Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very slow starting, running, unresponsive


  • Please log in to reply

#1
scgal

scgal

    Member

  • Member
  • PipPip
  • 42 posts

My pc is Windows 7, 64 bit. I'd been getting fake firefox and chrome updates (which I never downloaded) for 2 or 3 months. I don't know if that has anything to do with the current problem. My pc will hang up at a black screen when starting. Sometimes I can leave it for 30 mins or longer and it will finally let me open a browser. Other times I have to manually shut down with the power button and restart and wait again. Firefox, chrome and microsoft word all become unresponsive and freezes the pc. I'm not always able to bring up task manager. Today I had a popup from Avast that a program was trying to shut it down. I had opened Avast because it had a red x on it. Before I could look for additional info, the message box disappeared. I've also been getting Rundll32 error messages in the last couple of weeks. Thanks for any help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by admin (administrator) on ADMIN-PC (05-02-2017 15:52:14)
Running from C:\Users\admin\Desktop
Loaded Profiles: UpdatusUser & admin (Available Profiles: UpdatusUser & admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_IATIGMA.EXE
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\EBAPIX32.EXE
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6561384 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [BDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-29] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-03] (AVAST Software)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-07-21] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1059993662-1372181460-191102540-1001\...\Run: [WorkForce 840(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1059993662-1372181460-191102540-1001\...\MountPoints2: {7a89f036-fe4b-11e4-a7dd-88532e0a244e} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-12-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-11-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-11-29] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-03] (AVAST Software)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2011-04-03]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{313ECD33-58F5-4C83-82B5-3AA1C2F93A66}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{984CB5E6-A41C-4A94-8019-03F70F34A43B}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1059993662-1372181460-191102540-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://drudgereport.com/
SearchScopes: HKLM -> DefaultScope {DAB3E8FF-249B-45A5-AB3A-23D1AB1ED25E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {DAB3E8FF-249B-45A5-AB3A-23D1AB1ED25E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {4EE3F2DA-78CE-4419-85F8-45FA2E8E90A5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {4EE3F2DA-78CE-4419-85F8-45FA2E8E90A5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1059993662-1372181460-191102540-1001 -> DefaultScope {DAB3E8FF-249B-45A5-AB3A-23D1AB1ED25E} URL = 
SearchScopes: HKU\S-1-5-21-1059993662-1372181460-191102540-1001 -> {4EE3F2DA-78CE-4419-85F8-45FA2E8E90A5} URL = 
SearchScopes: HKU\S-1-5-21-1059993662-1372181460-191102540-1001 -> {DAB3E8FF-249B-45A5-AB3A-23D1AB1ED25E} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-03] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1059993662-1372181460-191102540-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
 
FireFox:
========
FF DefaultProfile: o5bmnvka.default
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\o5bmnvka.default [2017-02-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-11-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-11-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-02-05]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-19]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-08]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-03] (AVAST Software)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed]
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-03] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-05] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-05] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-05] (Malwarebytes)
S3 NvStUSB; C:\Windows\system32\DRIVERS\nvstusb.sys [121960 2010-12-12] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-05 15:52 - 2017-02-05 16:01 - 00017908 _____ C:\Users\admin\Desktop\FRST.txt
2017-02-05 15:51 - 2017-02-05 15:52 - 00000000 ____D C:\FRST
2017-02-05 15:39 - 2017-02-05 15:39 - 02421248 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2017-02-04 21:07 - 2017-02-04 21:07 - 00000000 ____D C:\Users\admin\AppData\Local\{CFC8F98C-F3EF-4A93-8361-A65B9C1AD8A5}
2017-02-04 21:02 - 2017-02-04 21:02 - 00000000 ____D C:\Users\admin\AppData\Local\{B60B359E-A0F8-491A-A10B-CD712FA6A03A}
2017-02-04 19:04 - 2017-02-04 19:04 - 00000000 ____D C:\Users\admin\AppData\Local\{DA08FA3C-8BAE-486F-9125-3101FDE93519}
2017-02-03 21:11 - 2017-02-03 21:11 - 00000000 ____D C:\Users\admin\AppData\Local\{8085B54A-6A80-4C9A-958B-70060A53A959}
2017-01-30 22:46 - 2017-01-30 22:46 - 00000000 ____D C:\Users\admin\AppData\Local\{1127486E-D5F6-4532-B496-1A73CC9A55BE}
2017-01-29 16:14 - 2017-01-29 16:14 - 00000000 ____D C:\Users\admin\AppData\Local\{055728DF-D983-4A7B-99E9-8340976790B7}
2017-01-29 16:03 - 2017-01-29 16:03 - 00000000 ____D C:\Users\admin\AppData\Local\{FACB8A3E-4D0F-4361-A552-CC396ADF9386}
2017-01-29 01:16 - 2017-01-29 01:16 - 00000000 ____D C:\Users\admin\AppData\Local\{F9D12E14-A5F1-496B-99F1-59BA4B932F24}
2017-01-28 23:54 - 2017-01-28 23:54 - 00000000 ____D C:\Users\admin\AppData\Local\{4A58EFB4-9D75-48D2-A95C-21002C3956E8}
2017-01-28 23:31 - 2017-01-28 23:31 - 00000000 ____D C:\Users\admin\AppData\Local\{83342D63-4D18-4B4A-AE45-C0687B4B9602}
2017-01-28 23:27 - 2017-01-28 23:27 - 00000000 ____D C:\Users\admin\AppData\Local\{6E3DD371-9400-4960-8960-A6314006AFD4}
2017-01-28 23:25 - 2017-01-28 23:25 - 00000000 ____D C:\Users\admin\AppData\Local\{41D3232F-AFB1-4C0E-B05C-02F56C16F150}
2017-01-28 23:23 - 2017-01-28 23:23 - 00000000 ____D C:\Users\admin\AppData\Local\{B89535F9-F216-44F3-99C4-E9F034779C15}
2017-01-27 21:24 - 2017-02-05 15:35 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-27 21:24 - 2017-02-05 14:25 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-27 21:24 - 2017-02-05 14:25 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-27 21:24 - 2017-02-05 14:25 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-27 21:24 - 2017-01-27 21:24 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-27 21:24 - 2017-01-27 21:24 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-27 21:24 - 2017-01-27 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-27 21:24 - 2017-01-27 21:24 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-27 21:24 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-27 21:22 - 2017-01-27 21:22 - 55566792 _____ (Malwarebytes ) C:\Users\admin\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-01-26 01:13 - 2017-01-26 01:13 - 00000000 ____D C:\Users\admin\AppData\Local\{11610967-88B2-47C0-B569-8AE0AE1F5601}
2017-01-21 21:40 - 2017-01-21 21:40 - 00000000 ____D C:\Users\admin\AppData\Local\{0788FF7C-3B48-40A8-9346-2EEAB2D9F061}
2017-01-20 16:47 - 2017-01-20 16:47 - 00670752 _____ C:\Windows\Minidump\012017-21512-01.dmp
2017-01-14 03:49 - 2017-01-14 03:49 - 00075049 _____ C:\Users\admin\Downloads\Eula Scott Caudle Obituary.pdf
2017-01-11 12:48 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 12:48 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 12:48 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 12:48 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 12:48 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 12:48 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 12:48 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 12:48 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 12:48 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 12:48 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 12:48 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 12:48 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 12:48 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-09 16:35 - 2017-01-09 16:35 - 00666608 _____ C:\Windows\Minidump\010917-31683-01.dmp
2017-01-09 00:57 - 2017-01-09 00:58 - 00670752 _____ C:\Windows\Minidump\010917-27159-01.dmp
2017-01-08 19:13 - 2017-01-08 19:13 - 00692376 _____ C:\Windows\Minidump\010817-29593-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-05 15:40 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-05 15:40 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-05 15:30 - 2015-05-19 14:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-05 14:22 - 2009-07-14 00:13 - 00782244 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-05 14:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-05 14:20 - 2015-05-10 18:22 - 00000000 ____D C:\Users\admin\AppData\Local\SoftThinks
2017-02-05 14:14 - 2011-04-03 19:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-05 14:10 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-05 04:01 - 2016-04-20 19:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\SoftGrid Client
2017-02-05 03:33 - 2015-05-19 14:08 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 03:33 - 2015-05-19 14:08 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-04 23:29 - 2016-11-18 04:46 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2017-02-04 16:43 - 2009-07-14 00:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-27 21:24 - 2016-07-03 22:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-27 20:56 - 2015-05-10 18:20 - 00000000 ____D C:\Users\admin
2017-01-27 20:24 - 2016-11-18 03:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-27 20:24 - 2016-04-16 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-26 00:25 - 2015-05-10 18:20 - 00074856 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-24 16:35 - 2015-05-19 14:08 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-22 14:01 - 2016-05-28 19:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 16:47 - 2016-05-07 02:20 - 615069692 _____ C:\Windows\MEMORY.DMP
2017-01-20 16:47 - 2016-05-07 02:20 - 00000000 ____D C:\Windows\Minidump
2017-01-14 13:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-13 03:03 - 2015-05-19 14:13 - 00000000 ____D C:\Windows\system32\MRT
2017-01-13 03:00 - 2015-05-19 14:13 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-12 14:24 - 2016-05-28 19:00 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 18:30 - 2015-05-19 14:34 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 18:30 - 2015-05-19 14:34 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 18:30 - 2015-05-19 14:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 18:30 - 2015-05-19 14:34 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 18:30 - 2011-04-03 18:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-09 15:20 - 2011-04-03 18:20 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
 
Files to move or delete:
====================
C:\Users\admin\jobq.dat
 
 
Some files in TEMP:
====================
2016-07-26 01:46 - 2016-07-26 01:46 - 0741440 _____ (Oracle Corporation) C:\Users\admin\AppData\Local\Temp\jre-8u101-windows-au.exe
2015-12-20 14:15 - 2015-12-20 14:15 - 0585824 _____ (Oracle Corporation) C:\Users\admin\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-04-15 21:50 - 2016-04-15 21:50 - 0736320 _____ (Oracle Corporation) C:\Users\admin\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-04-27 11:27 - 2016-04-27 11:27 - 0739904 _____ (Oracle Corporation) C:\Users\admin\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-05-19 13:42 - 2010-08-13 12:19 - 0468232 _____ (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\MSN873C.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-24 12:06
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by admin (05-02-2017 16:04:20)
Running from C:\Users\admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-05-10 23:20:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-1059993662-1372181460-191102540-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1059993662-1372181460-191102540-500 - Administrator - Disabled)
Guest (S-1-5-21-1059993662-1372181460-191102540-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1059993662-1372181460-191102540-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.3522 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1303 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1303 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DNAGedcom Client (HKU\S-1-5-21-1059993662-1372181460-191102540-1001\...\de853180d47c1483) (Version: 1.4.6.1 - DNAGedcom)
Epson Event Manager (HKLM-x32\...\{089EC7B5-6480-4478-ACF0-DEFD4047343C}) (Version: 2.40.0004 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 840 Series Printer Uninstall (HKLM\...\EPSON WorkForce 840 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0511 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 265.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 265.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 265.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 265.94 - NVIDIA Corporation)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {257C49CC-64E7-416D-921D-42B5703F1A24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {460DCC56-9B46-48CF-80EF-C90BE9C71F53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {828E5672-0E49-4A79-A145-70399172E0B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {99E6C758-5A5B-43C4-B062-1563A602C5D2} - System32\Tasks\SafeZone scheduled Autoupdate 1460784445 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {CC32170C-E683-4423-90AC-1F72F30C4CA9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {E6587B1B-A8FE-4EFD-B7F0-426D9B58C444} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {FF2D6650-BEE6-47F0-B11D-7D008D2A0870} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-03] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2017-01-27 21:24 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-27 21:24 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-27 21:24 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 00781536 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2011-04-03 20:35 - 2010-11-29 07:34 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2011-04-03 18:08 - 2010-12-17 10:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 00056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 00113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 01121504 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 00077024 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 00232672 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 00072928 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 00109792 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-04-03 18:21 - 2010-08-11 18:19 - 00119008 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2017-01-03 00:56 - 2017-01-03 00:56 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-01-03 00:55 - 2017-01-03 00:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-03 00:55 - 2017-01-03 00:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-05 12:50 - 2017-02-05 12:50 - 05731328 _____ () C:\Program Files\AVAST Software\Avast\defs\17020500\algo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1059993662-1372181460-191102540-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: WorkForce 840(Network) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S2C05.tmp" /EF "HKCU"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{27439067-D982-4C48-851C-8F319446ACD2}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{3F5B49B1-F073-4F35-AFA2-38BE4306816D}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{661DFBF4-46C5-40CF-A240-0CAC8EFCDCB9}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3F0C20C8-B0EC-468B-9218-ECED32841F53}] => C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{F8EFC4F0-C167-4041-BE84-2F0B5DA99C13}] => c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{EBE78BE6-8D02-4EE0-8430-76023F78F4F1}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{455DA244-86CD-4F00-B685-59388C58B271}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FFCD2F20-C8C1-4317-9341-E8AC8A969ABF}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{611BD93B-FAEF-4AA4-90F4-6871B70BE105}] => LPort=2869
FirewallRules: [{44F8171F-56FD-4258-B6C8-A438BFFF2A91}] => LPort=1900
FirewallRules: [{8AF1CB26-B9F6-45B4-9143-02F5992ECF14}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{780A458C-32BD-4F23-B15D-197B6BC39FD6}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{41A3C70B-B97C-415B-8558-C634005A0BFD}] => c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{41A8B02B-44E7-4B69-B05A-9FFC94A771F0}] => c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{E685552D-AA7F-4D70-B893-EC9754E2BE5C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC6FB0DA-8690-4A70-BA21-46105E8A3573}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{336B8D5B-ACF4-456E-A96D-E546E92CD912}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{685378AB-FFCF-4CEC-BBA8-E3EA866C0929}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{836FFF2C-0395-41B6-9E3E-DADAA3086364}] => C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{303BD5F1-46DB-4108-9E1E-553C8C7CE92E}] => C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{A1140B99-AAAE-4D48-8E2F-80B2B72E655B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{BC299FDA-ED7D-47EE-AD40-694911978D56}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{8FD150BF-E3DF-43AF-80A7-172EC506713B}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{64A256B5-49E8-48E6-B7EB-DF67175713B4}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D2377FD5-BFC8-4374-A571-F97D1F35BCFB}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
01-02-2017 19:17:37 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/04/2017 04:45:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (02/04/2017 04:44:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (02/04/2017 04:42:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x448
Faulting application start time: 0x01d27f256e7a9d0b
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: unknown
Report Id: d8f1f710-eb22-11e6-a486-88532e0a244e
 
Error: (02/04/2017 03:34:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0651
Exception code: 0xc0000005
Fault offset: 0x0000000000026483
Faulting process id: 0xe40
Faulting application start time: 0x01d27f25decd8bf9
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5e55fb62-eb19-11e6-a486-88532e0a244e
 
Error: (02/03/2017 10:33:54 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (02/03/2017 10:32:38 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (02/02/2017 08:38:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.413, time stamp: 0x5889cb24
Exception code: 0xc0000005
Fault offset: 0x0000a4bc
Faulting process id: 0x1864
Faulting application start time: 0x01d27dbe2ed8ecd8
Faulting application path: C:\Windows\SysWOW64\rundll32.exe
Faulting module path: C:\Program Files\AVAST Software\Avast\defs\17020201\bcuengine.dll
Report Id: 6d72f81b-e9b1-11e6-97fe-88532e0a244e
 
Error: (02/02/2017 08:36:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.413, time stamp: 0x5889cb24
Exception code: 0xc0000005
Fault offset: 0x0000a4bc
Faulting process id: 0x1bcc
Faulting application start time: 0x01d27dbde057803c
Faulting application path: C:\Windows\SysWOW64\rundll32.exe
Faulting module path: C:\Program Files\AVAST Software\Avast\defs\17020201\bcuengine.dll
Report Id: 3597f5f4-e9b1-11e6-97fe-88532e0a244e
 
Error: (02/02/2017 08:35:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d
Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950
Exception code: 0xc0000005
Fault offset: 0x0000000000023c00
Faulting process id: 0xb40
Faulting application start time: 0x01d27db45123a38c
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\system32\devinv.dll
Report Id: 15b86cfc-e9b1-11e6-97fe-88532e0a244e
 
Error: (02/02/2017 07:27:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
 
System errors:
=============
Error: (02/05/2017 02:37:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/05/2017 02:37:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (02/05/2017 02:30:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/05/2017 02:30:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.
 
Error: (02/05/2017 02:30:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (02/05/2017 02:29:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service Bluetooth Media Service with arguments "" in order to run the server:
{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}
 
Error: (02/05/2017 02:29:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Media Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/05/2017 02:29:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Media Service service to connect.
 
Error: (02/05/2017 02:27:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/05/2017 02:27:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2720QM CPU @ 2.20GHz
Percentage of memory in use: 27%
Total physical RAM: 8106.17 MB
Available physical RAM: 5865.96 MB
Total Virtual: 16210.53 MB
Available Virtual: 13966.06 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:518 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,715 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

  • 0

#3
scgal

scgal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Thank you for your help. That was a lot of instruction and work on your part. I really appreciate it. I hope I did it correctly!

 

When I ran the sfc /scannow, it got to 99% and said Windows Resource Protection could not perform the requested operation. Since it didn't say it couldn't fix everything, I did not run the next step. 

 

When I ran VEW.exe the 2nd time for Application, I selected Error & Warning as I did for system. 

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 97.56 0 K 24 K 0
procexp64.exe 0.88 37,408 K 60,592 K 1812 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.29 0 K 0 K n/a Hardware Interrupts and DPCs
SynTPEnh.exe 0.19 11,748 K 17,964 K 5092 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
dwm.exe 0.19 72,932 K 61,896 K 1512 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.15 3,760 K 35,576 K 752 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MBAMService.exe 0.08 323,284 K 346,424 K 4080 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
explorer.exe 0.06 54,908 K 79,676 K 1872 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System 0.05 120 K 328 K 4
chrome.exe 0.05 64,648 K 143,964 K 4680 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.04 7,132 K 13,168 K 972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 0.02 3,096 K 5,812 K 4128 Local Manageability Service Intel Corporation (Verified) Intel Corporation
FF_Protection.exe 0.02 2,672 K 7,784 K 2780 FF_Protection MFC Application (Verified) STMicroelectronics
eEBSvc.exe 0.02 6,404 K 9,016 K 1888 eEBAPI Core Process module SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
AvastSvc.exe 0.01 190,872 K 40,960 K 1544 avast! Service AVAST Software (Verified) AVAST Software a.s.
chrome.exe 0.01 55,632 K 105,328 K 2408 Google Chrome Google Inc. (Verified) Google Inc
NOBuAgent.exe 0.01 3,844 K 7,348 K 2328 Dell DataSafe Online Service Dell, Inc. (Verified) Symantec Corporation
daemonu.exe < 0.01 3,800 K 9,348 K 2468 NVIDIA Settings Update Manager NVIDIA Corporation (Verified) NVIDIA Corporation
AvastUI.exe < 0.01 16,492 K 29,312 K 5356 avast! Antivirus AVAST Software (Verified) AVAST Software s.r.o.
TurboBoost.exe < 0.01 3,068 K 7,432 K 4644 Turbo Boost Monitor Service Intel® Corporation (Verified) Intel® Software
SignalIslandUi.exe < 0.01 90,860 K 80,544 K 5636 Intel® Turbo Boost Technology Monitor 2.0 Intel® Corporation (Verified) Intel® Software
svchost.exe < 0.01 14,772 K 23,364 K 368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 38,188 K 57,444 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 3,248 K 6,032 K 640 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 28,352 K 32,336 K 1440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE < 0.01 8,152 K 17,212 K 3860 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe < 0.01 8,264 K 13,288 K 4532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 25,060 K 17,676 K 3520 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 8,120 K 10,048 K 2096 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe < 0.01 11,780 K 19,636 K 1240 NVIDIA Driver Helper Service, Version 265.94 NVIDIA Corporation (Verified) NVIDIA Corporation
sftlist.exe < 0.01 14,076 K 24,720 K 2436 Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
mediasrv.exe < 0.01 4,640 K 8,656 K 5624 Bluetooth Media Service Intel Corporation (No signature was present in the subject) Intel Corporation
hkcmd.exe < 0.01 5,136 K 12,700 K 4332 hkcmd Module Intel Corporation (Verified) Intel Corporation
igfxtray.exe < 0.01 4,804 K 9,196 K 3448 igfxTray Module Intel Corporation (Verified) Intel Corporation
btplayerctrl.exe < 0.01 2,612 K 6,380 K 5148 Bluetooth Media Player Controller Intel Corporation (No signature was present in the subject) Intel Corporation
svchost.exe < 0.01 3,328 K 7,788 K 3812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
UNS.exe < 0.01 3,708 K 8,244 K 5548 User Notification Service Intel Corporation (Verified) Intel Corporation
CVH.EXE < 0.01 6,508 K 16,248 K 7132 Microsoft Office Client Virtualization Handler Microsoft Corporation (Verified) Microsoft Corporation
CVHSVC.EXE < 0.01 8,004 K 16,352 K 2796 Microsoft Office Client Virtualization Service Microsoft Corporation (Verified) Microsoft Corporation
obexsrv.exe < 0.01 3,072 K 7,404 K 4020 Bluetooth OBEX Service Intel Corporation (No signature was present in the subject) Intel Corporation
WmiPrvSE.exe 7,308 K 13,384 K 4136 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2,580 K 4,912 K 2516 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
wlanext.exe 13,804 K 23,968 K 1552 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 4,452 K 9,776 K 804 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 2,572 K 5,728 K 732 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 3,384 K 7,724 K 5384 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 2,856 K 6,556 K 2888 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 11,164 K 13,168 K 1748 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 2,840 K 5,248 K 5248 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 195,460 K 201,388 K 632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 17,276 K 18,696 K 1704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,528 K 11,680 K 352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 25,520 K 27,044 K 520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,556 K 7,264 K 292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,768 K 6,112 K 2164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,788 K 12,576 K 2236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
STService.exe 9,548 K 16,448 K 5048 ST Service Scheduling (Verified) SoftThinks
spoolsv.exe 9,132 K 14,936 K 1676 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 744 K 1,448 K 476 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
sftvsa.exe 1,748 K 5,360 K 3192 Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
SftService.exe 4,300 K 8,432 K 2980 SoftThinks Agent Service SoftThinks SAS (Verified) Dell Inc
services.exe 7,940 K 12,176 K 848 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 3,372 K 8,352 K 4632 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 4,436 K 11,656 K 4240 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 12,132 K 12,280 K 4892 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RegSrvc.exe 3,720 K 8,308 K 2508 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
RAVBg64.exe 12,688 K 12,764 K 3440 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
quickset.exe 11,060 K 14,112 K 5324 QuickSet Dell Inc. (Verified) Dell Inc
procexp.exe 2,584 K 7,924 K 1916 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 27,800 K 19,232 K 4396 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
OSPPSVC.EXE 3,740 K 11,188 K 3896 Microsoft Office Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Corporation
OFFICEVIRT.EXE 2,692 K 6,624 K 4448 (Verified) Microsoft Corporation
NvXDSync.exe 9,748 K 19,588 K 1228 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 3,988 K 9,120 K 144 NVIDIA Driver Helper Service, Version 265.94 NVIDIA Corporation (Verified) NVIDIA Corporation
nvSCPAPISvr.exe 2,568 K 6,072 K 3460 Stereo Vision Control Panel API Server NVIDIA Corporation (Verified) NVIDIA Corporation
mbamtray.exe 17,472 K 26,132 K 3124 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe 3,336 K 5,260 K 864 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 7,936 K 16,460 K 856 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
igfxpers.exe 5,776 K 12,304 K 2172 persistence Module Intel Corporation (Verified) Intel Corporation
iFrmewrk.exe 14,580 K 26,284 K 4284 Intel® PROSet/Wireless Framework Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
EvtEng.exe 13,192 K 20,632 K 2284 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
E_IATIGMA.EXE 4,076 K 8,988 K 5552 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) Microsoft Windows Hardware Compatibility Publisher
devmonsrv.exe 2,940 K 7,132 K 2108 Bluetooth Device Monitor Intel Corporation (No signature was present in the subject) Intel Corporation
conhost.exe 1,996 K 4,152 K 1560 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 87,964 K 96,544 K 1060 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4,968 K 9,632 K 6616 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5,072 K 11,008 K 6732 Google Chrome Google Inc. (Verified) Google Inc
brs.exe 1,372 K 4,484 K 2848 brs cyberlink (Verified) CyberLink
audiodg.exe 21,272 K 20,716 K 1112 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,368 K 4,396 K 1472 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AERTSr64.exe 1,840 K 3,652 K 1380 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics
 
 
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       476 N/A                                         
csrss.exe                      640 N/A                                         
wininit.exe                    732 N/A                                         
csrss.exe                      752 N/A                                         
winlogon.exe                   804 N/A                                         
services.exe                   848 N/A                                         
lsass.exe                      856 KeyIso, SamSs, VaultSvc                     
lsm.exe                        864 N/A                                         
svchost.exe                    972 DcomLaunch, PlugPlay, Power                 
nvvsvc.exe                     144 NVSvc                                       
svchost.exe                    352 RpcEptMapper, RpcSs                         
svchost.exe                    520 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                    632 AudioEndpointBuilder, Netman, PcaSvc,       
                                   SysMain, TrkWks, UxSms, Wlansvc, wudfsvc    
svchost.exe                    368 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc    
svchost.exe                   1044 AeLookupSvc, Appinfo, BITS, Browser,        
                                   EapHost, gpsvc, IKEEXT, iphlpsvc,           
                                   LanmanServer, ProfSvc, Schedule, SENS,      
                                   ShellHWDetection, Themes, Winmgmt, wuauserv 
NvXDSync.exe                  1228 N/A                                         
nvvsvc.exe                    1240 N/A                                         
svchost.exe                   1440 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
AvastSvc.exe                  1544 avast! Antivirus                            
wlanext.exe                   1552 N/A                                         
conhost.exe                   1560 N/A                                         
spoolsv.exe                   1676 Spooler                                     
svchost.exe                   1704 BFE, DPS, MpsSvc                            
taskhost.exe                  1748 N/A                                         
eEBSvc.exe                    1888 EpsonBidirectionalService                   
armsvc.exe                    1472 AdobeARMservice                             
dwm.exe                       1512 N/A                                         
AERTSr64.exe                  1380 AERTFilters                                 
explorer.exe                  1872 N/A                                         
devmonsrv.exe                 2108 Bluetooth Device Monitor                    
svchost.exe                   2164 bthserv                                     
svchost.exe                   2236 DiagTrack                                   
EvtEng.exe                    2284 EvtEng                                      
NOBuAgent.exe                 2328 NOBU                                        
daemonu.exe                   2468 nvUpdatusService                            
RegSrvc.exe                   2508 RegSrvc                                     
SftService.exe                2980 SftService                                  
sftvsa.exe                    3192 sftvsa                                      
nvSCPAPISvr.exe               3460 Stereo Service                              
svchost.exe                   3812 stisvc                                      
WLIDSVC.EXE                   3860 wlidsvc                                     
obexsrv.exe                   4020 Bluetooth OBEX Service                      
MBAMService.exe               4080 MBAMService                                 
sftlist.exe                   2436 sftlist                                     
mbamtray.exe                  3124 N/A                                         
CVHSVC.EXE                    2796 cvhsvc                                      
WLIDSVCM.EXE                  2516 N/A                                         
unsecapp.exe                  2888 N/A                                         
svchost.exe                    292 PolicyAgent                                 
WmiPrvSE.exe                  4136 N/A                                         
svchost.exe                   4532 FDResPub, QWAVE, SSDPSRV                    
rundll32.exe                  4632 N/A                                         
STService.exe                 5048 N/A                                         
SynTPEnh.exe                  5092 N/A                                         
RtkNGUI64.exe                 4892 N/A                                         
RAVBg64.exe                   3440 N/A                                         
SearchIndexer.exe             3520 WSearch                                     
igfxtray.exe                  3448 N/A                                         
hkcmd.exe                     4332 N/A                                         
igfxpers.exe                  2172 N/A                                         
FF_Protection.exe             2780 N/A                                         
rundll32.exe                  4240 N/A                                         
wmpnetwk.exe                  2096 WMPNetworkSvc                               
iFrmewrk.exe                  4284 N/A                                         
SynTPHelper.exe               5248 N/A                                         
quickset.exe                  5324 N/A                                         
E_IATIGMA.EXE                 5552 N/A                                         
mediasrv.exe                  5624 Bluetooth Media Service                     
SignalIslandUi.exe            5636 N/A                                         
btplayerctrl.exe              5148 N/A                                         
brs.exe                       2848 N/A                                         
unsecapp.exe                  5384 N/A                                         
AvastUI.exe                   5356 N/A                                         
LMS.exe                       4128 LMS                                         
TurboBoost.exe                4644 TurboBoost                                  
PresentationFontCache.exe     4396 FontCache3.0.0.0                            
UNS.exe                       5548 UNS                                         
CVH.EXE                       7132 N/A                                         
OFFICEVIRT.EXE                4448 N/A                                         
OSPPSVC.EXE                   3896 osppsvc                                     
chrome.exe                    2408 N/A                                         
chrome.exe                    6616 N/A                                         
chrome.exe                    6732 N/A                                         
chrome.exe                    1060 N/A                                         
chrome.exe                    4680 N/A                                         
audiodg.exe                   1340 N/A                                         
cmd.exe                       3036 N/A                                         
conhost.exe                   4896 N/A                                         
tasklist.exe                  6240 N/A                                         
WmiPrvSE.exe                  5032 N/A    
 
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/02/2017 5:46:09 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/02/2017 8:51:07 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 10/02/2017 8:51:07 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Log: 'System' Date/Time: 10/02/2017 8:48:31 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.
 
Log: 'System' Date/Time: 10/02/2017 8:46:28 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 10/02/2017 8:46:22 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Log: 'System' Date/Time: 10/02/2017 8:43:55 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Log: 'System' Date/Time: 10/02/2017 8:40:59 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service vds with arguments "" in order to run the server: {7D1933CB-86F6-4A98-8628-01BE94C9A575}
 
Log: 'System' Date/Time: 10/02/2017 8:40:46 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Virtual Disk service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 10/02/2017 8:40:46 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Virtual Disk service to connect.
 
Log: 'System' Date/Time: 10/02/2017 8:40:01 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 10/02/2017 8:39:46 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Application Virtualization Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 10/02/2017 8:39:46 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
 
Log: 'System' Date/Time: 10/02/2017 8:33:18 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Avast Antivirus service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 10/02/2017 8:33:18 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Avast Antivirus service to connect.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/02/2017 8:30:09 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 
Log: 'System' Date/Time: 10/02/2017 8:26:35 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 10/02/2017 8:22:26 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 10/02/2017 8:22:26 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/02/2017 5:49:18 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/02/2017 10:38:31 AM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. (Stream product id=0x0066): Streaming Failed
 
Log: 'Application' Date/Time: 10/02/2017 10:38:00 AM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. Too many failures while downloading ranges: 2
 
Log: 'Application' Date/Time: 10/02/2017 9:28:40 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950 Exception code: 0xc0000005 Fault offset: 0x0000000000023c00 Faulting process id: 0x550 Faulting application start time: 0x01d28379a7f92eda Faulting application path: C:\Windows\system32\CompatTelRunner.exe Faulting module path: C:\Windows\system32\devinv.dll Report Id: 4e596414-ef73-11e6-bd5d-88532e0a244e
 
Log: 'Application' Date/Time: 10/02/2017 9:03:53 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program AvastUI.exe version 12.3.3154.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.  Process ID: 11b4  Start Time: 01d2837ac21cb9b3  Termination Time: 60000  Application Path: C:\Program Files\AVAST Software\Avast\AvastUI.exe  Report Id: 9a6d3e23-ef6f-11e6-bd5d-88532e0a244e 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/02/2017 10:46:43 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.
 
Log: 'Application' Date/Time: 10/02/2017 10:46:43 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...
 
Log: 'Application' Date/Time: 10/02/2017 10:46:43 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.
 
Log: 'Application' Date/Time: 10/02/2017 10:38:31 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Load range failed: 345467653 1051087 : [SoftGrid Error: 0x0000000000006004 in Module: Net Transport Agent, File: sftworkitemdecorators.cpp:112]
 
Log: 'Application' Date/Time: 10/02/2017 10:38:00 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Load range failed: 345467653 1051087 : [SoftGrid Error: 0x0000000000006004 in Module: Net Transport Agent, File: sftworkitemdecorators.cpp:112]
 
Log: 'Application' Date/Time: 10/02/2017 10:37:30 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Load range failed: 345467653 1051087 : [SoftGrid Error: 0x0000000000006004 in Module: Net Transport Agent, File: sftworkitemdecorators.cpp:112]
 
Log: 'Application' Date/Time: 10/02/2017 10:36:23 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=AD4}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ADMIN-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 10/02/2017 10:36:12 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=AD4}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 10/02/2017 8:22:02 AM
Type: Warning Category: 3
Event: 3219 Source: Application Virtualization Client
{tid=1170}
Failed unregistering callback tracking connected process termination (error: 997).
 
                                    
 
 
 
 

 

 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,715 posts
  • MVP

Please continue with the remaining steps  It will help figure out why SFC doesn't finish happily.

 

Speccy says your PC is running a bit hot at idle.  58 degrees.  I expect the temps will climb under load.  This is usually caused by the heatsink clogging up with dust where the fan blows in to it.

Also your hard drive is dying.  Time to clone it and replace it.  We can get a second opinion with Speedfan:

 

See if you can get Speedfan to work:
 
 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin.).
 
It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray
 
Click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform and In-depth Online Analysis of this hard disk.  Your browser will open.
 
At the bottom of the new page will be a line:  
 
The link to get back and see a new report about this hard disk in the future is this.
 
Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).

  • 0

#5
scgal

scgal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Here is the link, thank you.

 

http://www.hddstatus...cation=68D5240E


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,715 posts
  • MVP

They seem to agree that your drive is going:

 

SERIOUS ISSUE : your hard disk has 690 reallocated sectors. Hard disks do have spare sectors (usually from 256 up to 2560) used to replace bad ones. This remapping operation is transparent to the end user. Anyway, this can lead to degraded performances (because remapped sectors are in different places of the disk than the original ones and the head needs additional moving). If reallocated sectors grow over time, you might encounter some serious troubles. A backup of the most important data is suggested anyway.

The overall fitness for this drive is 0%.
The overall performance for this drive is 100%.

 

 

They aren't as worried as I am about your other errors but I'm pretty sure that if the drive has trouble with read errors that means iti has to reread a section which takes time and slows things down.

 

 

Short term back up everything you don't want to lose then buy a new drive preferably a Western Digital Black ( they really do seem to be better and last longer) 
Amazon has one that will work and give you some extra space and a boost in speed for about $70:
WD Black 1TB Performance Mobile Hard Disk Drive - 7200 RPM SATA 6 Gb/s 32MB Cache 9.5 MM 2.5 Inch - WD10JPLX
by Western Digital
$ 69 99 
 
If cost is a problem then you can get a WD Blue 750GB Mobile Hard Disk Drive - 5400 RPM SATA 6 Gb/s 9.5 MM 2.5 Inch - WD7500BPVX
by Western Digital
$ 49 99
 
(Just avoid Seagate.  They may be slightly cheaper but they don't last.)
 
and a USB to SATA adapter 
 
Amazon has lots.  Here is one for $12
 
StarTech USB 3.0 to 2.5" SATA III Hard Drive Adapter Cable w/ UASP - SATA to USB 3.0 Converter for SSD/HDD - Hard Drive Adapter Cable
 
and clone the drive.  You can use the program from your new hard drive or even from Seagate or you can use one of the free ones:
 
 
 
Some of them require you to boot from a CD or USB drive (it's faster that way but others like aomei can clone from within windows.
 
You plug the new drive into the usb adapter and the adapter into your PC's USB jack.  Run Speedfan and have it look at your new drive with its SMART tab and verify that it is a good drive.   Run the cloning software.  (Make sure you know the source drive is the old drive and the destination is the new.
 
Once the cloning software finishes you shut it down, use a small Phillips screw driver to remove the 2 screws that hold the cover on the drive, remove the screws (may be 2 more screws).  Often the drive is in a carrier so you need to remove 4 more screws.  Keep the screws separate since they may be different sizes.  Remove the old drive, install the new.  Boot up and run a disk check.  
 

 

Did you look at your temps under a load (run an anti-virus scan or watch a video)  Do they get up over 70?  If so it will need cleaning or perhaps a cooler tray.

  • 0

#7
scgal

scgal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Thank you for all your help and the info on replacing the drive. It started crashing yesterday, I got a message to backup immediately, then it either shut down or froze, can't remember now. I hope I can get it started today and save a few files and bookmarks. I was able to watch a couple of videos last night on cleaning it. I've done desktops for years but never opened a laptop. I'll probably just replace the drive since it will take me awhile to decide on a new laptop and get a good price. I really appreciate your time in helping me.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP