017-03-28] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-05-31] ()
R3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2012-06-29] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-23] (Duplex Secure Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-05-28] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2014-08-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-28] ()
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
U3 aefdukkh; C:\Windows\System32\Drivers\aefdukkh.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
R3 ALSysIO; \??\C:\Users\Eve8500\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U2 ccEvtMgr; no ImagePath
U2 ccSetMgr; no ImagePath
S4 cpuz130; \??\C:\Users\Eve8500\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] <==== ATTENTION
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
U3 navapsvc; no ImagePath
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U3 SAVRT; no ImagePath
U1 SAVRTPEL; no ImagePath
U3 TlntSvr; no ImagePath
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-10 01:20 - 2017-04-10 01:21 - 00023912 _____ C:\Users\Eve8500\Desktop\FRST.txt
2017-04-10 01:19 - 2017-04-10 01:20 - 00000000 ____D C:\FRST
2017-04-10 01:18 - 2017-04-10 01:18 - 02424832 _____ (Farbar) C:\Users\Eve8500\Desktop\FRST64.exe
2017-04-10 00:39 - 2017-04-10 00:41 - 00000114 _____ C:\Users\Eve8500\Desktop\mon to do.txt
2017-04-10 00:37 - 2017-04-10 00:37 - 00000234 _____ C:\Users\Eve8500\Desktop\711 pub case.url
2017-04-10 00:36 - 2017-04-10 00:36 - 00000234 _____ C:\Users\Eve8500\Desktop\711 fire.url
2017-04-10 00:34 - 2017-04-10 00:34 - 00000227 _____ C:\Users\Eve8500\Desktop\j bag.url
2017-04-10 00:17 - 2017-04-10 00:17 - 00000371 _____ C:\Users\Eve8500\Desktop\geeks topic.url
2017-04-09 23:11 - 2017-04-09 23:11 - 00000000 ____D C:\Users\Eve8500\Intel
2017-04-06 21:17 - 2017-04-06 21:17 - 00000227 _____ C:\Users\Eve8500\Desktop\game x 2b.url
2017-04-05 11:44 - 2017-04-05 16:20 - 00000117 _____ C:\Users\Eve8500\Desktop\auc stuff.txt
2017-04-01 22:41 - 2017-04-02 19:17 - 00000238 _____ C:\Users\Eve8500\Desktop\DOOM Walkthrough.url
2017-03-29 12:25 - 2017-03-29 12:26 - 00000000 ____D C:\ares backups
2017-03-28 14:06 - 2017-03-28 14:06 - 00000222 _____ C:\Users\Eve8500\Desktop\Mafia III.url
2017-03-28 05:06 - 2017-04-09 23:42 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-28 05:06 - 2017-04-09 23:07 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-28 05:06 - 2017-04-09 23:01 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-28 05:06 - 2017-04-04 10:03 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-28 05:06 - 2017-04-04 09:02 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-28 05:06 - 2017-03-28 05:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-27 12:51 - 2017-03-27 13:15 - 00000000 ____D C:\Users\Eve8500\Desktop\walgreens
2017-03-25 08:42 - 2017-03-25 08:42 - 00001763 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\Program Files\iPod
2017-03-25 08:41 - 2017-03-25 08:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-25 01:40 - 2017-03-25 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-03-24 23:22 - 2017-03-24 23:22 - 00002052 _____ C:\Users\Eve8500\Desktop\Lego Batman.lnk
2017-03-24 23:15 - 2017-03-24 23:15 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Warner Bros. Interactive Entertainment
2017-03-24 19:14 - 2017-03-24 23:04 - 00000000 ____D C:\Program Files (x86)\Lego Batman 3 Beyond Gotham
2017-03-24 18:47 - 2017-03-24 18:47 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Marvel's Avengers.lnk
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Program Files (x86)\DXBall2
2017-03-24 02:23 - 2017-04-05 16:23 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Kodi
2017-03-24 02:23 - 2017-03-24 02:23 - 00001869 _____ C:\Users\Eve8500\Desktop\Kodi.lnk
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\LocalLow\Unity
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Unity
2017-03-15 19:33 - 2017-03-15 19:33 - 00000137 _____ C:\Users\Eve8500\Desktop\Rebate 1113851526128514.url
2017-03-15 09:12 - 2017-03-04 13:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 09:12 - 2017-03-04 12:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 09:12 - 2017-03-04 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 09:12 - 2017-03-04 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 09:12 - 2017-03-04 04:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 09:12 - 2017-03-04 04:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 09:12 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 09:12 - 2017-03-04 03:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 09:12 - 2017-03-04 03:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 09:12 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 09:12 - 2017-03-04 03:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 09:12 - 2017-03-04 03:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 09:12 - 2017-03-04 03:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 09:12 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 09:12 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 09:12 - 2017-03-04 03:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 09:12 - 2017-03-04 03:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 09:12 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 09:12 - 2017-03-04 03:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 09:12 - 2017-03-04 03:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 09:12 - 2017-03-04 03:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 09:12 - 2017-03-04 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 09:12 - 2017-03-04 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 09:12 - 2017-03-04 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 09:12 - 2017-03-04 02:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 09:12 - 2017-03-04 02:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 09:12 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 09:12 - 2017-03-04 02:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 09:12 - 2017-03-04 02:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 09:12 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 09:12 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 09:12 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 09:12 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 09:12 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 09:12 - 2017-03-02 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 09:12 - 2017-03-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 09:12 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 09:12 - 2017-03-02 14:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 09:12 - 2017-03-02 14:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 09:12 - 2017-03-02 14:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 09:12 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 09:12 - 2017-03-02 13:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 09:12 - 2017-03-02 13:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 09:12 - 2017-03-02 13:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 09:12 - 2017-03-02 13:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 09:12 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 09:12 - 2017-03-02 13:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 09:12 - 2017-03-02 13:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 09:12 - 2017-03-02 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 09:12 - 2017-03-02 13:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 09:12 - 2017-03-02 13:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 09:12 - 2017-03-02 13:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 09:12 - 2017-03-02 13:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 09:12 - 2017-03-02 13:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 09:12 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 09:12 - 2017-03-02 13:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 09:12 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 09:12 - 2017-03-02 13:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 09:12 - 2017-03-02 13:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 09:12 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 09:12 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 09:12 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 09:12 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 09:12 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 09:12 - 2017-02-09 12:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 09:12 - 2017-02-09 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 09:12 - 2017-02-09 12:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 09:12 - 2017-02-09 12:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 09:12 - 2017-02-09 12:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 09:12 - 2017-02-09 12:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 09:12 - 2017-02-09 12:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 09:12 - 2017-02-09 12:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 09:12 - 2017-02-09 12:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 09:12 - 2017-02-09 12:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 09:12 - 2017-02-09 12:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 09:12 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 09:12 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 09:11 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 09:11 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 09:11 - 2017-02-10 12:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 09:11 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 09:11 - 2017-02-10 12:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 09:11 - 2017-02-09 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 09:11 - 2017-02-09 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 09:11 - 2017-02-09 12:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 09:11 - 2017-02-09 12:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 09:11 - 2017-02-09 12:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 09:11 - 2017-02-09 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 09:11 - 2017-02-09 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 09:11 - 2017-02-09 11:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 09:11 - 2017-02-09 11:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 09:11 - 2017-02-09 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 09:11 - 2017-02-09 11:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 09:11 - 2017-02-09 11:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 09:11 - 2017-02-09 11:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 09:11 - 2017-02-09 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 09:11 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 09:11 - 2017-02-09 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 09:11 - 2017-02-09 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 09:11 - 2017-02-09 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 09:11 - 2017-02-09 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 09:11 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 09:11 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 09:11 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 09:11 - 2017-01-06 14:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 09:11 - 2017-01-06 13:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 09:07 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 09:07 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-11 13:32 - 2017-03-12 11:58 - 00000276 _____ C:\Users\Eve8500\Desktop\pop pens.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-10 02:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Msdtc
2017-04-10 01:09 - 2009-07-14 00:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-10 01:09 - 2009-07-14 00:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-10 01:06 - 2009-07-14 01:13 - 00784366 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-10 01:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-10 01:03 - 2015-07-31 06:51 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-04-10 01:02 - 2016-09-04 12:46 - 00000000 ____D C:\Users\Eve8500\Desktop\dd pics
2017-04-10 01:00 - 2012-12-03 02:59 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2017-04-10 01:00 - 2012-09-25 03:18 - 00000000 ____D C:\ProgramData\Temp
2017-04-10 00:59 - 2013-03-16 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-10 00:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-10 00:57 - 2016-08-07 09:45 - 00003026 _____ C:\Windows\System32\Tasks\EVGAPrecision
2017-04-10 00:56 - 2016-11-08 22:23 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\DesktopOK
2017-04-10 00:48 - 2013-03-03 18:41 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\TeamViewer
2017-04-10 00:48 - 2012-12-19 20:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-10 00:48 - 2012-11-19 13:04 - 00000000 ____D C:\Users\Eve8500\AppData\Local\CrashDumps
2017-04-10 00:48 - 2012-10-23 12:56 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\DAEMON Tools Lite
2017-04-10 00:48 - 2012-10-18 19:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\uTorrent
2017-04-10 00:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\ModemLogs
2017-04-10 00:43 - 2013-03-15 23:34 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-04-10 00:09 - 2015-08-24 23:44 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-09 23:42 - 2014-10-14 03:06 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-09 23:11 - 2012-10-15 17:32 - 00000000 ____D C:\Users\Eve8500
2017-04-05 20:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Registration
2017-04-05 19:02 - 2012-11-30 22:44 - 00000000 ____D C:\Lou Saved Files
2017-04-05 18:55 - 2012-10-23 15:15 - 00000000 ____D C:\DivXtoDvdMovies
2017-04-05 18:52 - 2012-12-01 00:50 - 00000000 ____D C:\Users\Eve8500\Downloads\exercise vids
2017-04-05 18:48 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-05 16:32 - 2014-08-09 17:34 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 12:31 - 2016-08-10 02:13 - 00004096 ___SH C:\VSNAP.IDX
2017-04-05 11:00 - 2012-10-18 18:59 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\vlc
2017-04-04 10:22 - 2015-08-01 12:14 - 00001068 _____ C:\Users\Eve8500\Desktop\returns.txt
2017-04-01 17:01 - 2012-12-01 00:33 - 00000000 ____D C:\LTemp On Desktop
2017-04-01 16:27 - 2012-10-18 19:06 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X
2017-04-01 04:45 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Garmin
2017-04-01 04:43 - 2013-10-30 02:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 03:57 - 2013-09-02 14:19 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-04-01 03:56 - 2014-10-20 18:18 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-04-01 03:56 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-03-31 12:44 - 2012-12-01 00:58 - 00000000 ____D C:\Pics
2017-03-30 10:49 - 2012-10-18 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware And Cleanup
2017-03-28 14:41 - 2015-01-12 14:10 - 00000000 ____D C:\Users\Eve8500\AppData\Local\LumaEmu_SteamCloud
2017-03-28 14:06 - 2015-02-14 10:46 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-03-28 09:13 - 2016-10-07 00:53 - 00000000 ____D C:\Users\Eve8500\AppData\Local\2K Games
2017-03-28 05:54 - 2013-03-03 05:32 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-28 05:06 - 2014-10-14 03:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-27 14:03 - 2012-11-30 23:50 - 00000000 ____D C:\Lou Videos
2017-03-27 13:53 - 2015-12-04 20:21 - 00000000 ____D C:\Users\Eve8500\Desktop\pix
2017-03-27 13:40 - 2016-03-10 20:31 - 00000000 ____D C:\Users\Eve8500\Desktop\Team V copy
2017-03-25 08:42 - 2015-02-05 09:12 - 00000000 ____D C:\Program Files\iTunes
2017-03-25 08:41 - 2012-10-27 14:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-25 07:26 - 2016-10-12 22:12 - 00000000 ____D C:\Program Files (x86)\iMobie
2017-03-23 23:59 - 2012-09-25 03:21 - 00000000 ____D C:\ProgramData\Roxio
2017-03-23 20:26 - 2012-11-28 17:55 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Deployment
2017-03-15 21:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 09:39 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 09:39 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-15 09:39 - 2009-07-14 00:45 - 00546872 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 09:36 - 2014-12-10 05:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 09:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 09:18 - 2013-07-10 04:40 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 09:14 - 2012-10-15 19:48 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 09:13 - 2015-05-12 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-11 11:20 - 2009-07-14 01:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2012-10-27 02:17 - 2012-10-27 02:17 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-08-12 17:39 - 2013-08-12 17:39 - 0031744 ___SH () C:\Users\Eve8500\AppData\Roaming\Thumbs.db
2012-10-23 15:14 - 2016-01-10 16:17 - 0001057 _____ () C:\Users\Eve8500\AppData\Roaming\vso_ts_preview.xml
2012-12-21 02:31 - 2012-12-21 08:51 - 0000000 _____ () C:\Users\Eve8500\AppData\Local\ars.cache
2012-12-21 02:32 - 2012-12-21 08:52 - 5238714 _____ () C:\Users\Eve8500\AppData\Local\census.cache
2012-12-21 01:21 - 2012-12-21 01:21 - 0000036 _____ () C:\Users\Eve8500\AppData\Local\housecall.guid.cache
2015-01-12 14:10 - 2015-01-12 14:10 - 0000000 ___SH () C:\Users\Eve8500\AppData\Local\LumaEmu
2012-11-01 16:56 - 2012-12-02 20:13 - 0007609 _____ () C:\Users\Eve8500\AppData\Local\Resmon.ResmonCfg
2016-11-15 01:19 - 2016-11-15 01:19 - 0000010 _____ () C:\Users\Eve8500\AppData\Local\sponge.last.runtime.cache
2015-04-05 07:12 - 2015-04-05 07:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-07 17:46 - 2015-11-13 21:32 - 0000736 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-03 10:38

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Eve8500 (10-04-2017 01:22:12)
Running from C:\Users\Eve8500\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-15 21:32:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2502943303-2344771959-3953300128-500 - Administrator - Disabled)
Eve8500 (S-1-5-21-2502943303-2344771959-3953300128-1004 - Administrator - Enabled) => C:\Users\Eve8500
Guest (S-1-5-21-2502943303-2344771959-3953300128-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2502943303-2344771959-3953300128-1015 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
AB Commander (HKLM\...\AB Commander) (Version: 9.8.1 - WinAbility® Software Corporation)
ACID Music Studio 9.0 (HKLM-x32\...\{78EB80B0-18A0-11E2-9761-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
Call of Duty Infinite Warfare (HKLM-x32\...\Call of Duty Infinite Warfare_is1) (Version: 1.0.0.1 - Activision Blizzard)
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Casper 8.0 (HKLM\...\{FB725A1C-D2D2-4414-B302-DD6B7AF6DA27}) (Version: 8.0.46120 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChoiceMail 2012 (HKLM-x32\...\ChoiceMail 2012) (Version: 4.2 - DigiPortal Software Inc)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
CyberPower PowerPanel Personal Edition 1.3.4 (HKLM-x32\...\{612DBD6B-D073-43A9-8A26-D89DDF835137}) (Version: 1.3.4 - Cyber Power Systems, Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DigiDo (HKLM-x32\...\DigiDo_is1) (Version:  - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DX-Ball 2 v1.25 (HKLM-x32\...\DX-Ball 2 v1.25) (Version:  - )
Elevated Installer (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
E-TRADE Pro 1.10 (HKLM-x32\...\4285-0367-3118-9779) (Version: 1.10 - E*TRADE Financial)
EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation)
F.E.A.R. 3 (HKLM-x32\...\F.E.A.R. 3_is1) (Version:  - )
FaxTools eXPert (HKLM-x32\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version:  - PolySoft Solutions)
Free Video Cutter version 1.2.1 (HKLM-x32\...\{B089C7D5-C978-4DB0-AFDE-471A42759CB0}_is1) (Version: 1.2.1 - Free Studio)
Freedom Art Collection (HKLM-x32\...\{54F073B8-7E88-45FE-9648-61F77EC02E0D}) (Version:  - )
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM-x32\...\{0DD83DE7-507E-44AE-BC2D-2FAAFA48CCA5}) (Version: 4.37.548.0 - Futuremark)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Hallmark Card Studio 2014 Deluxe (HKLM-x32\...\{B9FF36AF-29F6-47EC-BE07-D3FB2CA02531}) (Version: 15.0.0.10 - Creative Home)
Holiday Art Collection (HKLM-x32\...\{F68DF664-1C34-48B2-BE8D-AF26F6CFFE90}) (Version:  - )
Homefront: The Revolution (HKLM\...\Steam App 223100) (Version:  - Dambuster Studios)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.04.0 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Just Cause 3 (HKLM\...\Steam App 225540) (Version:  - Avalanche Studios)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Kodi (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\Kodi) (Version:  - XBMC-Foundation)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Lock my Folder (HKLM-x32\...\Lock my Folder) (Version:  - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\TWluZWNyYWZ0U3RvcnlNb2RlQVRlbGx0YWxlR2FtZXNTZXJpZXM=_is1) (Version: 1 - )
Minecraft: Story Mode (HKLM-x32\...\Minecraft: Story Mode_is1) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Nero 8 (HKLM-x32\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.293 - Nero AG)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
Print Artist 2003 (HKLM-x32\...\Print Artist 2003) (Version:  - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScummVM 1.8.1 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Video Download Capture version 4.8.6 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.6 - APOWERSOFT LIMITED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinAVI All in One Converter (HKLM-x32\...\WinAVI All in One Converter) (Version: 1.6.0.4147 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Xilisoft AVCHD Converter (HKLM-x32\...\Xilisoft AVCHD Converter) (Version: 7.6.0.20121027 - Xilisoft)
Xilisoft Blu-ray Creator 2 (HKLM-x32\...\Xilisoft Blu-ray Creator 2) (Version: 2.0.4.20120816 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.6.20150130 - Xilisoft)
Xilisoft Video Cutter 2 (HKLM-x32\...\Xilisoft Video Cutter 2) (Version: 2.2.0.20130109 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18479F21-34B0-4D30-A0DE-179F4BB5332E} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {216C9EC5-4E11-41D7-A03B-969804CCE42C} - System32\Tasks\Core Temp Autostart Eve8500 => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {2B52979F-FAB6-4E4F-BECB-B481D3B45991} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {3036EE56-7A2E-4F05-BFC1-EF48F6303142} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files (x86)\Future Systems Solutions\Casper 8.0\CASPER.EXE [2016-11-29] (Future Systems Solutions, Inc.)
Task: {40F50DA2-38C7-4BED-9A93-52D73EBF30CA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {46B61A5C-BA68-4B3D-A4B9-3098B585EA44} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {503A021C-CD36-4D6F-BF86-8B3B452DE9DA} - System32\Tasks\{247551DD-D264-463B-B18B-78028B70EB2E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall STANDARDR /dll OSETUP.DLL
Task: {5AD12929-5A18-4D95-8585-8EB6EE1A21EC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5AD578C7-C7F0-4167-BCF2-716FA905ABFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {63023130-12AA-4CDA-80D3-13FC0E889ED5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {6DD79418-02F6-4205-925C-82D6AB8E34C0} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe
Task: {7A43869A-143F-4D57-9D99-8DDF3D7967D1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7D437B7C-3B5D-498F-A5C0-09212610DEE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {81A18E3C-34DA-4439-9305-00A25967A7D4} - System32\Tasks\{A1571B6E-4F81-4EA0-B4BB-05CD7C3828CA} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {87EFF34E-E809-4B84-A7D4-5BB6F4AC01B7} - System32\Tasks\{DE166F3F-CFD9-4FA9-B774-6C8ABB4DD8FC} => pcalua.exe -a "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc"
Task: {8CB8A260-CE42-4A8B-8B74-13CBDB1D8D53} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2012-06-29] ()
Task: {90389D3E-59CE-47F7-A2C8-7AE589AEB79D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {91A8B0FD-0F81-460E-970D-9AE6B24C7CB0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {94451F48-1E78-4ED1-B7D9-FBE4960E59CE} - System32\Tasks\{4D2D5A50-639C-4F74-8FA4-2ABCFE5CC553} => pcalua.exe -a "C:\Lou Saved Files\spector\spector cd\spsetup.exe" -d "C:\Lou Saved Files\spector\spector cd"
Task: {9D86550E-E6BA-41AE-80D2-3006AC31B390} - System32\Tasks\{9A861C6E-26B5-4D69-A49C-AEDDB201C831} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {B5FA3DC1-3F54-4F60-8CF6-EA7541843EE4} - System32\Tasks\{6B5C90D5-8FC4-43D0-A1D5-C856BB328CB8} => pcalua.exe -a "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc"
Task: {B8D563BF-D02B-45EE-989C-3E3DDC15473E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C281C825-3642-423A-98C0-23A922B1FDB0} - System32\Tasks\MdmUpdateTaskMachineCore => "C:\Users\Eve8500\AppData\Roaming\Mozilla\Caches\mdm"  <==== ATTENTION
Task: {CD364311-6F99-4D1E-880D-08392AC50B11} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {D3318F6B-6C07-4494-9475-ABA5D07DEA41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-04] (Adobe Systems Incorporated)
Task: {EC5D8A48-A789-4DAB-86CC-B8A527E13E18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F9311ED2-67E1-4D48-A4AC-51D18F03E4E6} - System32\Tasks\{F4921858-36E5-49CD-98AE-5D768D586F60} => pcalua.exe -a C:\Users\Eve8500\Desktop\Symantec_Ghost_Solution_Suite_2.5.1_Trial_AllWin_EN.exe -d C:\Users\Eve8500\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-06-03 21:12 - 2016-12-29 08:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-29 16:41 - 2012-06-29 16:41 - 00553800 _____ () C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
2012-10-23 12:48 - 2012-10-14 21:21 - 00854480 _____ () C:\Program Files\Core Temp\Core Temp.exe
2012-10-23 12:28 - 2010-04-29 16:40 - 00013312 _____ () C:\Program Files (x86)\Unlocker Beta64\unlockercom.dll
2012-06-30 00:18 - 2012-06-30 00:18 - 00061440 _____ () C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
2012-06-30 00:17 - 2012-06-30 00:17 - 00061440 _____ () C:\Program Files (x86)\EVGA Precision X\RTFC.dll
2012-06-30 00:17 - 2012-06-30 00:17 - 00225280 _____ () C:\Program Files (x86)\EVGA Precision X\RTCore.dll
2012-06-30 00:17 - 2012-06-30 00:17 - 00147456 _____ () C:\Program Files (x86)\EVGA Precision X\RTUI.dll
2012-06-30 00:18 - 2012-06-30 00:18 - 00335872 _____ () C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
2011-05-01 02:04 - 2011-05-01 02:04 - 00013312 _____ () C:\Program Files (x86)\EVGA Precision X\RTTSH.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-11-16 15:09 - 2000-06-24 15:29 - 00655360 _____ () C:\Program Files (x86)\DigiPortal Software\ChoiceMail\libeay32.dll
2012-11-16 15:09 - 2000-06-24 15:29 - 00151552 _____ () C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ssleay32.dll
2011-11-23 22:21 - 2011-11-23 22:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [120]
AlternateDataStreams: C:\ProgramData\Temp:285774C5 [406]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:9638A27E [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-10 01:00 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: IAStorDataMgrSvc => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk => C:\Windows\pss\Amazon Unbox.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GUIStartLoad.lnk => C:\Windows\pss\GUIStartLoad.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^stop acronis.bat => C:\Windows\pss\stop acronis.bat.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2014 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
MSCONFIG\startupreg: Avanquest Message => "C:\Users\Eve8500\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Bomgar_Cleanup_ZD6834250912113 => cmd.exe /C rd /S /Q "C:\ProgramData\apple-scc-0000000052EED2B9" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6834250912113 /f
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Eve8500\AppData\Local\Apps\2.0\XWW6Y31P.2B0\H08492A2.9KP\dell..tion_6d0a76327dca4869_0007.0009_d84bde3ab35e468d\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DigiDo => "C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe" startup
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: EPSON Artisan 710 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSA.EXE /FU "C:\Windows\TEMP\E_S4BDF.tmp" /EF "HKCU"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: PowerPanel Personal Edition User Interaction => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SearchProtection => "C:\Users\Eve8500\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Shwicon9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
MSCONFIG\startupreg: SilentCleanService => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{224524EB-DD62-4DCA-911E-3BAD76564CC3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{30490BD4-CBD1-40A1-B080-265B8B3C4BC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{E010AAC5-77CD-42E8-A42F-42B0994257BE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E7259E1A-660B-4D32-A82D-9EC01E7A9814}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{06F062DD-544A-4DDC-8883-84CB35BC19B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A8D13D08-4406-4478-A496-C8AB23FBC881}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{AE91C3DB-D9FA-4063-89B4-A853D8529907}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{1BD037D3-33CB-414E-A5FA-B185548DF536}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{536C40D3-69A8-4275-90AF-5CBA7831ACEA}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{CF1E5C21-7E0D-42E7-BF07-FB698A557D64}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{96440FD7-9C51-4B2D-ADB6-EF46FA821296}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9C1F7D33-7501-4D68-8B6C-DD0D3D168BBD}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8C49FC6-015F-44C4-A388-CC0AFC88F43B}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A501BB9A-10DF-447D-BDA1-BF718D5085D4}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{988C3580-7974-417B-96DE-4A62815384F8}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9DB993CF-BEAA-4886-A634-6F3EEE8F44A0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{69E6FF20-4C3A-4FF2-AF04-BEB246DB221D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{061086B3-DF61-465C-8F9F-FC3157F6D3A9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{B6228782-9CFC-4725-94DB-F607FE6D5F27}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{BBB77E1C-96DC-4ACE-BF69-F85F01454774}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{07CE74A4-77A0-4A76-A006-4E39B734B73A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{B12E0005-906A-4DD8-AB11-B1B09BA4014A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{DA053DAA-4ADD-4C9C-9120-536F3920BBD9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{E211E2D3-FF19-45A2-954F-ED015C098D49}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{6AC3FA5C-6768-4636-B8D0-B8D51E565ED4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{305623AD-2A8D-4AE0-BBF1-A9B2C59FFDE8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{556201C9-D3B0-4FDC-90C6-068B65110493}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{77BF4D0A-EB98-41D2-BF6A-01B356809FE8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{808A30FF-507B-4C3C-B113-8C5CD623D3A9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{012263C7-06BA-4AA1-84D1-A494EB158DD3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{EF0C58B6-1D34-4B16-B5E5-29E51B03A576}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{32404175-90B3-4B5E-B06D-13D3D911B105}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4048C59A-6267-4242-ADF3-75B4538AF5C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C8C65673-A930-41D2-B341-282CBE628988}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2D177758-97A7-4A19-B266-EECD54F387ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0D65720C-CD18-430B-BB4E-4377D32E6BDA}] => (Allow) LPort=3659
FirewallRules: [{9489C8F2-A1C9-4BB5-A133-82E361B1DE3C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1FA86863-BDD2-4D9C-99B3-ACAAF30B6757}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E79BA2B1-6898-488D-8AA1-98074BE4CF98}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3875DFEA-2F33-44A8-9371-CFC4E3782435}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F17696B2-02D6-4C38-B693-1BF4A653AF6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Homefront_The_Revolution\Bin64\homefront2_release.exe
FirewallRules: [{00AD95AC-E985-4AF0-A895-EFBCDA1E0B96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Homefront_The_Revolution\Bin64\homefront2_release.exe
FirewallRules: [{470B68B4-D290-4FD7-A9DA-6E8E4BDEA721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{0A86C037-CBC4-4717-846D-CC2003270874}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{51EBA168-F137-4C3E-8FF9-0F0DDEE825B0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{91F7C070-D7BB-46D9-8C52-A222E044DC18}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3A76DE3C-9F89-4271-9550-16D078BABB36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{51A56239-F04D-43D9-B40F-3E4E5C8354B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{C6CD041B-F07D-47C3-BB3C-6B7F0051C922}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
FirewallRules: [{9AD61C5F-393B-42FE-B548-B5FFC863C100}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
FirewallRules: [{3E0897FA-F0A1-4343-8FED-7B68075639D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C0BAA36C-15E7-4B7D-B5A3-5D79C196A321}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{94CD8D0F-DB38-43B8-AC14-403105F462C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{60FB0E86-68EF-4931-B5BF-5900204A1BE9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B226D316-8BBA-4987-B885-3255361D479F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AC0D83B8-CEA9-4EE2-9317-E504893ADB6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B76D5835-2C50-4752-B2EF-E31562028BD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D34A3A7E-D05E-4783-A39B-5E167899CB48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5AF09DC5-2BE4-4730-A75F-8F027E9F519F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C43456A7-CF6D-48E5-B497-5FC6DE8AE086}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2017 01:01:14 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2017 01:01:14 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2017 01:01:14 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2017 01:01:14 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/10/2017 01:01:13 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2017 01:01:13 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/10/2017 01:01:13 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2017 01:01:13 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2017 01:01:13 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (04/10/2017 01:01:13 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (4832) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0004D.log.

System errors:
=============
Error: (04/10/2017 01:12:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/10/2017 01:12:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/10/2017 01:01:59 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/10/2017 01:01:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {7D1933CB-86F6-4A98-8628-01BE94C9A575} did not register with DCOM within the required timeout.

Error: (04/10/2017 01:01:28 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/10/2017 01:01:28 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/10/2017 01:01:28 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/10/2017 01:01:28 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/10/2017 01:01:27 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/10/2017 01:01:27 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 16344.93 MB
Available physical RAM: 12994.5 MB
Total Virtual: 32688.04 MB
Available Virtual: 29163.98 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:1849.34 GB) (Free:523.88 GB) NTFS
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.33 GB) (Free:0 GB) UDF
Drive f: (Local Disk) (Fixed) (Total:5588.9 GB) (Free:2366.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6E9B76CD)
Partition 1: (Not Active) - (Size=1849.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: B825CF03)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 5589 GB) (Disk ID: 00068DDD)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#23
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts

bump

 

I just wanted to add that Norton flagged the freemake video converter software so I uninstalled it.  that software was a few years old.  I then went to their website freemake.com and reinstalled their new version today and on their website it says their software is sometimes flagged by antivirus programs but its a false positive.  when I did reinstall their new software Norton did pop up again with their "reputation" warning which is a generic warning and is indeed a false positive most of the time so I left the software installed and marked it as "ignore" by Norton.  I just wanted to pass this info on to you but if down the road you still want me to uninstall it I will.  on the last cleanup I remember you did have me uninstall it but like I said above im hoping this newly installed version passes your test.  thank you and ill wait for your reply.


Edited by louuu, 10 April 2017 - 05:53 AM.

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,778 posts
  • MVP

As you now know, MS no longer supports Windows Live so you really should look into getting a new email program.  (And exporting your emails to a backup).

 

What is ChoiceMail 2012?  Do you need it?

 

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

  • 0

#25
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts

i know windows live mail is now unsupported and no longer available but I love the simplicity of its interface and rather keep it instead of using something else.  its never caused me any problems/issues and all the other email programs ive tried to use are more complicated and don't have the same user friendly interface.  there is one and I don't remember the name of it that basically looks exactly like windows live mail that is now out for those who want a similar interface but its $29.99 a year so that's why I stay with my old reliable and don't want to uninstall it unless one day I have no choice.

 

choice mail 2012 is not an email program, it filters my email for spam according to my settings and ive actually used that program for over 10 years and love it.  its very effective and I basically don't get any spam although I can check my spam folder periodically to make sure nothing has slipped through.  its been very reliable for me and has never caused me any issues.

 

let me get to work on doing the things you asked and ill shortly post my results.  thanks again for all your good help ron. 


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,778 posts
  • MVP

ok


  • 0

#27
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts

the sfc  /scannow ran 100% with no errors.  the speccy file is attached as per your request instead of copy/paste.  heres the rest of the items you requested, thank you and ill wait for your reply.

 

 

process explorer text:

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 96.00 0 K 24 K 0   
procexp64.exe 1.12 38,048 K 59,184 K 2668 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 0.35 9,516 K 16,996 K 2212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.32 0 K 0 K n/a Hardware Interrupts and DPCs  
dwm.exe 0.27 45,020 K 33,196 K 2272 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.24 11,620 K 15,512 K 1780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.23 18,244 K 19,348 K 1376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 0.21 160 K 1,432 K 4   
lsass.exe 0.18 5,972 K 13,364 K 952 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.16 13,728 K 22,116 K 1092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
EVGAPrecision.exe 0.13 7,844 K 3,376 K 2908 EVGAPrecision  (Verified) EVGA
svchost.exe 0.13 18,452 K 21,284 K 5572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.12 22,476 K 26,156 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.11 37,228 K 56,124 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.08 3,468 K 9,872 K 844 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.07 46,672 K 70,512 K 2292 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.05 120,388 K 139,860 K 3336 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.05 2,952 K 6,748 K 6120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Core Temp.exe 0.04 13,388 K 2,536 K 2900 CPU temperature and system information utility  (No signature was present in the subject)
svchost.exe 0.03 7,448 K 11,700 K 772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
nis.exe 0.01 43,512 K 13,856 K 3084 Norton Internet Security Symantec Corporation (Verified) Symantec Corporation
iexplore.exe 0.01 32,408 K 57,540 K 4304 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
ChoiceMailClient.exe 0.01 16,704 K 16,068 K 2452  DigiPortal Software, Inc. (No signature was present in the subject) DigiPortal Software, Inc.
mdm.exe 0.01 2,380 K 5,748 K 3012 Machine Debug Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 0.01 203,320 K 212,544 K 1060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ADVWindowsClientService.exe 0.01 40,264 K 39,796 K 4176 Amazon Unbox Video Service Amazon.com (Certificate expired) Amazon.com
ppped.exe < 0.01 4,416 K 8,208 K 2808 PowerPanel Personal Edition Service Cyber Power Systems, Inc. (Verified) Cyber Power Systems
CMServer.exe < 0.01 22,028 K 21,244 K 3960  DigiPortal Software, Inc. (No signature was present in the subject) DigiPortal Software, Inc.
unchecky_bg.exe < 0.01 2,680 K 8,152 K 3704 Unchecky Background Process RaMMicHaeL (Verified) Reason Software Company Inc.
ProductUpdater.exe < 0.01 28,108 K 33,900 K 2512 ProductUpdater  (No signature was present in the subject)
csrss.exe < 0.01 2,964 K 5,532 K 736 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe < 0.01 7,420 K 13,256 K 1752 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,256 K 11,524 K 196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 15,872 K 7,152 K 4340 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
TeamViewer_Service.exe < 0.01 5,472 K 15,388 K 1300 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
AppleMobileDeviceService.exe < 0.01 4,480 K 11,744 K 2024 MobileDeviceService Apple Inc. (Verified) Apple Inc.
novacomd.exe < 0.01 2,632 K 5,636 K 3328 novacomd Application Palm (No signature was present in the subject) Palm
taskhost.exe < 0.01 25,152 K 23,940 K 2036 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
nis.exe < 0.01 45,332 K 10,360 K 4084 Norton Internet Security Symantec Corporation (Verified) Symantec Corporation
SearchIndexer.exe < 0.01 25,464 K 17,124 K 4980 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
CMPreapproval.exe < 0.01 7,032 K 10,972 K 5260  DigiPortal Software, Inc (No signature was present in the subject) DigiPortal Software, Inc
nvxdsync.exe < 0.01 11,564 K 24,256 K 3428 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
ChoiceMailClient.exe < 0.01 6,356 K 2,796 K 2424  DigiPortal Software, Inc. (No signature was present in the subject) DigiPortal Software, Inc.
CMServer.exe < 0.01 4,892 K 1,288 K 3752  DigiPortal Software, Inc. (No signature was present in the subject) DigiPortal Software, Inc.
unchecky_svc.exe < 0.01 1,732 K 5,144 K 1144 Unchecky Service RaMMicHaeL (Verified) Reason Software Company Inc.
WUDFHost.exe  2,728 K 7,128 K 4288 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  3,484 K 7,584 K 5288 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe  2,856 K 6,464 K 1608 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  4,236 K 8,760 K 916 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  2,088 K 5,200 K 828 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
VProTray.exe  13,136 K 22,956 K 2504 Tray Application Symantec Corporation (Verified) Symantec Corporation
VProSvc.exe  43,584 K 6,300 K 3124 Service Module Symantec Corporation (Verified) Symantec Corporation
UMVPFSrv.exe  1,304 K 4,344 K 1196 Logitech User mode UMVPF service Logitech Inc. (Verified) Logitech
taskeng.exe  3,272 K 7,252 K 2672 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SymSnapServicex64.exe  6,512 K 12,584 K 5140 Symantec Snapshot Service Symantec (Verified) Symantec Corporation
svchost.exe  3,176 K 6,556 K 1256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,276 K 5,508 K 5688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,556 K 3,480 K 2284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,488 K 6,352 K 3840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  6,688 K 12,536 K 2176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe  748 K 1,452 K 488 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe  7,764 K 11,744 K 944 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe  2,720 K 6,140 K 1332 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe  16,296 K 13,832 K 1356 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe  2,552 K 7,728 K 5536 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
NVDisplay.Container.exe  6,028 K 11,868 K 3352 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
NBService.exe  3,320 K 8,568 K 2968 Nero BackItUp Nero AG (Verified) Nero AG
MsSpellCheckingFacility.exe  3,744 K 9,148 K 2268 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe  2,948 K 6,628 K 1536 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe  3,064 K 4,976 K 964 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
IntuitUpdateService.exe  22,960 K 2,576 K 6076 Intuit Update Service Intuit Inc. (Verified) Intuit
conhost.exe  1,468 K 3,372 K 1620 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
CASPERSVCS.EXE  2,852 K 6,964 K 2052 Casper Utility and Support Services Future Systems Solutions, Inc. (Verified) Future Systems Solutions
Ath_WlanAgent.exe  1,400 K 4,288 K 4112 Atheros Coex Service Application Atheros (Certificate expired) Atheros
Ath_CoexAgent.exe  2,216 K 5,676 K 756 Atheros Coex Service Application Atheros (Certificate expired) Atheros
armsvc.exe  1,344 K 4,232 K 1908 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
agr64svc.exe  1,536 K 3,424 K 2000 LSI Soft Modem Call Progress Service LSI Corporation (Verified) LSI Corporation
AffinegyService.exe  2,608 K 7,980 K 1976 AffinegyService Affinegy, Inc. (Verified) Affinegy
AERTSr64.exe  1,840 K 3,660 K 1952 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics
AdminService.exe  2,908 K 6,212 K 1328 AdminService Application Atheros Commnucations (Certificate expired) Atheros Commnucations

 

 

 

junk text:

 

Image Name                     PID Services                                   
========================= ======== ============================================
System Idle Process              0 N/A                                        
System                           4 N/A                                        
smss.exe                       488 N/A                                        
csrss.exe                      736 N/A                                        
wininit.exe                    828 N/A                                        
csrss.exe                      844 N/A                                        
winlogon.exe                   916 N/A                                        
services.exe                   944 N/A                                        
lsass.exe                      952 KeyIso, SamSs                              
lsm.exe                        964 N/A                                        
svchost.exe                    196 DcomLaunch, PlugPlay, Power                
svchost.exe                    772 RpcEptMapper, RpcSs                        
svchost.exe                   1028 AudioSrv, Dhcp, eventlog,                  
                                   HomeGroupProvider, lmhosts, wscsvc         
svchost.exe                   1060 AudioEndpointBuilder, hidserv,             
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, WdiSystemHost, Wlansvc,     
                                   WPDBusEnum, wudfsvc                        
svchost.exe                   1092 EventSystem, fdPHost, FontCache, netprofm, 
                                   nsi, SstpSvc, WdiServiceHost,              
                                   WinHttpAutoProxySvc                        
svchost.exe                   1116 AeLookupSvc, Appinfo, Browser, EapHost,    
                                   IKEEXT, iphlpsvc, LanmanServer, ProfSvc,   
                                   RasMan, Schedule, SENS, ShellHWDetection,  
                                   Themes, Winmgmt, wuauserv                  
UMVPFSrv.exe                  1196 UMVPFSrv                                   
svchost.exe                   1256 gpsvc                                      
RtkAudioService64.exe         1332 RtkAudioService                            
RAVBg64.exe                   1356 N/A                                        
svchost.exe                   1376 CryptSvc, Dnscache, LanmanWorkstation,     
                                   NlaSvc, TapiSrv                            
wlanext.exe                   1608 N/A                                        
conhost.exe                   1620 N/A                                        
spoolsv.exe                   1752 Spooler                                    
svchost.exe                   1780 BFE, DPS, MpsSvc                           
armsvc.exe                    1908 AdobeARMservice                            
AERTSr64.exe                  1952 AERTFilters                                
AffinegyService.exe           1976 AffinegyService                            
agr64svc.exe                  2000 AgereModemAudio                            
AppleMobileDeviceService.     2024 Apple Mobile Device Service                
AdminService.exe              1328 AtherosSvc                                 
mDNSResponder.exe             1536 Bonjour Service                            
taskhost.exe                  2036 N/A                                        
CASPERSVCS.EXE                2052 caspereui, casperhpb                       
svchost.exe                   2176 DiagTrack                                  
svchost.exe                   2212 FDResPub, SSDPSRV, upnphost, wcncsvc       
dwm.exe                       2272 N/A                                        
explorer.exe                  2292 N/A                                        
ChoiceMailClient.exe          2424 N/A                                        
ChoiceMailClient.exe          2452 N/A                                        
VProTray.exe                  2504 N/A                                        
ProductUpdater.exe            2512 N/A                                        
taskeng.exe                   2672 N/A                                        
Core Temp.exe                 2900 N/A                                        
EVGAPrecision.exe             2908 N/A                                        
mdm.exe                       3012 MDM                                        
NBService.exe                 2968 Nero BackItUp Scheduler 3                  
nis.exe                       3084 NIS                                        
VProSvc.exe                   3124 Norton Ghost                               
novacomd.exe                  3328 NovacomD                                   
NVDisplay.Container.exe       3352 NVDisplay.ContainerLocalSystem             
nvxdsync.exe                  3428 N/A                                        
nis.exe                       4084 N/A                                        
ppped.exe                     2808 ppped                                      
svchost.exe                   2284 RemoteRegistry                             
svchost.exe                   3840 stisvc                                     
CMServer.exe                  3752 N/A                                        
CMServer.exe                  3960 svcChoiceMail                              
TeamViewer_Service.exe        1300 TeamViewer                                 
unchecky_svc.exe              1144 Unchecky                                   
Ath_CoexAgent.exe              756 ZAtheros Bt and Wlan Coex Agent            
unchecky_bg.exe               3704 N/A                                        
Ath_WlanAgent.exe             4112 ZAtheros Wlan Agent                        
ADVWindowsClientService.e     4176 ADVService                                 
SearchIndexer.exe             4980 WSearch                                    
SymSnapServicex64.exe         5140 SymSnapService                             
svchost.exe                   5688 bthserv                                    
svchost.exe                   6120 PolicyAgent                                
wmpnetwk.exe                  4340 WMPNetworkSvc                              
svchost.exe                   5572 p2pimsvc, p2psvc, PNRPsvc                  
WUDFHost.exe                  4288 N/A                                        
IntuitUpdateService.exe       6076 IntuitUpdateServiceV4                      
CMPreapproval.exe             5260 svcCMPreApproval                           
iexplore.exe                  4304 N/A                                        
iexplore.exe                  3336 N/A                                        
MsSpellCheckingFacility.e     2268 N/A                                        
WmiPrvSE.exe                  5288 N/A                                        
SearchProtocolHost.exe         784 N/A                                        
SearchFilterHost.exe          5956 N/A                                        
dllhost.exe                   1960 N/A                                        
dllhost.exe                   2404 N/A                                        
cmd.exe                       2944 N/A                                        
conhost.exe                   4172 N/A                                        
tasklist.exe                  5016 N/A                                        
WmiPrvSE.exe                  5564 N/A                                        

 

 

vew system text:

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2017 8:55:28 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2017 12:44:38 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

Log: 'System' Date/Time: 10/04/2017 12:39:56 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

Log: 'System' Date/Time: 10/04/2017 12:39:55 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

Log: 'System' Date/Time: 10/04/2017 12:39:54 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

Log: 'System' Date/Time: 10/04/2017 12:39:51 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

Log: 'System' Date/Time: 10/04/2017 12:39:50 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 10/04/2017 12:39:50 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 10/04/2017 12:39:50 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 10/04/2017 12:39:40 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 10/04/2017 12:39:09 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Origin Web Helper Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 10/04/2017 12:39:09 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2017 12:39:48 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 10/04/2017 12:39:25 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service.  The Service Control Manager launched process 3888 and process 720 connected instead.    Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 10/04/2017 12:36:18 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/04/2017 12:36:18 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\athihvs.dll

 

 

view application text:

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2017 8:56:16 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2017 12:38:47 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5809d459 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620 Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0xa84 Faulting application start time: 0x01d2b1f7589e4a9b Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: a3c8163d-1dea-11e7-9ec4-e006e6a49d8c

Log: 'Application' Date/Time: 10/04/2017 12:38:31 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2017 12:36:05 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-2502943303-2344771959-3953300128-1004:

 

 

Attached Files


  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,778 posts
  • MVP

Seems to be the usual suspects:

 

Windows Update

 

Freemake

 

Origin

 

Start by uninstalling Origin.

 

Then 

 

Windows Repair all in one
 
 
Download it and save it then run it.
 
You can skip to step 4 or 5 where it gives you the same picture as in the above link.
 
Make sure these are checked before hitting Start:
 
 
Repair Hosts File
Remove Policies Set By Infections
 
Unhide Non System Files
Repair Windows Updates
 
Reboot when done and run VEW again as before.

  • 0

#29
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts

i went ahead and uninstalled origin as per your request.  I didn't do any uninstalling regarding your first 2 lines (windows update and freemake) because you didn't tell me too.  if you think keeping freemake is ok since I like to use it to flip my iphone videos I would prefer to keep it but if you feel it needs to be deleted then I will.  I then ran the windows repair all in one and rebooted and heres my new vew files.  thanks and ill wait for your reply.

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2017 11:40:47 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2017 3:36:16 PM
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 10/04/2017 3:36:15 PM
Type: Error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Log: 'Application' Date/Time: 10/04/2017 3:35:34 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5809d459 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620 Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0xad8 Faulting application start time: 0x01d2b21003dbc592 Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 55bf6ed9-1e03-11e7-9826-e006e6a49d8c

Log: 'Application' Date/Time: 10/04/2017 3:35:18 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

 

Log: 'Application' Date/Time: 10/04/2017 3:31:43 PM
Type: Error Category: 0
Event: 3009 Source: Microsoft-Windows-LoadPerf
Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 10/04/2017 3:31:43 PM
Type: Error Category: 0
Event: 3009 Source: Microsoft-Windows-LoadPerf
Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 10/04/2017 3:26:31 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVCLEAN.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 10/04/2017 3:26:31 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVCLEANALERT.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 10/04/2017 3:26:31 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVALERT.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 10/04/2017 3:26:31 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVSUMMARY.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 10/04/2017 3:26:30 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 10/04/2017 3:26:28 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 10/04/2017 2:09:42 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Log: 'Application' Date/Time: 10/04/2017 1:39:39 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Log: 'Application' Date/Time: 10/04/2017 12:38:47 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5809d459 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620 Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0xa84 Faulting application start time: 0x01d2b1f7589e4a9b Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: a3c8163d-1dea-11e7-9ec4-e006e6a49d8c

Log: 'Application' Date/Time: 10/04/2017 12:38:31 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2017 3:31:43 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET CLR Networking 4.0.0.0 service. Reinstall the performance counters manually using the LODCTR tool.

Log: 'Application' Date/Time: 10/04/2017 3:31:43 PM
Type: Warning Category: 0
Event: 2007 Source: Microsoft-Windows-LoadPerf
Cannot repair performance counters for .NET Data Provider for Oracle service. Reinstall the performance counters manually using the LODCTR tool.

Log: 'Application' Date/Time: 10/04/2017 3:27:07 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:27:07 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:58 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:58 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:58 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:58 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:56 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:55 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/04/2017 3:26:55 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2017 11:41:22 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2017 3:36:36 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:35 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:34 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:32 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:32 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:32 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:32 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:32 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:32 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:30 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

Log: 'System' Date/Time: 10/04/2017 3:36:15 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 10/04/2017 3:31:39 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 10/04/2017 1:26:02 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.

Log: 'System' Date/Time: 10/04/2017 1:26:02 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.

Log: 'System' Date/Time: 10/04/2017 1:06:04 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user LUIS8500\Eve8500 SID (S-1-5-21-2502943303-2344771959-3953300128-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 10/04/2017 1:06:04 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user LUIS8500\Eve8500 SID (S-1-5-21-2502943303-2344771959-3953300128-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 10/04/2017 1:06:04 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {B77C4C36-0154-4C52-AB49-FAA03837E47F}  and APPID  {EA022610-0748-4C24-B229-6C507EBDFDBB}  to the user LUIS8500\Eve8500 SID (S-1-5-21-2502943303-2344771959-3953300128-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 10/04/2017 12:44:38 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

Log: 'System' Date/Time: 10/04/2017 12:39:56 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

Log: 'System' Date/Time: 10/04/2017 12:39:55 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: 490@01010004

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2017 3:36:31 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 10/04/2017 3:35:44 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service.  The Service Control Manager launched process 3196 and process 3212 connected instead.    Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 10/04/2017 3:32:41 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/04/2017 3:32:41 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 10/04/2017 2:51:31 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name rs-rtb.groupon.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/04/2017 12:39:48 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 10/04/2017 12:39:25 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service.  The Service Control Manager launched process 3888 and process 720 connected instead.    Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 10/04/2017 12:36:18 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/04/2017 12:36:18 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\athihvs.dll


  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,778 posts
  • MVP

Freemake is still throwing errors.  Can't tell if it slows you down.

 

Did you run the All In One Repair?

 

Does Windows update work now?

 

 

Search for 

msconfig

hit enter.

 

Under Startup check

 DAEMON Tools Lite

OK

 

Do not reboot yet.

 

Uninstall Daemon Tools Lite

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP