Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very slow computer


  • Please log in to reply

#1
lesadale

lesadale

    Member

  • Member
  • PipPip
  • 55 posts

I'm running a Gateway Notepad that uses Windows 7. I'm trying to get it cleaned and hoping to increase the speed. I've done a recover and took the computer back to factory settings. Even with that, I've lost Windows Defender and cannot download it because the download says it comes with my version.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2017
Ran by Weaver (administrator) on WEAVER-PC (26-10-2017 12:02:14)
Running from C:\Users\Weaver\Downloads
Loaded Profiles: Weaver (Available Profiles: Weaver)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Gateway\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-26] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10959464 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [714120 2012-02-07] (Acer Incorporated)
HKU\S-1-5-21-1767854687-1280924145-2151184522-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [456224 2010-07-29] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{0527E8C7-3409-4E72-818B-669186AC1C9A}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=MAGW
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
HKU\S-1-5-21-1767854687-1280924145-2151184522-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=MAGW
HKU\S-1-5-21-1767854687-1280924145-2151184522-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1767854687-1280924145-2151184522-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-26] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default [2017-10-26]
CHR Extension: (Slides) - C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-26]
CHR Extension: (Docs) - C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-26]
CHR Extension: (Google Drive) - C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-26]
CHR Extension: (YouTube) - C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-26]
CHR Extension: (Sheets) - C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-26]
CHR Extension: (Gmail) - C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\Weaver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-26]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ePowerSvc; C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [738688 2012-02-07] (Acer Incorporated)
R2 GREGService; C:\Program Files\Gateway\Registration\GREGsvc.exe [28264 2012-02-29] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 Live Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [255376 2012-02-06] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-12] (ELAN Microelectronics Corp.)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-26 12:02 - 2017-10-26 12:04 - 000009168 _____ C:\Users\Weaver\Downloads\FRST.txt
2017-10-26 11:57 - 2017-10-26 12:02 - 000000000 ____D C:\FRST
2017-10-26 11:54 - 2017-10-26 11:54 - 001799680 _____ (Farbar) C:\Users\Weaver\Downloads\FRST.exe
2017-10-26 09:56 - 2017-10-26 09:57 - 005186048 _____ C:\Users\Weaver\Downloads\WindowsDefender.msi
2017-10-26 09:35 - 2017-10-26 09:36 - 006614344 _____ ( ) C:\Users\Weaver\Downloads\msmsetup.exe
2017-10-26 09:25 - 2017-10-26 09:25 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-26 09:25 - 2017-10-26 09:25 - 000002172 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-26 09:23 - 2017-10-26 10:57 - 000000000 ____D C:\Users\Weaver\AppData\Local\Google
2017-10-26 09:23 - 2017-10-26 09:24 - 000000000 ____D C:\Program Files\Google
2017-10-26 09:17 - 2017-10-26 09:17 - 000000000 ____D C:\Users\Weaver\AppData\Local\Apps\2.0
2017-10-26 09:16 - 2017-10-26 09:23 - 000000000 ____D C:\Users\Weaver\AppData\Local\Deployment
2017-10-25 18:24 - 2017-10-25 18:24 - 000000000 ____D C:\Windows\NAPP_Dism_Log
2017-10-25 18:01 - 2017-10-25 17:59 - 000000000 ____D C:\Program Files\Barnes & Noble
2017-10-25 18:00 - 2017-10-25 18:00 - 000001894 _____ C:\Users\Public\Desktop\Video Web Camera.lnk
2017-10-25 18:00 - 2017-10-25 18:00 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Web Camera
2017-10-25 18:00 - 2017-10-25 18:00 - 000000000 ____D C:\Program Files\Video Web Camera
2017-10-25 17:57 - 2017-10-25 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
2017-10-25 17:57 - 2017-10-25 16:20 - 000000000 ____D C:\Program Files\Preload
2017-10-25 17:55 - 2017-10-25 17:55 - 000000000 ____D C:\ProgramData\CLSK
2017-10-25 17:54 - 2017-10-25 17:59 - 000000000 ____D C:\ProgramData\Temp
2017-10-25 17:54 - 2017-10-25 17:55 - 000000000 ____D C:\ProgramData\install_clap
2017-10-25 17:54 - 2017-10-25 17:54 - 000014996 _____ C:\Windows\system32\results.xml
2017-10-25 17:47 - 2017-10-25 17:47 - 000000000 ____D C:\Windows\system32\RTCOM
2017-10-25 17:46 - 2017-10-25 17:47 - 000000000 ___HD C:\Program Files\Temp
2017-10-25 17:46 - 2012-01-10 08:03 - 000216472 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-10-25 17:46 - 2012-01-10 06:46 - 003932584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2017-10-25 17:46 - 2012-01-09 21:20 - 000058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2017-10-25 17:46 - 2012-01-09 21:16 - 000817600 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2017-10-25 17:46 - 2012-01-09 01:48 - 000107248 _____ C:\Windows\system32\Drivers\RtPCEE4.DAT
2017-10-25 17:46 - 2012-01-06 02:24 - 002378856 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2017-10-25 17:46 - 2012-01-02 00:25 - 003321960 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2017-10-25 17:46 - 2011-12-27 06:00 - 002765312 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2017-10-25 17:46 - 2011-12-23 00:30 - 000617064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2017-10-25 17:46 - 2011-12-19 16:43 - 000192104 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2017-10-25 17:46 - 2011-12-18 04:57 - 005522776 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2017-10-25 17:46 - 2011-12-18 04:57 - 001836376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2017-10-25 17:46 - 2011-12-18 04:57 - 001725784 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2017-10-25 17:46 - 2011-12-18 04:57 - 001099096 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2017-10-25 17:46 - 2011-12-18 04:57 - 000685400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2017-10-25 17:46 - 2011-12-14 23:39 - 000083560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2017-10-25 17:46 - 2011-12-13 07:22 - 002189888 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2017-10-25 17:46 - 2011-12-13 03:58 - 001497704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2017-10-25 17:46 - 2011-12-12 22:01 - 001698408 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-10-25 17:46 - 2011-11-22 03:28 - 000013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2017-10-25 17:46 - 2011-09-26 09:41 - 000000024 _____ C:\Windows\system32\Drivers\rtkhdaud.dat
2017-10-25 17:46 - 2011-09-02 01:21 - 000214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2017-10-25 17:46 - 2011-09-02 01:21 - 000074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2017-10-25 17:46 - 2011-09-02 01:21 - 000068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2017-10-25 17:46 - 2011-08-23 04:00 - 000357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2017-10-25 17:46 - 2011-08-05 12:39 - 000413696 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2017-10-25 17:46 - 2011-08-05 12:39 - 000390656 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2017-10-25 17:46 - 2011-08-05 12:39 - 000327168 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 001509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 001292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 001220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 000654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 000631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 000601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 000458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 000389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 000375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 000218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 000218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2017-10-25 17:46 - 2011-05-30 20:42 - 000218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2017-10-25 17:46 - 2011-05-02 01:27 - 003296600 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2017-10-25 17:46 - 2011-05-02 01:27 - 000345944 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2017-10-25 17:46 - 2011-05-02 01:27 - 000103256 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2017-10-25 17:46 - 2011-05-02 01:27 - 000088408 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2017-10-25 17:46 - 2011-05-02 01:27 - 000061272 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2017-10-25 17:46 - 2011-03-16 23:16 - 001379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-10-25 17:46 - 2011-03-07 04:03 - 000134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-10-25 17:46 - 2010-11-07 18:31 - 000359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2017-10-25 17:46 - 2010-11-07 18:31 - 000295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2017-10-25 17:46 - 2010-11-07 18:31 - 000295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2017-10-25 17:46 - 2010-11-07 18:31 - 000170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2017-10-25 17:46 - 2010-11-07 18:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2017-10-25 17:46 - 2010-11-07 18:31 - 000064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2017-10-25 17:46 - 2010-10-03 00:45 - 000259928 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2017-10-25 17:46 - 2010-09-26 20:34 - 000232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2017-10-25 17:46 - 2010-09-23 04:21 - 000039672 _____ C:\Windows\system32\Drivers\RtPCEE3.DAT
2017-10-25 17:46 - 2010-07-22 03:37 - 000175200 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2017-10-25 17:46 - 2010-05-06 04:35 - 000252760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2017-10-25 17:46 - 2010-03-22 00:21 - 000247560 _____ C:\Windows\system32\Drivers\RTConvEQ.dat
2017-10-25 17:46 - 2010-03-22 00:21 - 000001448 _____ C:\Windows\system32\Drivers\RtHdatEx.dat
2017-10-25 17:46 - 2010-02-11 02:45 - 000000176 _____ C:\Windows\system32\Drivers\RTHDAEQ1.dat
2017-10-25 17:46 - 2010-01-26 08:52 - 000000520 _____ C:\Windows\system32\Drivers\RTEQEX3.dat
2017-10-25 17:46 - 2009-12-04 02:43 - 000132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2017-10-25 17:46 - 2009-11-23 20:55 - 000345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2017-10-25 17:46 - 2009-11-23 20:55 - 000185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2017-10-25 17:46 - 2009-11-23 20:55 - 000173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2017-10-25 17:46 - 2009-11-23 20:55 - 000140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2017-10-25 17:46 - 2009-11-18 05:42 - 001783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2017-10-25 17:46 - 2009-11-17 05:13 - 000096160 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2017-10-25 17:46 - 2008-08-21 00:43 - 000000520 _____ C:\Windows\system32\Drivers\RTEQEX2.dat
2017-10-25 17:46 - 2005-06-26 16:29 - 000000520 _____ C:\Windows\system32\Drivers\RTEQEX1.dat
2017-10-25 17:46 - 2005-06-26 16:29 - 000000520 _____ C:\Windows\system32\Drivers\RTEQEX0.dat
2017-10-25 17:43 - 2017-10-25 17:43 - 000000000 ____D C:\Program Files\Elantech
2017-10-25 17:43 - 2011-09-29 04:30 - 000490088 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2017-10-25 17:43 - 2011-09-29 04:30 - 000100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2017-10-25 17:43 - 2011-09-29 04:30 - 000080416 _____ C:\Windows\system32\RtNicProp32.dll
2017-10-25 17:39 - 2017-10-25 17:39 - 000001142 _____ C:\Users\Public\Desktop\Help.lnk
2017-10-25 17:39 - 2017-10-25 17:39 - 000000172 _____ C:\Windows\LMv4.UNI
2017-10-25 17:39 - 2017-10-25 17:39 - 000000000 ____D C:\Program Files\Launch Manager
2017-10-25 17:38 - 2017-10-25 17:46 - 000000000 ____D C:\Program Files\Realtek
2017-10-25 17:38 - 2017-10-25 17:38 - 000000000 ____D C:\Windows\system32\sda
2017-10-25 17:38 - 2011-05-30 03:03 - 000254056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2017-10-25 17:38 - 2011-02-14 22:37 - 009888360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtsPStorIcon.dll
2017-10-25 17:31 - 2017-10-25 17:31 - 000000000 ___HD C:\book
2017-10-25 17:12 - 2017-10-25 17:12 - 000000000 ____D C:\Users\Weaver\AppData\Roaming\Adobe
2017-10-25 17:08 - 2012-02-17 00:34 - 000826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-25 17:08 - 2012-02-16 23:14 - 000183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2017-10-25 17:08 - 2012-02-16 23:13 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2017-10-25 16:22 - 2017-10-25 16:22 - 000001424 _____ C:\Users\Weaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-25 16:21 - 2014-05-14 11:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-10-25 16:21 - 2014-05-14 11:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-10-25 16:20 - 2017-10-25 16:20 - 000057560 _____ C:\Users\Weaver\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-25 16:20 - 2017-10-25 16:20 - 000001967 _____ C:\Users\Public\Desktop\Netflix.lnk
2017-10-25 16:20 - 2017-10-25 16:20 - 000000020 ___SH C:\Users\Weaver\ntuser.ini
2017-10-25 16:20 - 2017-10-25 16:20 - 000000000 ____D C:\Users\Weaver\AppData\Local\VirtualStore
2017-10-25 16:20 - 2017-10-25 16:20 - 000000000 ____D C:\ProgramData\OEM_E471269A730D
2017-10-25 16:20 - 2014-05-14 11:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-10-25 16:20 - 2014-05-14 11:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-10-25 16:20 - 2014-05-14 11:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-10-25 16:20 - 2014-05-14 11:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-10-25 16:20 - 2014-05-14 11:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-10-25 16:20 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-10-25 16:20 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-10-25 16:20 - 2012-04-12 16:48 - 000000000 ____D C:\Users\Weaver\AppData\Roaming\Macromedia
2017-10-25 16:19 - 2017-10-25 16:22 - 000000000 ____D C:\Users\Weaver
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-26 11:53 - 2009-07-13 23:34 - 000016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-26 11:53 - 2009-07-13 23:34 - 000016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-26 11:13 - 2012-04-12 16:44 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-10-26 10:10 - 2010-11-20 16:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-26 10:10 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2017-10-26 10:04 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-25 19:02 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\rescache
2017-10-25 18:28 - 2009-07-13 23:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2017-10-25 18:14 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\system32\sysprep
2017-10-25 18:14 - 2007-07-11 20:49 - 000000000 ____D C:\Windows\Panther
2017-10-25 18:07 - 2012-04-12 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2017-10-25 18:07 - 2012-04-12 16:32 - 000000000 ____D C:\Program Files\Gateway
2017-10-25 18:04 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\Help
2017-10-25 18:02 - 2012-04-12 16:45 - 000000000 ____D C:\ProgramData\Norton
2017-10-25 17:56 - 2012-04-12 16:19 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-10-25 17:35 - 2012-04-12 16:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-10-25 17:35 - 2012-04-12 16:19 - 000000000 ____D C:\Program Files\Intel
2017-10-25 17:34 - 2009-07-13 23:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-25 17:33 - 2012-04-12 16:20 - 000000000 ___HD C:\Intel
2017-10-25 17:32 - 2012-04-12 16:26 - 000001504 _____ C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
2017-10-25 17:32 - 2012-04-12 16:26 - 000000000 ____D C:\ProgramData\WildTangent
2017-10-25 17:32 - 2011-02-11 11:20 - 000000000 ____D C:\Windows\DeployWinRE2
2017-10-25 16:27 - 2012-04-12 16:41 - 000000000 ____D C:\ProgramData\oem
2017-10-25 16:22 - 2012-04-12 16:45 - 000000000 ___HD C:\OEM
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-25 18:53
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2017
Ran by Weaver (26-10-2017 12:04:51)
Running from C:\Users\Weaver\Downloads
Microsoft Windows 7 Starter  Service Pack 1 (X86) (2017-10-25 21:19:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1767854687-1280924145-2151184522-500 - Administrator - Disabled)
Guest (S-1-5-21-1767854687-1280924145-2151184522-501 - Limited - Disabled)
Weaver (S-1-5-21-1767854687-1280924145-2151184522-1000 - Administrator - Enabled) => C:\Users\Weaver
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.222 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X86 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Evernote v. 4.5.2 (HKLM\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
Galería fotográfica de Windows Live (HKLM\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Power Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Gateway Incorporated)
Gateway Registration (HKLM\...\Gateway Registration) (Version: 1.04.3506 - Gateway Incorporated)
Gateway ScreenSaver (HKLM\...\Gateway Screensaver) (Version: 1.1.0121.2011 - Gateway Incorporated)
Gateway Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Gateway Incorporated)
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.62 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.7 - Gateway)
Mesh Runtime (HKLM\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Skype™ 5.5 (HKLM\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
Video Web Camera (HKLM\...\{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2624.00 - CyberLink Corp.) Hidden
Video Web Camera (HKLM\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2624.00 - CyberLink Corp.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-26] (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B5618BB-E47F-417C-8DDF-D4AD2BFBCD77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-26] (Google Inc.)
Task: {306DFF69-52F5-4EF9-AB9C-C628FFD91FAD} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {C306D1AF-959A-42B3-8F61-A67079DF7F1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-10-26] (Google Inc.)
Task: {D9164890-8046-4F7F-8F13-0B49B63486F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.gateway.com/redirect.aspx?rid=09000002
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-04-12 16:20 - 2012-04-12 16:20 - 000169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00550023dd81505c92ae1dddddc23441\IsdiInterop.ni.dll
2012-04-12 16:20 - 2010-11-06 02:50 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-10-26 09:25 - 2017-10-17 02:39 - 003075928 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.62\libglesv2.dll
2017-10-26 09:25 - 2017-10-17 02:39 - 000086872 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.62\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1767854687-1280924145-2151184522-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3B607BC4-BC04-4F0E-B334-86DE4A9C6596}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2F822892-21D9-432C-94B7-25909CD7EEA4}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{74A0814B-98DE-452C-A1DE-02B7192B498A}] => (Allow) LPort=2869
FirewallRules: [{BFC07219-5908-4AF2-86C4-5DD9B61429DF}] => (Allow) LPort=1900
FirewallRules: [{0A517778-33BF-4C15-ADDC-BF496AEC174C}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{AC19DDBB-6284-41BA-9C19-B6CD77580670}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-10-2017 16:20:08 Windows Update
25-10-2017 17:00:36 Removed eBay Worldwide
25-10-2017 17:12:31 Windows Update
25-10-2017 17:12:54 Removed Fooz Kids
25-10-2017 17:27:53 Removed Fooz Kids Platform
25-10-2017 17:54:05 Configured Social Networks
25-10-2017 17:56:37 Removed Microsoft Office 2010
25-10-2017 18:05:17 Removed Norton Online Backup
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/26/2017 10:04:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/26/2017 09:59:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: Weaver-PC)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.
 
Error: (10/26/2017 08:56:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: Weaver-PC)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.
 
Error: (10/25/2017 06:04:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/25/2017 05:20:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (10/26/2017 11:43:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
 
Error: (10/26/2017 10:03:06 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (10/25/2017 06:22:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (10/25/2017 06:22:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/25/2017 06:22:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU N2600 @ 1.60GHz
Percentage of memory in use: 74%
Total physical RAM: 1012.3 MB
Available physical RAM: 257.18 MB
Total Virtual: 2181.3 MB
Available Virtual: 1060.77 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:263.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 579D6746)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#3
lesadale

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Process CPU Private Bytes Working Set PID Description Company Name
System Idle Process 61.78 0 K 24 K 0
TrustedInstaller.exe 24.54 208,648 K 123,868 K 4104 Windows Modules Installer Microsoft Corporation
procexp (1).exe 5.38 16,896 K 28,076 K 5844 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Zoom.exe 1.53 115,676 K 6,592 K 1524 Zoom Meetings Zoom Video Communications, Inc.
audiodg.exe 1.34 20,988 K 7,220 K 836
Interrupts 0.84 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.68 4,376 K 4,652 K 524
explorer.exe 0.30 27,972 K 13,108 K 2336 Windows Explorer Microsoft Corporation
System 0.62 52 K 224 K 4
svchost.exe < 0.01 59,632 K 42,932 K 956 Host Process for Windows Services Microsoft Corporation
Zoom.exe 0.45 24,244 K 5,060 K 1120 Zoom Meetings Zoom Video Communications, Inc.
lsass.exe 4,276 K 3,440 K 584 Local Security Authority Process Microsoft Corporation
svchost.exe 0.07 236,116 K 30,380 K 1000 Host Process for Windows Services Microsoft Corporation
ETDCtrl.exe 0.11 3,544 K 1,728 K 2724 ETD Control Center ELAN Microelectronics Corp.
svchost.exe 0.01 4,468 K 3,096 K 828 Host Process for Windows Services Microsoft Corporation
svchost.exe 0.01 19,764 K 6,668 K 1344 Host Process for Windows Services Microsoft Corporation
services.exe 0.02 4,968 K 3,396 K 576
IAStorDataMgrSvc.exe 0.02 14,852 K 1,312 K 1204 IAStorDataSvc Intel Corporation
svchost.exe 0.02 3,468 K 2,204 K 748 Host Process for Windows Services Microsoft Corporation
dsiwmis.exe 0.01 1,960 K 280 K 1644 Dritek WMI Service Dritek System Inc.
chrome.exe 1.93 44,908 K 54,380 K 1200 Google Chrome Google Inc.
RIconMan.exe < 0.01 1,444 K 252 K 1788 Realtek Card Reader Icon Tool. Realsil Microelectronics Inc.
SearchIndexer.exe < 0.01 19,388 K 7,344 K 3432 Microsoft Windows Search Indexer Microsoft Corporation
LMworker.exe 5,408 K 336 K 2932
svchost.exe 0.01 8,488 K 4,480 K 1132 Host Process for Windows Services Microsoft Corporation
wmpnetwk.exe 4,220 K 2,648 K 3564 Windows Media Player Network Sharing Service Microsoft Corporation
csrss.exe 1,404 K 984 K 456
svchost.exe < 0.01 6,220 K 3,284 K 1732 Host Process for Windows Services Microsoft Corporation
wuauclt.exe 3,124 K 2,136 K 5572
WmiPrvSE.exe 2,340 K 2,600 K 3112
winlogon.exe 1,956 K 48 K 624
wininit.exe 1,088 K 44 K 516
VSSVC.exe 1,800 K 5,116 K 1508 Microsoft® Volume Shadow Copy Service Microsoft Corporation
UpdaterService.exe 812 K 52 K 1824 Updater Service Acer Incorporated
unsecapp.exe 1,360 K 1,356 K 3232 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
taskhost.exe 7,136 K 1,588 K 2192 Host Process for Windows Tasks Microsoft Corporation
taskhost.exe 4,296 K 64 K 728
taskeng.exe 1,216 K 424 K 4804
svchost.exe < 0.01 146,620 K 19,876 K 2700 Host Process for Windows Services Microsoft Corporation
svchost.exe 10,040 K 3,048 K 1492 Host Process for Windows Services Microsoft Corporation
svchost.exe 26,292 K 8,788 K 916 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,328 K 3,940 K 5132 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,932 K 48 K 1264 Host Process for Windows Services Microsoft Corporation
spoolsv.exe 4,768 K 872 K 1464 Spooler SubSystem App Microsoft Corporation
smss.exe 320 K 52 K 308
RtHDVCpl.exe 14,084 K 1,576 K 2796 Realtek HD Audio Manager Realtek Semiconductor
PresentationFontCache.exe 11,600 K 760 K 3168 PresentationFontCache.exe Microsoft Corporation
mscorsvw.exe 3,456 K 4,124 K 5980 .NET Runtime Optimization Service Microsoft Corporation
lsm.exe 1,812 K 1,160 K 592
LMutilps32.exe 2,100 K 68 K 1700
LManager.exe 12,584 K 1,988 K 2676 Launch Manager Dritek System Inc.
igfxtray.exe 1,540 K 400 K 2552 igfxTray Module Intel Corporation
igfxsrvc.exe 3,144 K 492 K 2632 igfxsrvc Module Intel Corporation
igfxpers.exe 2,344 K 592 K 2568 persistence Module Intel Corporation
igfxext.exe 1,516 K 592 K 3188 igfxext Module Intel Corporation
hkcmd.exe 1,760 K 412 K 2560 hkcmd Module Intel Corporation
GREGsvc.exe 688 K 48 K 1764 Global Registration Service Acer Incorporated
GoogleUpdate.exe 1,532 K 36 K 4936
GoogleCrashHandler.exe 1,192 K 52 K 3924
ETDCtrlHelper.exe 1,844 K 544 K 3752
ePowerTray.exe 2,916 K 772 K 2804 ePowerTray Acer Incorporated
ePowerSvc.exe 1,788 K 48 K 1692 ePowerSvc Acer Incorporated
ePowerEvent.exe 964 K 156 K 3372
dwm.exe 1,232 K 1,752 K 2284 Desktop Window Manager Microsoft Corporation
chrome.exe 0.31 47,164 K 57,960 K 4620 Google Chrome Google Inc.
chrome.exe 66,252 K 48,400 K 3248 Google Chrome Google Inc.
chrome.exe 1,344 K 1,408 K 5364 Google Chrome Google Inc.
chrome.exe 1,592 K 376 K 6100 Google Chrome Google Inc.
armsvc.exe 880 K 40 K 1580 Adobe Acrobat Update Service Adobe Systems Incorporated
 
==========================================================================
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       308 N/A                                         
csrss.exe                      456 N/A                                         
wininit.exe                    516 N/A                                         
csrss.exe                      524 N/A                                         
services.exe                   576 N/A                                         
lsass.exe                      584 KeyIso, SamSs                               
lsm.exe                        592 N/A                                         
winlogon.exe                   624 N/A                                         
svchost.exe                    748 DcomLaunch, PlugPlay, Power                 
svchost.exe                    828 RpcEptMapper, RpcSs                         
svchost.exe                    916 Audiosrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                    956 AudioEndpointBuilder, hidserv, Netman,      
                                   PcaSvc, SysMain, TrkWks, UxSms,             
                                   WdiSystemHost, Wlansvc                      
svchost.exe                   1000 AeLookupSvc, Appinfo, BITS, EapHost, gpsvc, 
                                   IKEEXT, iphlpsvc, LanmanServer, MMCSS,      
                                   ProfSvc, Schedule, SENS, ShellHWDetection,  
                                   Themes, Winmgmt, wuauserv                   
svchost.exe                   1132 EventSystem, fdPHost, netprofm, nsi,        
                                   W32Time, WdiServiceHost, WinHttpAutoProxySv 
svchost.exe                   1344 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
spoolsv.exe                   1464 Spooler                                     
svchost.exe                   1492 BFE, DPS, MpsSvc                            
armsvc.exe                    1580 AdobeARMservice                             
dsiwmis.exe                   1644 DsiWMIService                               
ePowerSvc.exe                 1692 ePowerSvc                                   
LMutilps32.exe                1700 N/A                                         
svchost.exe                   1732 FDResPub, FontCache, SSDPSRV                
GREGsvc.exe                   1764 GREGService                                 
RIconMan.exe                  1788 IconMan_R                                   
UpdaterService.exe            1824 Live Updater Service                        
svchost.exe                   1264 PolicyAgent                                 
taskhost.exe                  2192 N/A                                         
dwm.exe                       2284 N/A                                         
explorer.exe                  2336 N/A                                         
igfxtray.exe                  2552 N/A                                         
hkcmd.exe                     2560 N/A                                         
igfxpers.exe                  2568 N/A                                         
igfxsrvc.exe                  2632 N/A                                         
LManager.exe                  2676 N/A                                         
ETDCtrl.exe                   2724 N/A                                         
RtHDVCpl.exe                  2796 N/A                                         
ePowerTray.exe                2804 N/A                                         
LMworker.exe                  2932 N/A                                         
WmiPrvSE.exe                  3112 N/A                                         
PresentationFontCache.exe     3168 FontCache3.0.0.0                            
igfxext.exe                   3188 N/A                                         
unsecapp.exe                  3232 N/A                                         
ePowerEvent.exe               3372 N/A                                         
SearchIndexer.exe             3432 WSearch                                     
wmpnetwk.exe                  3564 WMPNetworkSvc                               
ETDCtrlHelper.exe             3752 N/A                                         
GoogleCrashHandler.exe        3924 N/A                                         
IAStorDataMgrSvc.exe          1204 IAStorDataMgrSvc                            
svchost.exe                   2700 WinDefend                                   
taskhost.exe                   728 N/A                                         
taskeng.exe                   4804 N/A                                         
TrustedInstaller.exe          4104 TrustedInstaller                            
wuauclt.exe                   5572 N/A                                         
audiodg.exe                    836 N/A                                         
Zoom.exe                      1120 N/A                                         
mscorsvw.exe                  5980 clr_optimization_v4.0.30319_32              
Zoom.exe                      1524 N/A                                         
chrome.exe                    1200 N/A                                         
chrome.exe                    5364 N/A                                         
chrome.exe                    6100 N/A                                         
chrome.exe                    3248 N/A                                         
chrome.exe                    4620 N/A                                         
VSSVC.exe                     1508 VSS                                         
svchost.exe                   5132 swprv                                       
procexp (1).exe               5844 N/A                                         
notepad.exe                   3772 N/A                                         
cmd.exe                       3480 N/A                                         
conhost.exe                   2888 N/A                                         
tasklist.exe                  4972 N/A                                         
WmiPrvSE.exe                  5072 N/A                                         
 
 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
System Idle Process 61.78 0 K 24 K 0
TrustedInstaller.exe 24.54 208,648 K 123,868 K 4104 Windows Modules Installer Microsoft Corporation
 

 

Appears that it is trying to install something right now.

 

 

 

Windows Update probably needs some tweaking. 

 

Try:

 

System Update Readiness Tool for Windows 7


This one for 32 bit:
https://www.microsof...ls.aspx?id=3132


Once that runs then get

 KB3083710 and KB3102810

https://support.micr...n-us/kb/3083710

https://support.micr...n-us/kb/3102810

 

If you don't already have them.

 

Your Intel® Rapid Storage Technology program is out of date.  Yours is version 10 and they are currently offering Version 15.  This is how windows talks to the hard drive so can slow things down if it is not happy.  https://downloadcent...logy-Intel-RST-

 

Your hard drive is getting a bit tired.  It shows a lot of Reallocated Sectors.  These are bad spots on the drive.  The drive makers plan for these and when a sector goes bad they start using a spare sector.  Problem is you have already used 240 spares and it may not have many more left.  You may want to clone the drive in the near future.

 

You only have 1 GB of RAM.  You have a spare slot so you could add RAM.  Amazon has Samsung 2GB DDR3 RAM PC3-10600 204-Pin Laptop SODIMM for $12.  This would triple your available RAM and make a big difference in speed.

 

Since you have so many bad spots you should probably take the time to run a disk check:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after the line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Run a new  Process Explorer log.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP