Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer running slow, pages loading slowly, wasnt like that before.

Started by louuu , Apr 07 2017 09:18 AM

Please log in to reply

#46
RKinner

Posted 12 April 2017 - 08:28 PM

Malware Expert

Expert
24,624 posts

Let's see a new FRST scan with Addition.txt checked.

#47
louuu

Posted 12 April 2017 - 08:37 PM

Member

Topic Starter
Member
260 posts

ok, heres the frst scans you requested. also, I enabled garmin again because I went out for a run and had to download my run stats to my computer. the garmin service is on manual so once I close the program out its not running in the background, thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Eve8500 (administrator) on LUIS8500 (12-04-2017 22:30:00)
Running from C:\Users\Eve8500\Desktop
Loaded Profiles: Eve8500 (Available Profiles: Eve8500)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE
() C:\Program Files\Core Temp\Core Temp.exe
() C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
Failed to access process -> WUDFHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(DigiPortal Software, Inc) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMPreapproval.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\Run: [ChoiceMail] => C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe [7704576 2011-09-30] (DigiPortal Software, Inc.)
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearHistory.cmd [2009-05-06] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8289ACF-9ABC-4E4B-92F6-D56B847D48DF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> DefaultScope {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> {58CC1F7C-3B97-4FFD-85DA-ADB5A3B7339F} URL =
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-13] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-13] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB

FireFox:
========
FF ProfilePath: C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default [2013-08-20]
FF Extension: (Emulator) - C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default\Extensions\[email protected] [2013-08-20] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2017-04-12]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll [2013-05-15] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-05-15] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2502943303-2344771959-3953300128-1004: etrade.com/ETProPlugin -> C:\Program Files (x86)\E-TRADE Pro\npetproplugin.dll [2015-12-21] (E*Trade Financial)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default [2017-04-12]
CHR Extension: (Google Docs) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (YouTube) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Google Search) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-05-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 AffinegyService; C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe [587120 2011-10-17] (Affinegy, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [204928 2012-12-27] (Atheros Commnucations) [File not signed]
R2 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-05-06] (Futuremark)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-23] (Nero AG)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-07-08] ()
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1017832 2012-08-03] (Cyber Power Systems, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 svcChoiceMail; C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe [4308992 2011-09-30] (DigiPortal Software, Inc.) [File not signed]
R3 svcCMPreApproval; C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMPreapproval.exe [1687552 2011-09-30] (DigiPortal Software, Inc) [File not signed]
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
S4 Freemake Improver; "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [X]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{4DB90D5C-2D86-4014-9349-741A696FA2A7}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10733056 2012-02-23] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [328192 2012-02-22] (Advanced Micro Devices, Inc.) [File not signed]
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20170410.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-15] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497304 2017-04-10] (Symantec Corporation)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-25] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20170412.001\IDSvia64.sys [1038024 2017-02-13] (Symantec Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-11] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-11] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-11] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-11] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-11] (Malwarebytes)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170412.008\ENG64.SYS [138912 2017-04-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170412.008\EX64.SYS [2151072 2017-04-10] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-05-31] ()
R3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2012-06-29] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-23] (Duplex Secure Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-05-28] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2014-08-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-28] ()
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R3 ALSysIO; \??\C:\Users\Eve8500\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U2 ccEvtMgr; no ImagePath
U2 ccSetMgr; no ImagePath
S4 cpuz130; \??\C:\Users\Eve8500\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] <==== ATTENTION
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
U3 navapsvc; no ImagePath
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U3 SAVRT; no ImagePath
U1 SAVRTPEL; no ImagePath
U3 TlntSvr; no ImagePath
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-12 22:30 - 2017-04-12 22:31 - 00025236 _____ C:\Users\Eve8500\Desktop\FRST.txt
2017-04-12 21:00 - 2017-04-12 21:00 - 00000000 _____ C:\Users\Eve8500\Desktop\call optimum.txt
2017-04-12 13:49 - 2017-04-12 13:49 - 00003710 _____ C:\Users\Eve8500\Desktop\Hardware Interrupts and DPCs.txt
2017-04-12 12:52 - 2017-04-12 12:59 - 00000841 _____ C:\Users\Eve8500\Desktop\MTB3.txt
2017-04-12 07:04 - 2017-04-12 08:11 - 00000575 _____ C:\Users\Eve8500\Desktop\MTB 2.txt
2017-04-12 07:04 - 2017-04-12 07:05 - 00008289 _____ C:\Users\Eve8500\Desktop\MTB1.txt
2017-04-12 07:04 - 2017-04-12 07:04 - 00892416 _____ (Farbar) C:\Users\Eve8500\Desktop\minitoolbox.exe
2017-04-12 06:02 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 06:02 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 06:02 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 06:02 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 06:02 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 06:02 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 06:02 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 06:02 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 06:02 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 06:02 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 06:02 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 06:02 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 06:02 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 06:02 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 06:02 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 06:02 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 06:02 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 06:02 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 06:02 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 06:02 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 06:02 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 06:02 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 06:02 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 06:02 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 06:02 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 06:02 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 06:02 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 06:02 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 06:02 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 06:02 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 06:02 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 06:02 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 06:02 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 06:02 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 06:02 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 06:02 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 06:02 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 06:02 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 06:02 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 06:02 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 06:02 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 06:02 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 06:02 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 06:02 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 06:02 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 06:02 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 06:02 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 06:02 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 06:02 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 06:02 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 06:02 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 06:02 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 06:02 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 06:02 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 06:02 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 06:02 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 06:02 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 06:02 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 06:02 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 06:02 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 06:02 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 06:02 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 06:02 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 06:02 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 06:02 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 06:02 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 06:02 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 06:02 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 06:02 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 06:02 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 06:02 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 06:02 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 06:02 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 06:02 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 06:02 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 06:02 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 06:02 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 06:02 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 06:02 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 06:02 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 06:02 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 06:02 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 06:02 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 06:02 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 06:02 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 06:02 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 06:02 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 06:02 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 06:02 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 06:02 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 06:02 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 06:02 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 06:02 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 06:02 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 06:02 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 06:02 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 06:02 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 06:02 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 06:02 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 06:02 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 06:02 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 06:02 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 06:02 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 06:02 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 06:02 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 06:02 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 06:02 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 06:02 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 06:02 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 06:02 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 06:02 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 06:02 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 06:02 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 06:02 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 06:02 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 06:02 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 06:02 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 06:02 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 06:02 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 06:02 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 06:02 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 06:02 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 06:02 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 06:02 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 06:02 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 06:02 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 06:02 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 06:02 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 06:02 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 06:02 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 06:02 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 06:02 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 06:02 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 06:02 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 06:02 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 06:02 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 06:02 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 06:02 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 06:02 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 06:02 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 06:02 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 06:02 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 06:02 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 06:02 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 06:02 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 06:02 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 06:02 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-11 21:56 - 2017-04-11 21:56 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-11 21:56 - 2017-04-11 21:56 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-11 21:56 - 2017-04-11 21:56 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-11 21:56 - 2017-04-11 21:56 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-11 21:55 - 2017-04-11 21:55 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-11 21:55 - 2017-04-11 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-11 21:55 - 2017-04-11 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-11 21:55 - 2017-04-11 21:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-11 21:55 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-11 21:50 - 2017-04-11 21:50 - 00003338 _____ C:\Windows\System32\Tasks\mbclean
2017-04-11 20:05 - 2017-04-11 20:05 - 00000000 ____D C:\Users\Eve8500\Downloads\Previews
2017-04-11 17:37 - 2017-04-11 17:37 - 00000000 ____D C:\Program Files\Intel
2017-04-11 16:23 - 2017-04-11 21:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes
2017-04-11 16:06 - 2017-04-11 16:06 - 00000341 _____ C:\Users\Eve8500\Desktop\711 fire2.url
2017-04-11 00:20 - 2017-04-12 12:54 - 00000120 _____ C:\Users\Eve8500\Desktop\malwarebytes.txt
2017-04-11 00:18 - 2017-04-11 21:53 - 00000000 ____D C:\Users\Eve8500\Desktop\mal stuff
2017-04-10 23:51 - 2017-04-11 22:09 - 02571146 _____ C:\Windows\ntbtlog.txt
2017-04-10 21:48 - 2017-04-10 21:48 - 00000234 _____ C:\Users\Eve8500\Desktop\wd 4tb hd.url
2017-04-10 15:47 - 2017-04-10 15:47 - 00002509 _____ C:\Users\Eve8500\Desktop\VEW6.txt
2017-04-10 15:45 - 2017-04-10 15:46 - 00002509 _____ C:\VEW.txt
2017-04-10 15:45 - 2017-04-10 15:45 - 00003187 _____ C:\Users\Eve8500\Desktop\VEW5.txt
2017-04-10 11:41 - 2017-04-10 11:41 - 00015803 _____ C:\Users\Eve8500\Desktop\VEW3.txt
2017-04-10 11:41 - 2017-04-10 11:41 - 00007460 _____ C:\Users\Eve8500\Desktop\VEW4.txt
2017-04-10 11:30 - 2017-04-10 11:30 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2017-04-10 11:01 - 2017-04-10 11:31 - 00000000 ____D C:\Users\Eve8500\Desktop\4.10.2017_11.01.06-AM
2017-04-10 10:59 - 2017-04-10 10:59 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LUIS8500-Windows-7-Home-Premium-(64-bit).dat
2017-04-10 10:59 - 2017-04-10 10:59 - 00000000 ____D C:\RegBackup
2017-04-10 10:53 - 2017-04-10 10:53 - 00002173 _____ C:\Users\Eve8500\Desktop\Tweaking.com - Windows Repair.lnk
2017-04-10 10:53 - 2017-04-10 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-04-10 10:53 - 2017-04-10 10:53 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-04-10 10:52 - 2017-04-10 10:53 - 00190795 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-04-10 10:52 - 2017-04-10 10:52 - 32824320 _____ (Tweaking.com) C:\Users\Eve8500\Desktop\tweaking.com_windows_repair_aio_setup.exe
2017-04-10 08:56 - 2017-04-10 08:56 - 00002985 _____ C:\Users\Eve8500\Desktop\VEW2.txt
2017-04-10 08:55 - 2017-04-10 08:55 - 00003597 _____ C:\Users\Eve8500\Desktop\VEW1.txt
2017-04-10 08:54 - 2017-04-10 08:54 - 00061440 _____ ( ) C:\Users\Eve8500\Desktop\VEW.exe
2017-04-10 08:33 - 2017-04-10 08:34 - 00086852 _____ C:\Users\Eve8500\Desktop\speccy text.txt
2017-04-10 08:32 - 2017-04-11 16:06 - 00000850 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-04-10 08:32 - 2017-04-10 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-04-10 08:32 - 2017-04-10 08:32 - 00000000 ____D C:\Program Files\Speccy
2017-04-10 08:30 - 2017-04-10 08:30 - 06293184 _____ (Piriform Ltd) C:\Users\Eve8500\Desktop\spsetup130.exe
2017-04-10 08:28 - 2017-04-10 08:28 - 00007859 _____ C:\Users\Eve8500\Desktop\junk.txt
2017-04-10 08:27 - 2017-04-10 08:27 - 00009497 _____ C:\Users\Eve8500\Desktop\System Idle Process1.txt
2017-04-10 08:24 - 2017-04-10 08:24 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Eve8500\Desktop\procexp.exe
2017-04-10 01:22 - 2017-04-10 01:22 - 00053412 _____ C:\Users\Eve8500\Desktop\Addition1.txt
2017-04-10 01:20 - 2017-04-10 01:22 - 00064486 _____ C:\Users\Eve8500\Desktop\FRST1.txt
2017-04-10 01:19 - 2017-04-12 22:30 - 00000000 ____D C:\FRST
2017-04-10 01:18 - 2017-04-10 01:18 - 02424832 _____ (Farbar) C:\Users\Eve8500\Desktop\FRST64.exe
2017-04-10 00:34 - 2017-04-10 00:34 - 00000227 _____ C:\Users\Eve8500\Desktop\j bag.url
2017-04-10 00:17 - 2017-04-12 13:54 - 00000381 _____ C:\Users\Eve8500\Desktop\geeks topic.url
2017-04-09 23:11 - 2017-04-09 23:11 - 00000000 ____D C:\Users\Eve8500\Intel
2017-04-05 11:44 - 2017-04-10 13:13 - 00000144 _____ C:\Users\Eve8500\Desktop\auc stuff.txt
2017-04-01 22:41 - 2017-04-12 12:11 - 00000238 _____ C:\Users\Eve8500\Desktop\DOOM Walkthrough.url
2017-03-29 12:25 - 2017-03-29 12:26 - 00000000 ____D C:\ares backups
2017-03-28 14:06 - 2017-03-28 14:06 - 00000222 _____ C:\Users\Eve8500\Desktop\Mafia III.url
2017-03-27 12:51 - 2017-03-27 13:15 - 00000000 ____D C:\Users\Eve8500\Desktop\walgreens
2017-03-25 08:42 - 2017-03-25 08:42 - 00001763 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\Program Files\iPod
2017-03-25 08:41 - 2017-03-25 08:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-25 01:40 - 2017-03-25 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-03-24 23:22 - 2017-03-24 23:22 - 00002052 _____ C:\Users\Eve8500\Desktop\Lego Batman.lnk
2017-03-24 23:15 - 2017-03-24 23:15 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Warner Bros. Interactive Entertainment
2017-03-24 19:14 - 2017-03-24 23:04 - 00000000 ____D C:\Program Files (x86)\Lego Batman 3 Beyond Gotham
2017-03-24 18:47 - 2017-03-24 18:47 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Marvel's Avengers.lnk
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Program Files (x86)\DXBall2
2017-03-24 02:23 - 2017-04-12 14:49 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Kodi
2017-03-24 02:23 - 2017-03-24 02:23 - 00001869 _____ C:\Users\Eve8500\Desktop\Kodi.lnk
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\LocalLow\Unity
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Unity
2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2017-03-15 19:33 - 2017-03-15 19:33 - 00000137 _____ C:\Users\Eve8500\Desktop\Rebate 1113851526128514.url
2017-03-15 09:12 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 09:12 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 09:12 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 09:11 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 09:11 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 09:11 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 09:11 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 09:11 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 09:11 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 09:11 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 09:07 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 09:07 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-12 22:28 - 2012-09-25 03:18 - 00000000 ____D C:\ProgramData\Temp
2017-04-12 21:41 - 2015-07-31 06:51 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-04-12 21:32 - 2012-12-01 00:33 - 00000000 ____D C:\LTemp On Desktop
2017-04-12 20:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Registration
2017-04-12 20:00 - 2009-07-14 00:45 - 00027936 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-12 20:00 - 2009-07-14 00:45 - 00027936 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-12 19:59 - 2009-07-14 01:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-12 19:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-12 19:52 - 2013-03-16 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-12 19:52 - 2012-12-03 02:59 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2017-04-12 19:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-12 18:21 - 2016-08-10 02:13 - 00004096 ___SH C:\VSNAP.IDX
2017-04-12 18:21 - 2016-08-07 09:45 - 00003026 _____ C:\Windows\System32\Tasks\EVGAPrecision
2017-04-12 15:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-04-12 13:04 - 2012-10-18 19:06 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X
2017-04-12 12:10 - 2012-12-19 20:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-12 09:28 - 2017-03-11 13:32 - 00000377 _____ C:\Users\Eve8500\Desktop\pop pens.url
2017-04-12 07:22 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 07:22 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-12 07:22 - 2009-07-14 00:45 - 00546872 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 07:18 - 2015-05-12 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 07:17 - 2013-07-10 04:40 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 07:13 - 2012-10-15 19:48 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 06:04 - 2013-10-30 04:10 - 00750822 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-11 22:28 - 2015-08-01 12:14 - 00001288 _____ C:\Users\Eve8500\Desktop\returns.txt
2017-04-11 21:49 - 2012-11-19 13:04 - 00000000 ____D C:\Users\Eve8500\AppData\Local\CrashDumps
2017-04-11 21:09 - 2012-12-02 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-04-11 20:01 - 2016-11-08 22:23 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\DesktopOK
2017-04-11 19:37 - 2016-09-04 12:46 - 00000000 ____D C:\Users\Eve8500\Desktop\dd pics
2017-04-11 19:36 - 2012-10-18 18:59 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\vlc
2017-04-11 19:25 - 2012-10-18 19:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\uTorrent
2017-04-11 19:08 - 2012-12-01 00:58 - 00000000 ____D C:\Pics
2017-04-11 19:08 - 2012-10-18 19:02 - 00000875 _____ C:\Windows\ULead32.ini
2017-04-11 18:12 - 2012-11-30 22:44 - 00000000 ____D C:\Lou Saved Files
2017-04-11 17:46 - 2013-03-02 08:59 - 00004314 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 17:45 - 2014-08-15 19:29 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Adobe
2017-04-11 17:45 - 2012-10-15 23:00 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 17:45 - 2012-10-15 23:00 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 17:45 - 2012-10-15 23:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 17:45 - 2012-10-15 23:00 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-11 17:37 - 2016-10-25 03:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-04-11 17:34 - 2012-09-25 03:10 - 00000000 ____D C:\ProgramData\Dell
2017-04-11 13:54 - 2014-04-25 19:39 - 00000000 ____D C:\ProgramData\Freemake
2017-04-11 02:39 - 2014-01-20 10:38 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 02:38 - 2014-01-20 10:38 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 11:53 - 2012-10-15 17:33 - 00176400 _____ C:\Users\Eve8500\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-10 11:28 - 2012-12-01 00:56 - 00000000 ____D C:\Desktop Pics
2017-04-10 11:28 - 2012-12-01 00:50 - 00000000 ____D C:\Users\Eve8500\Downloads\exercise vids
2017-04-10 11:28 - 2009-07-13 22:34 - 00000546 _____ C:\Windows\win.ini
2017-04-10 10:46 - 2014-08-09 11:43 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Origin
2017-04-10 10:46 - 2014-08-09 11:43 - 00000000 ____D C:\ProgramData\Origin
2017-04-10 08:39 - 2009-07-13 22:34 - 00002024 _____ C:\Windows\system32\Drivers\etc\hosts_bak_502
2017-04-10 08:32 - 2015-08-26 06:36 - 00000000 ____D C:\ProgramData\Unchecky
2017-04-10 01:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Msdtc
2017-04-10 00:48 - 2013-03-03 18:41 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\TeamViewer
2017-04-10 00:48 - 2012-10-23 12:56 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\DAEMON Tools Lite
2017-04-10 00:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\ModemLogs
2017-04-10 00:43 - 2013-03-15 23:34 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-04-10 00:09 - 2015-08-24 23:44 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-09 23:11 - 2012-10-15 17:32 - 00000000 ____D C:\Users\Eve8500
2017-04-05 18:55 - 2012-10-23 15:15 - 00000000 ____D C:\DivXtoDvdMovies
2017-04-05 18:48 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-05 16:32 - 2014-08-09 17:34 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-01 04:45 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Garmin
2017-04-01 04:43 - 2013-10-30 02:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 03:57 - 2013-09-02 14:19 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-04-01 03:56 - 2014-10-20 18:18 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-04-01 03:56 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-03-30 10:49 - 2012-10-18 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware And Cleanup
2017-03-28 14:41 - 2015-01-12 14:10 - 00000000 ____D C:\Users\Eve8500\AppData\Local\LumaEmu_SteamCloud
2017-03-28 14:06 - 2015-02-14 10:46 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-03-28 09:13 - 2016-10-07 00:53 - 00000000 ____D C:\Users\Eve8500\AppData\Local\2K Games
2017-03-28 05:54 - 2013-03-03 05:32 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-27 14:03 - 2012-11-30 23:50 - 00000000 ____D C:\Lou Videos
2017-03-27 13:53 - 2015-12-04 20:21 - 00000000 ____D C:\Users\Eve8500\Desktop\pix
2017-03-27 13:40 - 2016-03-10 20:31 - 00000000 ____D C:\Users\Eve8500\Desktop\Team V copy
2017-03-25 08:42 - 2015-02-05 09:12 - 00000000 ____D C:\Program Files\iTunes
2017-03-25 08:41 - 2012-10-27 14:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-25 07:26 - 2016-10-12 22:12 - 00000000 ____D C:\Program Files (x86)\iMobie
2017-03-23 23:59 - 2012-09-25 03:21 - 00000000 ____D C:\ProgramData\Roxio
2017-03-23 20:26 - 2012-11-28 17:55 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Deployment
2017-03-15 09:36 - 2014-12-10 05:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 09:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker

==================== Files in the root of some directories =======

2012-10-27 02:17 - 2012-10-27 02:17 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2012-10-23 15:14 - 2016-01-10 16:17 - 0001057 _____ () C:\Users\Eve8500\AppData\Roaming\vso_ts_preview.xml
2012-12-21 02:31 - 2012-12-21 08:51 - 0000000 _____ () C:\Users\Eve8500\AppData\Local\ars.cache
2012-12-21 02:32 - 2012-12-21 08:52 - 5238714 _____ () C:\Users\Eve8500\AppData\Local\census.cache
2012-12-21 01:21 - 2012-12-21 01:21 - 0000036 _____ () C:\Users\Eve8500\AppData\Local\housecall.guid.cache
2015-01-12 14:10 - 2015-01-12 14:10 - 0000000 ___SH () C:\Users\Eve8500\AppData\Local\LumaEmu
2012-11-01 16:56 - 2012-12-02 20:13 - 0007609 _____ () C:\Users\Eve8500\AppData\Local\Resmon.ResmonCfg
2016-11-15 01:19 - 2016-11-15 01:19 - 0000010 _____ () C:\Users\Eve8500\AppData\Local\sponge.last.runtime.cache
2015-04-05 07:12 - 2015-04-05 07:12 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2014-08-07 17:46 - 2015-11-13 21:32 - 0000736 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
2017-04-11 21:08 - 2017-04-11 21:08 - 7178424 _____ (VS Revo Group ) C:\Users\Eve8500\AppData\Local\Temp\VSUSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-03 10:38

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Eve8500 (12-04-2017 22:31:08)
Running from C:\Users\Eve8500\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-15 21:32:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2502943303-2344771959-3953300128-500 - Administrator - Disabled)
Eve8500 (S-1-5-21-2502943303-2344771959-3953300128-1004 - Administrator - Enabled) => C:\Users\Eve8500
Guest (S-1-5-21-2502943303-2344771959-3953300128-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2502943303-2344771959-3953300128-1015 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
AB Commander (HKLM\...\AB Commander) (Version: 9.8.1 - WinAbility® Software Corporation)
ACID Music Studio 9.0 (HKLM-x32\...\{78EB80B0-18A0-11E2-9761-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
Call of Duty Infinite Warfare (HKLM-x32\...\Call of Duty Infinite Warfare_is1) (Version: 1.0.0.1 - Activision Blizzard)
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Casper 8.0 (HKLM\...\{FB725A1C-D2D2-4414-B302-DD6B7AF6DA27}) (Version: 8.0.46120 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChoiceMail 2012 (HKLM-x32\...\ChoiceMail 2012) (Version: 4.2 - DigiPortal Software Inc)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
CyberPower PowerPanel Personal Edition 1.3.4 (HKLM-x32\...\{612DBD6B-D073-43A9-8A26-D89DDF835137}) (Version: 1.3.4 - Cyber Power Systems, Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DigiDo (HKLM-x32\...\DigiDo_is1) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DX-Ball 2 v1.25 (HKLM-x32\...\DX-Ball 2 v1.25) (Version: - )
Elevated Installer (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
E-TRADE Pro 1.10 (HKLM-x32\...\4285-0367-3118-9779) (Version: 1.10 - E*TRADE Financial)
EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation)
F.E.A.R. 3 (HKLM-x32\...\F.E.A.R. 3_is1) (Version: - )
FaxTools eXPert (HKLM-x32\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Video Cutter version 1.2.1 (HKLM-x32\...\{B089C7D5-C978-4DB0-AFDE-471A42759CB0}_is1) (Version: 1.2.1 - Free Studio)
Freedom Art Collection (HKLM-x32\...\{54F073B8-7E88-45FE-9648-61F77EC02E0D}) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{0DD83DE7-507E-44AE-BC2D-2FAAFA48CCA5}) (Version: 4.37.548.0 - Futuremark)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Hallmark Card Studio 2014 Deluxe (HKLM-x32\...\{B9FF36AF-29F6-47EC-BE07-D3FB2CA02531}) (Version: 15.0.0.10 - Creative Home)
Holiday Art Collection (HKLM-x32\...\{F68DF664-1C34-48B2-BE8D-AF26F6CFFE90}) (Version: - )
Homefront: The Revolution (HKLM\...\Steam App 223100) (Version: - Dambuster Studios)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.04.0 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Just Cause 3 (HKLM\...\Steam App 225540) (Version: - Avalanche Studios)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Kodi (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\Kodi) (Version: - XBMC-Foundation)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Lock my Folder (HKLM-x32\...\Lock my Folder) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\TWluZWNyYWZ0U3RvcnlNb2RlQVRlbGx0YWxlR2FtZXNTZXJpZXM=_is1) (Version: 1 - )
Minecraft: Story Mode (HKLM-x32\...\Minecraft: Story Mode_is1) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Nero 8 (HKLM-x32\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.293 - Nero AG)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
Print Artist 2003 (HKLM-x32\...\Print Artist 2003) (Version: - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScummVM 1.8.1 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.27 - Tweaking.com)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Video Download Capture version 4.8.6 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.6 - APOWERSOFT LIMITED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinAVI All in One Converter (HKLM-x32\...\WinAVI All in One Converter) (Version: 1.6.0.4147 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Xilisoft AVCHD Converter (HKLM-x32\...\Xilisoft AVCHD Converter) (Version: 7.6.0.20121027 - Xilisoft)
Xilisoft Blu-ray Creator 2 (HKLM-x32\...\Xilisoft Blu-ray Creator 2) (Version: 2.0.4.20120816 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.6.20150130 - Xilisoft)
Xilisoft Video Cutter 2 (HKLM-x32\...\Xilisoft Video Cutter 2) (Version: 2.2.0.20130109 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17B64D42-8E81-4A6F-BEC7-3F44F525B9FF} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {18479F21-34B0-4D30-A0DE-179F4BB5332E} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {216C9EC5-4E11-41D7-A03B-969804CCE42C} - System32\Tasks\Core Temp Autostart Eve8500 => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {3036EE56-7A2E-4F05-BFC1-EF48F6303142} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files (x86)\Future Systems Solutions\Casper 8.0\CASPER.EXE [2016-11-29] (Future Systems Solutions, Inc.)
Task: {40F50DA2-38C7-4BED-9A93-52D73EBF30CA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {46B61A5C-BA68-4B3D-A4B9-3098B585EA44} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {503A021C-CD36-4D6F-BF86-8B3B452DE9DA} - System32\Tasks\{247551DD-D264-463B-B18B-78028B70EB2E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall STANDARDR /dll OSETUP.DLL
Task: {5AD12929-5A18-4D95-8585-8EB6EE1A21EC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5AD578C7-C7F0-4167-BCF2-716FA905ABFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {63023130-12AA-4CDA-80D3-13FC0E889ED5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {6AAE6552-5C19-4A48-B9E8-55772EE1A903} - System32\Tasks\mbclean => C:\Users\Eve8500\Desktop\mal
Task: {6DD79418-02F6-4205-925C-82D6AB8E34C0} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe
Task: {7A43869A-143F-4D57-9D99-8DDF3D7967D1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7D437B7C-3B5D-498F-A5C0-09212610DEE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {81A18E3C-34DA-4439-9305-00A25967A7D4} - System32\Tasks\{A1571B6E-4F81-4EA0-B4BB-05CD7C3828CA} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {87EFF34E-E809-4B84-A7D4-5BB6F4AC01B7} - System32\Tasks\{DE166F3F-CFD9-4FA9-B774-6C8ABB4DD8FC} => pcalua.exe -a "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc"
Task: {90389D3E-59CE-47F7-A2C8-7AE589AEB79D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {91A8B0FD-0F81-460E-970D-9AE6B24C7CB0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {94451F48-1E78-4ED1-B7D9-FBE4960E59CE} - System32\Tasks\{4D2D5A50-639C-4F74-8FA4-2ABCFE5CC553} => pcalua.exe -a "C:\Lou Saved Files\spector\spector cd\spsetup.exe" -d "C:\Lou Saved Files\spector\spector cd"
Task: {9D86550E-E6BA-41AE-80D2-3006AC31B390} - System32\Tasks\{9A861C6E-26B5-4D69-A49C-AEDDB201C831} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {A4E3F0AA-A6C6-4750-875B-B269D799A99B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {B5FA3DC1-3F54-4F60-8CF6-EA7541843EE4} - System32\Tasks\{6B5C90D5-8FC4-43D0-A1D5-C856BB328CB8} => pcalua.exe -a "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc"
Task: {B8D563BF-D02B-45EE-989C-3E3DDC15473E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C281C825-3642-423A-98C0-23A922B1FDB0} - System32\Tasks\MdmUpdateTaskMachineCore => "C:\Users\Eve8500\AppData\Roaming\Mozilla\Caches\mdm" <==== ATTENTION
Task: {C6FD3B01-2D18-4963-BA97-AF509D164795} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2012-06-29] ()
Task: {CD364311-6F99-4D1E-880D-08392AC50B11} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {D3318F6B-6C07-4494-9475-ABA5D07DEA41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {EC5D8A48-A789-4DAB-86CC-B8A527E13E18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F9311ED2-67E1-4D48-A4AC-51D18F03E4E6} - System32\Tasks\{F4921858-36E5-49CD-98AE-5D768D586F60} => pcalua.exe -a C:\Users\Eve8500\Desktop\Symantec_Ghost_Solution_Suite_2.5.1_Trial_AllWin_EN.exe -d C:\Users\Eve8500\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [120]
AlternateDataStreams: C:\ProgramData\Temp:285774C5 [202]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:9638A27E [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-12 19:52 - 00002053 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: IAStorDataMgrSvc => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk => C:\Windows\pss\Amazon Unbox.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GUIStartLoad.lnk => C:\Windows\pss\GUIStartLoad.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^stop acronis.bat => C:\Windows\pss\stop acronis.bat.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2014 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
MSCONFIG\startupreg: Avanquest Message => "C:\Users\Eve8500\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Bomgar_Cleanup_ZD6834250912113 => cmd.exe /C rd /S /Q "C:\ProgramData\apple-scc-0000000052EED2B9" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6834250912113 /f
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Eve8500\AppData\Local\Apps\2.0\XWW6Y31P.2B0\H08492A2.9KP\dell..tion_6d0a76327dca4869_0007.0009_d84bde3ab35e468d\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DigiDo => "C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe" startup
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: EPSON Artisan 710 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSA.EXE /FU "C:\Windows\TEMP\E_S4BDF.tmp" /EF "HKCU"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: PowerPanel Personal Edition User Interaction => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SearchProtection => "C:\Users\Eve8500\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Shwicon9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
MSCONFIG\startupreg: SilentCleanService => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{224524EB-DD62-4DCA-911E-3BAD76564CC3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{30490BD4-CBD1-40A1-B080-265B8B3C4BC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{E010AAC5-77CD-42E8-A42F-42B0994257BE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E7259E1A-660B-4D32-A82D-9EC01E7A9814}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{06F062DD-544A-4DDC-8883-84CB35BC19B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A8D13D08-4406-4478-A496-C8AB23FBC881}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{AE91C3DB-D9FA-4063-89B4-A853D8529907}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{1BD037D3-33CB-414E-A5FA-B185548DF536}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{536C40D3-69A8-4275-90AF-5CBA7831ACEA}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{CF1E5C21-7E0D-42E7-BF07-FB698A557D64}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{96440FD7-9C51-4B2D-ADB6-EF46FA821296}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9C1F7D33-7501-4D68-8B6C-DD0D3D168BBD}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8C49FC6-015F-44C4-A388-CC0AFC88F43B}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A501BB9A-10DF-447D-BDA1-BF718D5085D4}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{988C3580-7974-417B-96DE-4A62815384F8}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9DB993CF-BEAA-4886-A634-6F3EEE8F44A0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{69E6FF20-4C3A-4FF2-AF04-BEB246DB221D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{061086B3-DF61-465C-8F9F-FC3157F6D3A9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{B6228782-9CFC-4725-94DB-F607FE6D5F27}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{BBB77E1C-96DC-4ACE-BF69-F85F01454774}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{07CE74A4-77A0-4A76-A006-4E39B734B73A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{B12E0005-906A-4DD8-AB11-B1B09BA4014A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{DA053DAA-4ADD-4C9C-9120-536F3920BBD9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{E211E2D3-FF19-45A2-954F-ED015C098D49}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{6AC3FA5C-6768-4636-B8D0-B8D51E565ED4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{305623AD-2A8D-4AE0-BBF1-A9B2C59FFDE8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{556201C9-D3B0-4FDC-90C6-068B65110493}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{77BF4D0A-EB98-41D2-BF6A-01B356809FE8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{808A30FF-507B-4C3C-B113-8C5CD623D3A9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{012263C7-06BA-4AA1-84D1-A494EB158DD3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{EF0C58B6-1D34-4B16-B5E5-29E51B03A576}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{32404175-90B3-4B5E-B06D-13D3D911B105}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4048C59A-6267-4242-ADF3-75B4538AF5C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C8C65673-A930-41D2-B341-282CBE628988}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2D177758-97A7-4A19-B266-EECD54F387ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0D65720C-CD18-430B-BB4E-4377D32E6BDA}] => (Allow) LPort=3659
FirewallRules: [{9489C8F2-A1C9-4BB5-A133-82E361B1DE3C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1FA86863-BDD2-4D9C-99B3-ACAAF30B6757}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E79BA2B1-6898-488D-8AA1-98074BE4CF98}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3875DFEA-2F33-44A8-9371-CFC4E3782435}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F17696B2-02D6-4C38-B693-1BF4A653AF6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Homefront_The_Revolution\Bin64\homefront2_release.exe
FirewallRules: [{00AD95AC-E985-4AF0-A895-EFBCDA1E0B96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Homefront_The_Revolution\Bin64\homefront2_release.exe
FirewallRules: [{470B68B4-D290-4FD7-A9DA-6E8E4BDEA721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{0A86C037-CBC4-4717-846D-CC2003270874}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{51EBA168-F137-4C3E-8FF9-0F0DDEE825B0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{91F7C070-D7BB-46D9-8C52-A222E044DC18}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3A76DE3C-9F89-4271-9550-16D078BABB36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{51A56239-F04D-43D9-B40F-3E4E5C8354B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{C6CD041B-F07D-47C3-BB3C-6B7F0051C922}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
FirewallRules: [{9AD61C5F-393B-42FE-B548-B5FFC863C100}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
FirewallRules: [{3E0897FA-F0A1-4343-8FED-7B68075639D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C0BAA36C-15E7-4B7D-B5A3-5D79C196A321}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{94CD8D0F-DB38-43B8-AC14-403105F462C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{60FB0E86-68EF-4931-B5BF-5900204A1BE9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B226D316-8BBA-4987-B885-3255361D479F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AC0D83B8-CEA9-4EE2-9317-E504893ADB6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B76D5835-2C50-4752-B2EF-E31562028BD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D34A3A7E-D05E-4783-A39B-5E167899CB48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5AF09DC5-2BE4-4730-A75F-8F027E9F519F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C43456A7-CF6D-48E5-B497-5FC6DE8AE086}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

10-04-2017 01:46:14 start of sys restore
10-04-2017 07:19:29 Revo Uninstaller's restore point - Freemake Video Converter version 4.1.3
10-04-2017 10:43:29 Revo Uninstaller's restore point - Origin
10-04-2017 23:41:13 b4 trying mal again
11-04-2017 13:51:34 Revo Uninstaller's restore point - Freemake Video Converter version 4.1.9
11-04-2017 17:36:07 IIF_MSI
11-04-2017 21:10:28 Revo Uninstaller's restore point - Malwarebytes version 3.0.6.1469
12-04-2017 06:02:54 Windows Update
12-04-2017 07:12:11 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/12/2017 08:04:36 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/12/2017 08:04:36 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/12/2017 03:20:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/12/2017 02:09:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/12/2017 12:58:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 16344.88 MB
Available physical RAM: 12272.87 MB
Total Virtual: 32687.93 MB
Available Virtual: 28409.14 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:1849.34 GB) (Free:502.03 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:5588.9 GB) (Free:1040 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6E9B76CD)
Partition 1: (Not Active) - (Size=1849.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 5589 GB) (Disk ID: 00068DDD)

Partition: GPT.

==================== End of Addition.txt ============================

#48
RKinner

Posted 12 April 2017 - 08:48 PM

Malware Expert

Expert
24,624 posts

I would try creating a new user. Give the new user admin rights and then boot into the new user. See if the new user can run VEW.

Also try sfc /scannow as before.

#49
louuu

Posted 12 April 2017 - 09:13 PM

Member

Topic Starter
Member
260 posts

I created a new user with admin rights and booted into that user but vew could not run and had the same error as before. I remember that the vew program stopped working after we made the 3 changes in services.msn for Virtual Disk, Windows Media Player Network Sharing and Windows Driver Foundation - User-mode Driver Framework.

then I went back into my normal user and ran the sfc /scannow and that did complete 100% successfully with no errors. it said the windows resource protection did not find any integrity violations. thank you and ill wait for your reply.

Edited by louuu, 12 April 2017 - 09:24 PM.

#50
RKinner

Posted 13 April 2017 - 04:56 AM

Malware Expert

Expert
24,624 posts

Go back into services.msc and change Virtual Disk to Automatic OK and reboot. See if that makes a difference. I know the other two are not important

#51
louuu

Posted 13 April 2017 - 06:03 AM

Member

Topic Starter
Member
260 posts

good morning ron. you asked me to change virtual disk to automatic. but when you originally posted about virtual disk heres what you told me to do:

services.msc

hit Enter

find Virtual Disk and right click and select Properties then change the Startup Type: to Automatic. OK.

so right now virtual disk is already on automatic and I don't remember what it was on before you told me to change it to automatic. so did you mean for me to change it to something else and not automatic since its already on automatic based on the prior change we made? thank you.

Edited by louuu, 13 April 2017 - 06:03 AM.

#52
RKinner

Posted 13 April 2017 - 08:16 AM

Malware Expert

Expert
24,624 posts

If Virtual Disk is running then it's not at fault. Go in to Control Panel, User Accounts, Change User Account Control Settings.

Make sure it looks like this:

If it already looks like that then slide the slider to the bottom and OK. Reboot

Try VEW. Same problem?

Regardless of the result:

Go back in and slide the slider back up to where it belongs and OK. Reboot.

Try VEW again.

If it fails both times then we need all-in-one:

Windows Repair all in one

http://www.tweaking....all_in_one.html

Download it and save it then run it.

You can skip to step 4 or 5 where it gives you the same picture as in the above link.

Make sure these are checked before hitting Start:

Reset Registry Permissions

Reset File Permissions

Repair WMI

Remove Policies Set By Infections

Reboot when done and run VEW again as before.

#53
louuu

Posted 13 April 2017 - 09:05 AM

Member

Topic Starter
Member
260 posts

ron I had my user account control settings purposely set to "never notify" because I hate having to always click ok. I know its not supposed to be the safest way to go but ive done that for years since im confident in my double layer of security with Norton and malwarebytes (well as you know malwarebytes isn't working right now because it feezes my computer once it starts). but anyway I went ahead and moved the user account control settings slider back up to the default as shown in your picture and rebooted. upon my computers restart the vew program ran with no problem. so does that mean that having the slider set to "never notify" is what caused vew not to run? I don't know if you wanted the vew text files and in case you do here they are. once we are done fixing everything do you think it would be ok to put the slider back to "never notify" as that's how ive always had it? thank you.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/04/2017 10:47:48 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/04/2017 2:38:39 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 13/04/2017 2:38:39 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 13/04/2017 2:09:28 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.

Log: 'System' Date/Time: 13/04/2017 12:14:18 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.

Log: 'System' Date/Time: 13/04/2017 12:04:36 AM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 12/04/2017 7:20:20 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.

Log: 'System' Date/Time: 12/04/2017 6:09:29 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.

Log: 'System' Date/Time: 12/04/2017 4:58:35 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/04/2017 2:38:14 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 3728 and process 3748 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 13/04/2017 2:35:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/04/2017 2:35:52 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 13/04/2017 2:10:02 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ps.palmws.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/04/2017 2:08:19 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:4f:c6:4d) either went out of range or became unresponsive.

Log: 'System' Date/Time: 13/04/2017 11:56:03 AM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 1908 and process 3144 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 13/04/2017 4:59:09 AM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:4f:c6:4d) either went out of range or became unresponsive.

Log: 'System' Date/Time: 13/04/2017 4:58:56 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/04/2017 4:58:56 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 13/04/2017 1:16:03 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name imrk.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/04/2017 12:43:16 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name tpc.googlesyndication.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/04/2017 12:42:43 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name idsync.rlcdn.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/04/2017 12:11:06 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name sadmin.brightcove.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 12/04/2017 11:59:51 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name b.tiles.mapbox.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 12/04/2017 11:52:50 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 3680 and process 3712 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 12/04/2017 10:21:28 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:4f:c6:4d) either went out of range or became unresponsive.

Log: 'System' Date/Time: 12/04/2017 10:21:16 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 12/04/2017 10:21:16 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 12/04/2017 7:20:49 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name p.adsymptotic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 12/04/2017 6:06:37 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name imrk.net timed out after none of the configured DNS servers responded.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/04/2017 10:49:26 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/04/2017 12:07:27 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Log: 'Application' Date/Time: 13/04/2017 12:07:27 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Log: 'Application' Date/Time: 13/04/2017 12:07:26 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Log: 'Application' Date/Time: 13/04/2017 12:06:12 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0x1358 Faulting application start time: 0x01d2b44e54e87691 Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 959531fa-2041-11e7-8c9b-e006e6a49d8c

Log: 'Application' Date/Time: 13/04/2017 12:06:11 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Log: 'Application' Date/Time: 13/04/2017 12:04:52 PM
Type: Error Category: 0
Event: 35 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 13/04/2017 4:50:27 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program IEXPLORE.EXE version 11.0.9600.18639 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1fe8 Start Time: 01d2b4104a6cb67c Termination Time: 100 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id:

Log: 'Application' Date/Time: 13/04/2017 4:40:15 AM
Type: Error Category: 0
Event: 1533 Source: Microsoft-Windows-User Profiles Service
Windows cannot delete the profile directory C:\Users\Lou 2nd Acct. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/04/2017 2:35:48 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-2502943303-2344771959-3953300128-1004:
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Policies\Microsoft\SystemCertificates
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\SystemCertificates\trust
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\SystemCertificates\Root
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\SystemCertificates\CA

Log: 'Application' Date/Time: 13/04/2017 12:22:23 PM
Type: Warning Category: 3
Event: 4879 Source: Microsoft-Windows-MSDTC Client 2
MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system LUIS8500.

Log: 'Application' Date/Time: 13/04/2017 3:03:36 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2502943303-2344771959-3953300128-1016:
Process 8144 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1016

Log: 'Application' Date/Time: 13/04/2017 12:04:27 AM
Type: Warning Category: 3
Event: 4879 Source: Microsoft-Windows-MSDTC Client 2
MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system LUIS8500.

#54
RKinner

Posted 13 April 2017 - 09:36 AM

Malware Expert

Expert
24,624 posts

Sometimes the registry entries get confused. If you change the slider back it might work OK.

Do you a network mapped drive?

Log: 'Application' Date/Time: 13/04/2017 12:04:27 AM
Type: Warning Category: 3
Event: 4879 Source: Microsoft-Windows-MSDTC Client 2
MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system LUIS8500.

If the network drive doesn't work it will slow things down.

#55
louuu

Posted 13 April 2017 - 09:42 AM

Member

Topic Starter
Member
260 posts

I changed the slider back down to never notify and tried vew and it did work so I just left the slider in the never notify position as that's where I want it.

you asked "Do you a network mapped drive?" im not exactly sure what youre asking but I think youre asking if i have another external drive mapped in my network going to this computer and that answer is no. i did see that LUIS8500 was mentioned in the error and let me try to explain something that will hopefully clarify my computers situation. LUIS8500 the name of my computer. when I go into control panel and system that's whats under computer name. yet, when I go to my c drive and click on users I dont see LUIS8500, I see Eve8500. the reason for that is 4 years ago my sister Evelyn and I bought the same exact computers with the same exact specs and I installed the same exact programs on both computers. her computer name is Eve8500. during the 1st week something went horribly wrong with my system and I lost my hard drive. instead of reinstalling windows, all my computers drivers/preinstalled programs and all the programs i added from scratch i simply cloned her drive since it was the same exact computer and specs and then put it in my system to save myself a lot of work. of course I then deleted her personal stuff but i hope that explains why my computer name is still LUIS8500 but in my c drive under users it says Eve8500. like I said this happened 4 years ago when our computers were only 1 week old and that has never caused me any issues. I hope this clarifies what you were asking.

thank you and ill wait for your reply.

Edited by louuu, 13 April 2017 - 10:29 AM.

#56
RKinner

Posted 13 April 2017 - 08:33 PM

Malware Expert

Expert
24,624 posts

Start, All Programs, Accessories, right click on Command Prompt and Run As Admin.

Type:

msdtc  -uninstall

hit Enter. When the prompt returns:

msdtc  -install

hit Enter.

Hopefully that will stop the error.

#57
louuu

Posted 14 April 2017 - 03:47 AM

Member

Topic Starter
Member
260 posts

good morning ron. I opened command prompt as administrator and did the msdtc -uninstall and msdtc -install commands and then ran vew as administrator and now vew has that run time error 75 problem back again? when I ran those command prompt commands and hit enter after each item the cursor did go to the next line but I never saw an acknowledgement that anything happened? im not sure if that's just how its supposed to go so just in case ive attached a pic of how the command line process went for your to view. so since the run time error 75 came back I went back to one post earlier by you and tried moving the user account control settings back to recommended and tried vew but it still didn't work. so I moved the user account control settings back to never notify and tried vew again and it still didn't work. so then I went ahead and followed your instructions and ran the windows repair all in one and only checked the 5 boxes that you said to check. the default of that program has all 47 boxes checked and I unchecked them all and then only checked the 5 you told me to check. I hope that was the correct way to do it. when that completed I rebooted as requested and ran vew as administrator but again the same run time error 75 came up and that's where I stand now.

as far as how my computer is running, it seems to be running good and is not slow like it was before we started this entire process. on a side note I still have that concern about getting malwarebytes running again and figuring out why it keeps freezing my system. malwarebytes tech support which is only by email is horrible and theyve only answered me once and im waiting 4 days now for their next reply. anyway, thanks and ill wait for your reply.

Attached Thumbnails

Edited by louuu, 14 April 2017 - 03:52 AM.

#58
RKinner

Posted 14 April 2017 - 05:08 AM

Malware Expert

Expert
24,624 posts

I ran the msdtc commands on my PC and VEW still works as before so something else is going on.

Can you try a new download of vew? http://images.malwar...om/vino/VEW.exe

Let's also try:

Full Event Log View This one doesn't need to right click and run as admin.

http://www.nirsoft.n...t_log_view.html

The downloads are near the bottom of the page. Choose the one appropriate for your system.

Download FullEventLogView (32-bit version)

Download FullEventLogView (64-bit version) <==You need this one

Save the file.

Right click on the downloaded file and Extract All, Extract. Doubleclick on FullEventLogView.exe

Once the program starts: Options, Advanced Options and in the new window uncheck Informational verbose and Undefined.

Show only events from the last 1 Days

Now Edit, Select All

File, Save Selected Items, to your desktop, call it events, Save.

Close the program. You should have a file called events.txt on your desktop. Open it, Edit, Select All, Ctrl + c to copy and then move to a Reply and Ctrl +v to paste it into the reply.

#59
louuu

Posted 14 April 2017 - 07:24 AM

Member

Topic Starter
Member
260 posts

so the first thing I did was delete vew and then I downloaded it again and it worked! even though it did work I still went ahead and downloaded and ran the full event log view too. so heres the 2 vew files and the event file from full event log view. thank you and ill wait for your reply.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/04/2017 9:12:07 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/04/2017 7:35:33 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 20.

Log: 'System' Date/Time: 14/04/2017 1:47:33 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 20.

Log: 'System' Date/Time: 13/04/2017 5:43:42 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.

Log: 'System' Date/Time: 13/04/2017 4:30:36 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 20.

Log: 'System' Date/Time: 13/04/2017 2:38:39 PM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 13/04/2017 2:09:28 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.

Log: 'System' Date/Time: 13/04/2017 12:14:18 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.

Log: 'System' Date/Time: 13/04/2017 12:04:36 AM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 12/04/2017 7:20:20 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.

Log: 'System' Date/Time: 12/04/2017 6:09:29 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.

Log: 'System' Date/Time: 12/04/2017 4:58:35 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/04/2017 9:35:24 AM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 3812 and process 3824 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 14/04/2017 9:32:57 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 14/04/2017 9:32:57 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 14/04/2017 8:56:27 AM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 836 and process 2200 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 14/04/2017 8:54:27 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 14/04/2017 8:54:27 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 14/04/2017 7:27:55 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/04/2017 9:57:57 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:4f:c6:4d) either went out of range or became unresponsive.

Log: 'System' Date/Time: 13/04/2017 2:38:14 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 3728 and process 3748 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 13/04/2017 2:35:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/04/2017 2:08:19 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:4f:c6:4d) either went out of range or became unresponsive.

Log: 'System' Date/Time: 13/04/2017 4:59:09 AM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:4f:c6:4d) either went out of range or became unresponsive.

Log: 'System' Date/Time: 13/04/2017 4:58:56 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/04/2017 9:12:49 AM

Note: All dates below are in the format dd/mm/yyyy

Log: 'Application' Date/Time: 14/04/2017 9:30:25 AM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVCLEAN.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 14/04/2017 9:30:25 AM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVCLEANALERT.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 14/04/2017 9:30:25 AM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVALERT.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 14/04/2017 9:30:25 AM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVSUMMARY.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 14/04/2017 9:30:18 AM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 14/04/2017 9:30:01 AM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 14/04/2017 8:32:36 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Log: 'Application' Date/Time: 14/04/2017 8:32:15 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Log: 'Application' Date/Time: 14/04/2017 8:32:14 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Log: 'Application' Date/Time: 14/04/2017 7:45:12 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0x1c18 Faulting application start time: 0x01d2b4f2d819ed4a Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 4a232e54-20e6-11e7-a53a-e006e6a49d8c

Log: 'Application' Date/Time: 14/04/2017 7:45:07 AM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Log: 'Application' Date/Time: 14/04/2017 7:24:10 AM
Type: Error Category: 0
Event: 35 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 13/04/2017 6:30:29 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Log: 'Application' Date/Time: 13/04/2017 5:40:42 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Log: 'Application' Date/Time: 13/04/2017 12:07:27 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/04/2017 12:04:54 PM
Type: Warning Category: 3
Event: 4879 Source: Microsoft-Windows-MSDTC Client 2
MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system LUIS8500.

Log: 'Application' Date/Time: 14/04/2017 9:31:48 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/04/2017 9:31:24 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/04/2017 9:31:22 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/04/2017 9:31:19 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/04/2017 9:31:19 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/04/2017 9:31:18 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/04/2017 9:31:18 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/04/2017 9:31:18 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/04/2017 9:31:16 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/04/2017 9:31:13 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

==================================================
Event Time        : 4/13/2017 10:08:19 AM.893
Record ID         : 1296522
Event ID          : 2
Level             : Warning
Channel           : System
Provider          : HidBth
Description       : Bluetooth HID device (00:1f:20:4f:c6:4d) either went out of range or became unresponsive.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/13/2017 10:09:28 AM.508
Record ID         : 1296524
Event ID          : 36887
Level             : Error
Channel           : System
Provider          : Schannel
Description       : The following fatal alert was received: 70.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 880
Thread ID         : 6352
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:09:28 AM.548
Record ID         : 1296525
Event ID          : 36887
Level             : Error
Channel           : System
Provider          : Schannel
Description       : The following fatal alert was received: 70.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 880
Thread ID         : 6352
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:10:02 AM.728
Record ID         : 1296526
Event ID          : 1014
Level             : Warning
Channel           : System
Provider          : Microsoft-Windows-DNS-Client
Description       : Name resolution for the name ps.palmws.com timed out after none of the configured DNS servers responded.
Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 1404
Thread ID         : 6624
Computer          : Luis8500
User              : NT AUTHORITY\NETWORK SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 10:35:48 AM.533
Record ID         : 286426
Event ID          : 1530
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-User Profiles Service
Description       : Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
6 user registry handles leaked from \Registry\User\S-1-5-21-2502943303-2344771959-3953300128-1004:
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Policies\Microsoft\SystemCertificates
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\SystemCertificates\trust
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\SystemCertificates\Root
Process 2152 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\SystemCertificates\CA

Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1112
Thread ID         : 1968
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:35:52 AM.791
Record ID         : 1296590
Event ID          : 10002
Level             : Warning
Channel           : System
Provider          : Microsoft-Windows-WLAN-AutoConfig
Description       : WLAN Extensibility Module has stopped.

Module Path: C:\Windows\system32\athihvs.dll

Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 652
Thread ID         : 5952
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:35:52 AM.791
Record ID         : 1296591
Event ID          : 4001
Level             : Warning
Channel           : System
Provider          : Microsoft-Windows-WLAN-AutoConfig
Description       : WLAN AutoConfig service has successfully stopped.

Opcode            : Stop (2)
Task              :
Keywords          : 0x4000000000000000
Process ID        : 652
Thread ID         : 5952
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:37:58 AM.791
Record ID         : 147947
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3340
Thread ID         : 3632
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.430
Record ID         : 147949
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.430
Record ID         : 147948
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {724EF170-A42D-4FEF-9F26-B60E846FBA4F} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.446
Record ID         : 147951
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.446
Record ID         : 147950
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070003 occurred while verifying known folder {9E52AB10-F80D-49DF-ACB8-4330F5687855} with path 'C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.461
Record ID         : 147952
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {4BD8D571-6D19-48D3-BE97-422220080E43} with path 'C:\Windows\system32\config\systemprofile\Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.461
Record ID         : 147959
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {8983036C-27C0-404B-8F08-102D10DCFD74} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.461
Record ID         : 147960
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {A63293E8-664E-48DB-A079-DF759E0509F7} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.461
Record ID         : 147957
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {9274BD8D-CFD1-41C3-B35E-B13F55A758F4} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.461
Record ID         : 147953
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {33E28130-4E1E-4676-835A-98395C3BC3BB} with path 'C:\Windows\system32\config\systemprofile\Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.461
Record ID         : 147954
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {18989B1D-99B5-455B-841C-AB7C74E4DDFC} with path 'C:\Windows\system32\config\systemprofile\Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.461
Record ID         : 147956
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.461
Record ID         : 147955
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C5ABBF53-E17F-4121-8900-86626FC2C973} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:09 AM.461
Record ID         : 147958
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {AE50C081-EBD2-438A-8655-8A092E34987A} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3472
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:38:14 AM.422
Record ID         : 1296696
Event ID          : 7039
Level             : Warning
Channel           : System
Provider          : Service Control Manager
Description       : A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 3728 and process 3748 connected instead.

Note that if this service is configured to start under a debugger, this behavior is expected.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 832
Thread ID         : 836
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/13/2017 10:38:23 AM.673
Record ID         : 12072
Event ID          : 5001
Level             : Error
Channel           : Microsoft-Windows-HomeGroup Provider Service/Operational
Provider          : Microsoft-Windows-HomeGroup-ProviderService
Description       : Provider service initialization failed. Details: An instance of the service is already running.

Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 492
Thread ID         : 4924
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 10:38:39 AM.000
Record ID         : 1296728
Event ID          : 1
Level             : Error
Channel           : System
Provider          : VDS Basic Provider
Description       : Unexpected failure. Error code: D@01010004
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/13/2017 10:38:39 AM.000
Record ID         : 1296729
Event ID          : 1
Level             : Error
Channel           : System
Provider          : VDS Basic Provider
Description       : Unexpected failure. Error code: D@01010004
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/13/2017 10:38:39 AM.000
Record ID         : 1296730
Event ID          : 1
Level             : Error
Channel           : System
Provider          : VDS Basic Provider
Description       : Unexpected failure. Error code: D@01010004
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/13/2017 10:39:43 AM.987
Record ID         : 4069
Event ID          : 1001
Level             : Error
Channel           : Microsoft-Windows-Dhcp-Client/Admin
Provider          : Microsoft-Windows-Dhcp-Client
Description       : Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x8206E6A49D8B. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Opcode            : IpAddressNotAssigned (75)
Task              : Address Configuration State Event (3)
Keywords          : 0x4000000000000000
Process ID        : 492
Thread ID         : 1824
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.219
Record ID         : 147962
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.219
Record ID         : 147963
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070003 occurred while verifying known folder {9E52AB10-F80D-49DF-ACB8-4330F5687855} with path 'C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.219
Record ID         : 147964
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.219
Record ID         : 147961
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {724EF170-A42D-4FEF-9F26-B60E846FBA4F} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.229
Record ID         : 147969
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.229
Record ID         : 147966
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {33E28130-4E1E-4676-835A-98395C3BC3BB} with path 'C:\Windows\system32\config\systemprofile\Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.229
Record ID         : 147970
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {9274BD8D-CFD1-41C3-B35E-B13F55A758F4} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.229
Record ID         : 147973
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {A63293E8-664E-48DB-A079-DF759E0509F7} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.229
Record ID         : 147972
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {8983036C-27C0-404B-8F08-102D10DCFD74} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.229
Record ID         : 147967
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {18989B1D-99B5-455B-841C-AB7C74E4DDFC} with path 'C:\Windows\system32\config\systemprofile\Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.229
Record ID         : 147968
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C5ABBF53-E17F-4121-8900-86626FC2C973} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.229
Record ID         : 147971
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {AE50C081-EBD2-438A-8655-8A092E34987A} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:04 AM.229
Record ID         : 147965
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {4BD8D571-6D19-48D3-BE97-422220080E43} with path 'C:\Windows\system32\config\systemprofile\Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 2456
Thread ID         : 3808
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:40:11 AM.089
Record ID         : 39334
Event ID          : 102
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : This driver took longer to initialize, resulting in a performance degradation in the system start up process:
     File Name  : SRTSP
     Friendly Name  : Symantec AutoProtect
     Version  : 14.6.2.2
     Total Time  : 2754ms
     Degradation Time : 1240ms
     Incident Time (UTC) : ‎2017‎-‎04‎-‎13T14:37:04.718400400Z
Opcode            : Boot Degradation (33)
Task              : Boot Performance Monitoring (4002)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 928
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 10:40:11 AM.089
Record ID         : 39333
Event ID          : 100
Level             : Error
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : Windows has started up:
     Boot Duration  : 95357ms
     IsDegradation  : false
     Incident Time (UTC) : ‎2017‎-‎04‎-‎13T14:37:04.718400400Z
Opcode            : Boot Information (34)
Task              : Boot Performance Monitoring (4002)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 928
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 10:41:20 AM.228
Record ID         : 147977
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4264
Thread ID         : 4420
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:41:20 AM.228
Record ID         : 147976
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4264
Thread ID         : 4420
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:41:20 AM.228
Record ID         : 147975
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {625B53C3-AB48-4EC1-BA1F-A1EF4146FC19} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4264
Thread ID         : 4420
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:41:20 AM.228
Record ID         : 147974
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {1777F761-68AD-4D8A-87BD-30B759FA33DD} with path 'C:\Windows\system32\config\systemprofile\Favorites'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4264
Thread ID         : 4420
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:49:46 AM.065
Record ID         : 18030
Event ID          : 310
Level             : Warning
Channel           : Microsoft-Windows-Bits-Client/Operational
Provider          : Microsoft-Windows-Bits-Client
Description       : The initialization of the peer helper modules failed with the following error: 0x80070032.
Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 1092
Thread ID         : 5308
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 12:30:36 PM.705
Record ID         : 1296804
Event ID          : 36887
Level             : Error
Channel           : System
Provider          : Schannel
Description       : The following fatal alert was received: 20.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 848
Thread ID         : 1088
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 1:40:42 PM.000
Record ID         : 286477
Event ID          : 1008
Level             : Error
Channel           : Application
Provider          : Microsoft-Windows-CEIP
Description       : A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/13/2017 1:43:42 PM.470
Record ID         : 1296815
Event ID          : 36887
Level             : Error
Channel           : System
Provider          : Schannel
Description       : The following fatal alert was received: 40.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 848
Thread ID         : 1224
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 2:30:29 PM.000
Record ID         : 286479
Event ID          : 1008
Level             : Error
Channel           : Application
Provider          : Microsoft-Windows-CEIP
Description       : A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/13/2017 4:46:35 PM.689
Record ID         : 4070
Event ID          : 1003
Level             : Warning
Channel           : Microsoft-Windows-Dhcp-Client/Admin
Provider          : Microsoft-Windows-Dhcp-Client
Description       : Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0x180373353C75. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Opcode            : IpLeaseRenewalFailed (77)
Task              : Address Configuration State Event (3)
Keywords          : 0x4000000000000000
Process ID        : 492
Thread ID         : 5812
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 5:54:59 PM.754
Record ID         : 3758
Event ID          : 808
Level             : Error
Channel           : Microsoft-Windows-PrintService/Admin
Provider          : Microsoft-Windows-PrintService
Description       : The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\E_IUIC1ACA.DLL, error code 0xc1. See the event user data for context information.
Opcode            : Spooler Operation Failed (12)
Task              : Initializing (36)
Keywords          : Print Spooler
Process ID        : 4296
Thread ID         : 3692
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/13/2017 5:54:59 PM.754
Record ID         : 3757
Event ID          : 808
Level             : Error
Channel           : Microsoft-Windows-PrintService/Admin
Provider          : Microsoft-Windows-PrintService
Description       : The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\E_IUIC1ACA.DLL, error code 0xc1. See the event user data for context information.
Opcode            : Spooler Operation Failed (12)
Task              : Initializing (36)
Keywords          : Print Spooler
Process ID        : 4296
Thread ID         : 3692
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/13/2017 5:57:57 PM.910
Record ID         : 1296866
Event ID          : 2
Level             : Warning
Channel           : System
Provider          : HidBth
Description       : Bluetooth HID device (00:1f:20:4f:c6:4d) either went out of range or became unresponsive.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/13/2017 8:00:22 PM.179
Record ID         : 39336
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A sharp degradation in Desktop Window Manager responsiveness was observed.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6548
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 8:00:22 PM.179
Record ID         : 39335
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6548
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 8:05:55 PM.000
Record ID         : 286488
Event ID          : 4879
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-MSDTC Client 2
Description       : MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system LUIS8500.
Opcode            :
Task              : CM (3)
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/13/2017 8:30:50 PM.180
Record ID         : 39337
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 1816
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 8:30:50 PM.180
Record ID         : 39338
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A sharp degradation in Desktop Window Manager responsiveness was observed.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 1816
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 9:31:06 PM.178
Record ID         : 39339
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 5268
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 9:31:06 PM.178
Record ID         : 39340
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A sharp degradation in Desktop Window Manager responsiveness was observed.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 5268
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 9:47:33 PM.952
Record ID         : 1296968
Event ID          : 36887
Level             : Error
Channel           : System
Provider          : Schannel
Description       : The following fatal alert was received: 20.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 848
Thread ID         : 6216
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/13/2017 10:31:14 PM.177
Record ID         : 39341
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6408
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 10:31:14 PM.177
Record ID         : 39342
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A sharp degradation in Desktop Window Manager responsiveness was observed.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6408
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 11:38:20 PM.182
Record ID         : 39343
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6036
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/13/2017 11:38:20 PM.182
Record ID         : 39344
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A sharp degradation in Desktop Window Manager responsiveness was observed.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6036
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 12:38:26 AM.182
Record ID         : 39346
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A sharp degradation in Desktop Window Manager responsiveness was observed.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6768
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 12:38:26 AM.182
Record ID         : 39345
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6768
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 1:38:22 AM.179
Record ID         : 39348
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A sharp degradation in Desktop Window Manager responsiveness was observed.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 1256
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 1:38:22 AM.179
Record ID         : 39347
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 1256
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 2:38:28 AM.176
Record ID         : 39349
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 5684
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 2:38:28 AM.176
Record ID         : 39350
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A sharp degradation in Desktop Window Manager responsiveness was observed.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 5684
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 3:10:40 AM.174
Record ID         : 39351
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 5180
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 3:10:40 AM.174
Record ID         : 39352
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A consistent degradation in frame rate for the Desktop Window Manager was observed over a period of time.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 5180
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 3:24:10 AM.000
Record ID         : 286503
Event ID          : 35
Level             : Error
Channel           : Application
Provider          : SideBySide
Description       : Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 3:27:55 AM.604
Record ID         : 1297018
Event ID          : 1014
Level             : Warning
Channel           : System
Provider          : Microsoft-Windows-DNS-Client
Description       : Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 1372
Thread ID         : 708
Computer          : Luis8500
User              : NT AUTHORITY\NETWORK SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 3:35:33 AM.718
Record ID         : 1297024
Event ID          : 36887
Level             : Error
Channel           : System
Provider          : Schannel
Description       : The following fatal alert was received: 20.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 848
Thread ID         : 924
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 3:45:07 AM.000
Record ID         : 286505
Event ID          : 1026
Level             : Error
Channel           : Application
Provider          : .NET Runtime
Description       : Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 3:45:12 AM.000
Record ID         : 286506
Event ID          : 1000
Level             : Error
Channel           : Application
Provider          : Application Error
Description       : Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23714, time stamp: 0x58bf87bb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x1c18
Faulting application start time: 0x01d2b4f2d819ed4a
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 4a232e54-20e6-11e7-a53a-e006e6a49d8c
Opcode            :
Task              : Application Crashing Events (100)
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 4:10:50 AM.172
Record ID         : 39353
Event ID          : 500
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Scenario : The Desktop Window Manager responsiveness has degraded.
Opcode            : Video Memory Degradation (39)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6368
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 4:10:50 AM.172
Record ID         : 39354
Event ID          : 501
Level             : Warning
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : The Desktop Window Manager is experiencing heavy resource contention.
     Reason : Graphics subsystem resources are over-utilized.
     Diagnosis : A sharp degradation in Desktop Window Manager responsiveness was observed.
Opcode            : Video Memory Responsiveness (42)
Task              : Desktop Window Manager Monitoring (4006)
Keywords          : Event Log
Process ID        : 1536
Thread ID         : 6368
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 4:32:14 AM.000
Record ID         : 286509
Event ID          : 80
Level             : Error
Channel           : Application
Provider          : SideBySide
Description       : Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 4:32:15 AM.000
Record ID         : 286510
Event ID          : 80
Level             : Error
Channel           : Application
Provider          : SideBySide
Description       : Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 4:32:36 AM.000
Record ID         : 286511
Event ID          : 80
Level             : Error
Channel           : Application
Provider          : SideBySide
Description       : Activation context generation failed for "c:\program files (x86)\nero\nero8\nero toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 4:52:33 AM.769
Record ID         : 147980
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1764
Thread ID         : 3640
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:52:33 AM.769
Record ID         : 147978
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070003 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1764
Thread ID         : 3640
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:52:33 AM.769
Record ID         : 147981
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070003 occurred while verifying known folder {A77F5D77-2E2B-44C3-A6A2-ABA601054A51} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1764
Thread ID         : 3640
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:52:33 AM.769
Record ID         : 147982
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1764
Thread ID         : 3640
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:52:33 AM.769
Record ID         : 147979
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {625B53C3-AB48-4EC1-BA1F-A1EF4146FC19} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1764
Thread ID         : 3640
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:54:27 AM.538
Record ID         : 1297101
Event ID          : 4001
Level             : Warning
Channel           : System
Provider          : Microsoft-Windows-WLAN-AutoConfig
Description       : WLAN AutoConfig service has successfully stopped.

Opcode            : Stop (2)
Task              :
Keywords          : 0x4000000000000000
Process ID        : 488
Thread ID         : 6292
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:54:27 AM.538
Record ID         : 1297100
Event ID          : 10002
Level             : Warning
Channel           : System
Provider          : Microsoft-Windows-WLAN-AutoConfig
Description       : WLAN Extensibility Module has stopped.

Module Path: C:\Windows\system32\athihvs.dll

Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 488
Thread ID         : 6292
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:04 AM.430
Record ID         : 147983
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3356
Thread ID         : 3380
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:07 AM.512
Record ID         : 147984
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {724EF170-A42D-4FEF-9F26-B60E846FBA4F} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:07 AM.699
Record ID         : 147985
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.042
Record ID         : 147986
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070003 occurred while verifying known folder {9E52AB10-F80D-49DF-ACB8-4330F5687855} with path 'C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.042
Record ID         : 147989
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {33E28130-4E1E-4676-835A-98395C3BC3BB} with path 'C:\Windows\system32\config\systemprofile\Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.042
Record ID         : 147988
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {4BD8D571-6D19-48D3-BE97-422220080E43} with path 'C:\Windows\system32\config\systemprofile\Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.042
Record ID         : 147990
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {18989B1D-99B5-455B-841C-AB7C74E4DDFC} with path 'C:\Windows\system32\config\systemprofile\Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.042
Record ID         : 147991
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C5ABBF53-E17F-4121-8900-86626FC2C973} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.042
Record ID         : 147992
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.042
Record ID         : 147993
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {9274BD8D-CFD1-41C3-B35E-B13F55A758F4} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.042
Record ID         : 147987
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.058
Record ID         : 147995
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {8983036C-27C0-404B-8F08-102D10DCFD74} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.058
Record ID         : 147994
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {AE50C081-EBD2-438A-8655-8A092E34987A} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:08 AM.058
Record ID         : 147996
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {A63293E8-664E-48DB-A079-DF759E0509F7} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 3200
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:56:27 AM.027
Record ID         : 1297211
Event ID          : 7039
Level             : Warning
Channel           : System
Provider          : Service Control Manager
Description       : A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 836 and process 2200 connected instead.

Note that if this service is configured to start under a debugger, this behavior is expected.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 824
Thread ID         : 828
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 4:56:31 AM.723
Record ID         : 12075
Event ID          : 5001
Level             : Error
Channel           : Microsoft-Windows-HomeGroup Provider Service/Operational
Provider          : Microsoft-Windows-HomeGroup-ProviderService
Description       : Provider service initialization failed. Details: An instance of the service is already running.

Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 684
Thread ID         : 4108
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 4:57:17 AM.220
Record ID         : 4490
Event ID          : 4
Level             : Warning
Channel           : Microsoft-Windows-Kernel-EventTracing/Admin
Provider          : Microsoft-Windows-Kernel-EventTracing
Description       : The maximum file size for session "ReadyBoot" has been reached. As a result, events might be lost (not logged) to file "C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl". The maximum files size is currently set to 20971520 bytes.
Opcode            : Write Buffer (10)
Task              : Logging (1)
Keywords          : Session
Process ID        : 4
Thread ID         : 244
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:57:55 AM.924
Record ID         : 4071
Event ID          : 1001
Level             : Error
Channel           : Microsoft-Windows-Dhcp-Client/Admin
Provider          : Microsoft-Windows-Dhcp-Client
Description       : Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x8206E6A49D8B. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Opcode            : IpAddressNotAssigned (75)
Task              : Address Configuration State Event (3)
Keywords          : 0x4000000000000000
Process ID        : 684
Thread ID         : 1852
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 4:58:25 AM.146
Record ID         : 39355
Event ID          : 100
Level             : Error
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : Windows has started up:
     Boot Duration  : 81115ms
     IsDegradation  : false
     Incident Time (UTC) : ‎2017‎-‎04‎-‎14T08:55:28.734000400Z
Opcode            : Boot Information (34)
Task              : Boot Performance Monitoring (4002)
Keywords          : Event Log
Process ID        : 1512
Thread ID         : 5392
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.784
Record ID         : 147999
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070003 occurred while verifying known folder {9E52AB10-F80D-49DF-ACB8-4330F5687855} with path 'C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.784
Record ID         : 147998
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.784
Record ID         : 147997
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {724EF170-A42D-4FEF-9F26-B60E846FBA4F} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.794
Record ID         : 148001
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {4BD8D571-6D19-48D3-BE97-422220080E43} with path 'C:\Windows\system32\config\systemprofile\Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.794
Record ID         : 148004
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C5ABBF53-E17F-4121-8900-86626FC2C973} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.794
Record ID         : 148005
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.794
Record ID         : 148006
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {9274BD8D-CFD1-41C3-B35E-B13F55A758F4} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.794
Record ID         : 148003
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {18989B1D-99B5-455B-841C-AB7C74E4DDFC} with path 'C:\Windows\system32\config\systemprofile\Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.794
Record ID         : 148002
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {33E28130-4E1E-4676-835A-98395C3BC3BB} with path 'C:\Windows\system32\config\systemprofile\Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.794
Record ID         : 148000
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.804
Record ID         : 148008
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {8983036C-27C0-404B-8F08-102D10DCFD74} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.804
Record ID         : 148007
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {AE50C081-EBD2-438A-8655-8A092E34987A} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:04 AM.804
Record ID         : 148009
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {A63293E8-664E-48DB-A079-DF759E0509F7} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3064
Thread ID         : 2024
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:43 AM.039
Record ID         : 148012
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4476
Thread ID         : 5648
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:43 AM.039
Record ID         : 148010
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {1777F761-68AD-4D8A-87BD-30B759FA33DD} with path 'C:\Windows\system32\config\systemprofile\Favorites'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4476
Thread ID         : 5648
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:43 AM.039
Record ID         : 148013
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4476
Thread ID         : 5648
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 4:59:43 AM.039
Record ID         : 148011
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {625B53C3-AB48-4EC1-BA1F-A1EF4146FC19} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4476
Thread ID         : 5648
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:12:54 AM.014
Record ID         : 148014
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {AE50C081-EBD2-438A-8655-8A092E34987A} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1284
Thread ID         : 3316
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:12:54 AM.864
Record ID         : 148015
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1284
Thread ID         : 3316
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:04 AM.080
Record ID         : 148016
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4580
Thread ID         : 4332
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:49 AM.000
Record ID         : 286569
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:49 AM.000
Record ID         : 286571
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:49 AM.000
Record ID         : 286572
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:49 AM.000
Record ID         : 286565
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:49 AM.000
Record ID         : 286567
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:49 AM.000
Record ID         : 286570
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:49 AM.000
Record ID         : 286568
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:49 AM.000
Record ID         : 286566
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:50 AM.000
Record ID         : 286576
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:50 AM.000
Record ID         : 286578
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:50 AM.000
Record ID         : 286577
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:50 AM.000
Record ID         : 286573
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:50 AM.000
Record ID         : 286575
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:29:50 AM.000
Record ID         : 286574
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:00 AM.000
Record ID         : 286580
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:00 AM.000
Record ID         : 286579
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:01 AM.000
Record ID         : 286581
Event ID          : 4
Level             : Error
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF while recovering .MOF file marked with autorecover.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 5:30:09 AM.000
Record ID         : 286583
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:09 AM.000
Record ID         : 286582
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:18 AM.000
Record ID         : 286584
Event ID          : 4
Level             : Error
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL while recovering .MOF file marked with autorecover.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 5:30:24 AM.000
Record ID         : 286586
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, OffProv12, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS12 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:24 AM.000
Record ID         : 286588
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, InvProv, has been registered in the Windows Management Instrumentation namespace Root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:24 AM.000
Record ID         : 286585
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, OffProv12, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS12 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:24 AM.000
Record ID         : 286587
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, InvProv, has been registered in the Windows Management Instrumentation namespace Root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:25 AM.000
Record ID         : 286591
Event ID          : 4
Level             : Error
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVCLEANALERT.MOF while recovering .MOF file marked with autorecover.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 5:30:25 AM.000
Record ID         : 286592
Event ID          : 4
Level             : Error
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVCLEAN.MOF while recovering .MOF file marked with autorecover.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 5:30:25 AM.000
Record ID         : 286589
Event ID          : 4
Level             : Error
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVSUMMARY.MOF while recovering .MOF file marked with autorecover.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 5:30:25 AM.000
Record ID         : 286590
Event ID          : 4
Level             : Error
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : Error 0x8004401e encountered when trying to load MOF C:\PROGRAM FILES\DELL\DELLDATAVAULT\DDVALERT.MOF while recovering .MOF file marked with autorecover.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 5:30:26 AM.635
Record ID         : 148017
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {AE50C081-EBD2-438A-8655-8A092E34987A} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4580
Thread ID         : 4332
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:31 AM.000
Record ID         : 286593
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:30:31 AM.000
Record ID         : 286594
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:31:01 AM.000
Record ID         : 286597
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, OffProv12, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS12 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:01 AM.000
Record ID         : 286598
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, OffProv12, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS12 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:02 AM.675
Record ID         : 148018
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4} with path 'C:\Windows\system32\config\systemprofile\Saved Games'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4580
Thread ID         : 2152
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:31:04 AM.000
Record ID         : 286599
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, InvProv, has been registered in the Windows Management Instrumentation namespace Root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:04 AM.000
Record ID         : 286600
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, InvProv, has been registered in the Windows Management Instrumentation namespace Root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:06 AM.000
Record ID         : 286606
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, SystemConfigurationChangeEvents, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:06 AM.000
Record ID         : 286605
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, SystemConfigurationChangeEvents, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:06 AM.000
Record ID         : 286601
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, MS_Power_Management_Event_Provider, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:06 AM.000
Record ID         : 286602
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, MS_Power_Management_Event_Provider, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:06 AM.000
Record ID         : 286603
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, VolumeChangeEvents, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:06 AM.000
Record ID         : 286604
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, VolumeChangeEvents, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:13 AM.000
Record ID         : 286607
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:13 AM.000
Record ID         : 286608
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:16 AM.000
Record ID         : 286610
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:16 AM.000
Record ID         : 286609
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:18 AM.000
Record ID         : 286614
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:18 AM.000
Record ID         : 286616
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:18 AM.000
Record ID         : 286613
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:18 AM.000
Record ID         : 286612
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:18 AM.000
Record ID         : 286615
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:18 AM.000
Record ID         : 286611
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:19 AM.000
Record ID         : 286617
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:19 AM.000
Record ID         : 286619
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:19 AM.000
Record ID         : 286620
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:19 AM.000
Record ID         : 286618
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:22 AM.000
Record ID         : 286622
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:22 AM.000
Record ID         : 286621
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:24 AM.000
Record ID         : 286623
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:24 AM.000
Record ID         : 286624
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:48 AM.000
Record ID         : 286626
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:31:48 AM.000
Record ID         : 286625
Event ID          : 63
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-WMI
Description       : A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              : LUIS8500\Eve8500
==================================================

==================================================
Event Time        : 4/14/2017 5:32:57 AM.475
Record ID         : 1297358
Event ID          : 4001
Level             : Warning
Channel           : System
Provider          : Microsoft-Windows-WLAN-AutoConfig
Description       : WLAN AutoConfig service has successfully stopped.

Opcode            : Stop (2)
Task              :
Keywords          : 0x4000000000000000
Process ID        : 736
Thread ID         : 1084
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:32:57 AM.475
Record ID         : 1297356
Event ID          : 10002
Level             : Warning
Channel           : System
Provider          : Microsoft-Windows-WLAN-AutoConfig
Description       : WLAN Extensibility Module has stopped.

Module Path: C:\Windows\system32\athihvs.dll

Opcode            :
Task              :
Keywords          : 0x4000000000000000
Process ID        : 736
Thread ID         : 1084
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:07 AM.000
Record ID         : 148019
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 3520
Thread ID         : 3544
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.757
Record ID         : 148021
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.757
Record ID         : 148022
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070003 occurred while verifying known folder {9E52AB10-F80D-49DF-ACB8-4330F5687855} with path 'C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.757
Record ID         : 148023
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.757
Record ID         : 148020
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {724EF170-A42D-4FEF-9F26-B60E846FBA4F} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.772
Record ID         : 148024
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {4BD8D571-6D19-48D3-BE97-422220080E43} with path 'C:\Windows\system32\config\systemprofile\Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.772
Record ID         : 148025
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {33E28130-4E1E-4676-835A-98395C3BC3BB} with path 'C:\Windows\system32\config\systemprofile\Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.772
Record ID         : 148026
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {18989B1D-99B5-455B-841C-AB7C74E4DDFC} with path 'C:\Windows\system32\config\systemprofile\Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.772
Record ID         : 148027
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C5ABBF53-E17F-4121-8900-86626FC2C973} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.772
Record ID         : 148028
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.772
Record ID         : 148032
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {A63293E8-664E-48DB-A079-DF759E0509F7} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.772
Record ID         : 148031
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {8983036C-27C0-404B-8F08-102D10DCFD74} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.772
Record ID         : 148030
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {AE50C081-EBD2-438A-8655-8A092E34987A} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:12 AM.772
Record ID         : 148029
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {9274BD8D-CFD1-41C3-B35E-B13F55A758F4} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 4056
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:35:24 AM.847
Record ID         : 1297464
Event ID          : 7039
Level             : Warning
Channel           : System
Provider          : Service Control Manager
Description       : A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 3812 and process 3824 connected instead.

Note that if this service is configured to start under a debugger, this behavior is expected.
Opcode            :
Task              :
Keywords          : Classic
Process ID        : 844
Thread ID         : 848
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 5:35:30 AM.868
Record ID         : 12080
Event ID          : 5001
Level             : Error
Channel           : Microsoft-Windows-HomeGroup Provider Service/Operational
Provider          : Microsoft-Windows-HomeGroup-ProviderService
Description       : Provider service initialization failed. Details: An instance of the service is already running.

Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 652
Thread ID         : 4920
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 5:36:24 AM.727
Record ID         : 4491
Event ID          : 4
Level             : Warning
Channel           : Microsoft-Windows-Kernel-EventTracing/Admin
Provider          : Microsoft-Windows-Kernel-EventTracing
Description       : The maximum file size for session "ReadyBoot" has been reached. As a result, events might be lost (not logged) to file "C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl". The maximum files size is currently set to 20971520 bytes.
Opcode            : Write Buffer (10)
Task              : Logging (1)
Keywords          : Session
Process ID        : 4
Thread ID         : 244
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:36:48 AM.049
Record ID         : 4072
Event ID          : 1001
Level             : Error
Channel           : Microsoft-Windows-Dhcp-Client/Admin
Provider          : Microsoft-Windows-Dhcp-Client
Description       : Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x8206E6A49D8B. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Opcode            : IpAddressNotAssigned (75)
Task              : Address Configuration State Event (3)
Keywords          : 0x4000000000000000
Process ID        : 652
Thread ID         : 1848
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.609
Record ID         : 148036
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D} with path 'C:\ProgramData\OEM Links'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.609
Record ID         : 148035
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070003 occurred while verifying known folder {9E52AB10-F80D-49DF-ACB8-4330F5687855} with path 'C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.609
Record ID         : 148034
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B97D20BB-F46A-4C97-BA10-5E3608430854} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.609
Record ID         : 148033
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {724EF170-A42D-4FEF-9F26-B60E846FBA4F} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.619
Record ID         : 148040
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {C5ABBF53-E17F-4121-8900-86626FC2C973} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.619
Record ID         : 148042
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {9274BD8D-CFD1-41C3-B35E-B13F55A758F4} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.619
Record ID         : 148043
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {AE50C081-EBD2-438A-8655-8A092E34987A} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.619
Record ID         : 148044
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {8983036C-27C0-404B-8F08-102D10DCFD74} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.619
Record ID         : 148045
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {A63293E8-664E-48DB-A079-DF759E0509F7} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.619
Record ID         : 148039
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {18989B1D-99B5-455B-841C-AB7C74E4DDFC} with path 'C:\Windows\system32\config\systemprofile\Videos'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.619
Record ID         : 148038
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {33E28130-4E1E-4676-835A-98395C3BC3BB} with path 'C:\Windows\system32\config\systemprofile\Pictures'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.619
Record ID         : 148037
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {4BD8D571-6D19-48D3-BE97-422220080E43} with path 'C:\Windows\system32\config\systemprofile\Music'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:07 AM.619
Record ID         : 148041
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 1584
Thread ID         : 3300
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:37:16 AM.044
Record ID         : 39356
Event ID          : 100
Level             : Error
Channel           : Microsoft-Windows-Diagnostics-Performance/Operational
Provider          : Microsoft-Windows-Diagnostics-Performance
Description       : Windows has started up:
     Boot Duration  : 92726ms
     IsDegradation  : false
     Incident Time (UTC) : ‎2017‎-‎04‎-‎14T09:34:12.734000400Z
Opcode            : Boot Information (34)
Task              : Boot Performance Monitoring (4002)
Keywords          : Event Log
Process ID        : 1524
Thread ID         : 5304
Computer          : Luis8500
User              : NT AUTHORITY\LOCAL SERVICE
==================================================

==================================================
Event Time        : 4/14/2017 5:38:34 AM.780
Record ID         : 148048
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {FDD39AD0-238F-46AF-ADB4-6C85480369C7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4252
Thread ID         : 4196
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:38:34 AM.780
Record ID         : 148047
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {625B53C3-AB48-4EC1-BA1F-A1EF4146FC19} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4252
Thread ID         : 4196
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:38:34 AM.780
Record ID         : 148046
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {1777F761-68AD-4D8A-87BD-30B759FA33DD} with path 'C:\Windows\system32\config\systemprofile\Favorites'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4252
Thread ID         : 4196
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 5:38:34 AM.780
Record ID         : 148049
Event ID          : 1002
Level             : Warning
Channel           : Microsoft-Windows-Known Folders API Service
Provider          : Microsoft-Windows-KnownFolders
Description       : Error 0x80070002 occurred while verifying known folder {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.
Opcode            :
Task              :
Keywords          : 0x8000000000000000
Process ID        : 4252
Thread ID         : 4196
Computer          : Luis8500
User              : NT AUTHORITY\SYSTEM
==================================================

==================================================
Event Time        : 4/14/2017 8:04:54 AM.000
Record ID         : 286686
Event ID          : 4879
Level             : Warning
Channel           : Application
Provider          : Microsoft-Windows-MSDTC Client 2
Description       : MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system LUIS8500.
Opcode            :
Task              : CM (3)
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

==================================================
Event Time        : 4/14/2017 8:35:07 AM.000
Record ID         : 286693
Event ID          : 1008
Level             : Error
Channel           : Application
Provider          : Microsoft-Windows-CEIP
Description       : A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Opcode            :
Task              :
Keywords          : Classic
Process ID        :
Thread ID         :
Computer          : Luis8500
User              :
==================================================

#60
RKinner

Posted 15 April 2017 - 06:22 AM

Malware Expert

Expert
24,624 posts

nero8 is still causing problems.

The fact that VEW went bad and had to be redownloaded is not good. Either something is messing with it or the hard drive has problems. You have a Western Digital drive and it looked pretty good in your Speccy log.

Can you run a new Speccy log and attach it as before?

Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it. Point it at the file and hit Open.

Now click on Attach this file.